www.mcafee.com Open in urlscan Pro
23.205.250.154 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Effective URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Submission: On April 19 via api (April 19th 2022, 10:50:12 pm UTC) from US — Scanned from DE

Summary HTTP 202 Redirects Links 52 Behaviour Indicators

Summary

This website contacted 41 IPs in 5 countries across 36 domains to perform 202 HTTP transactions. The main IP is 23.205.250.154, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.mcafee.com.
TLS certificate: Issued by McAfee OV SSL CA 2 on May 21st 2020. Valid for: 2 years.

This is the only time www.mcafee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.69.25.99 161.69.25.99	7754 (MCAFEE) (MCAFEE)
78	23.205.250.154 23.205.250.154	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:350... 2a02:26f0:3500:591::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:170... 2a02:26f0:1700:391::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dc7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:710... 2a02:26f0:7100:59a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	34.255.235.57 34.255.235.57	16509 (AMAZON-02) (AMAZON-02)
2	54.82.204.65 54.82.204.65	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.98.109 143.204.98.109	16509 (AMAZON-02) (AMAZON-02)
9	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2a27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	104.75.88.194 104.75.88.194	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.220.215.179 54.220.215.179	16509 (AMAZON-02) (AMAZON-02)
3	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	34.248.191.66 34.248.191.66	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	104.208.16.0 104.208.16.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4	34.193.254.175 34.193.254.175	14618 (AMAZON-AES) (AMAZON-AES)
1	216.239.38.21 216.239.38.21	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	54.77.70.77 54.77.70.77	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:6e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	143.204.101.31 143.204.101.31	16509 (AMAZON-02) (AMAZON-02)
1 1	2.21.20.200 2.21.20.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.21.20.197 2.21.20.197	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dcd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dc9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
202	41

1 161.69.25.99 (United States) 1 redirects

ASN7754 (MCAFEE, US)

securingtomorrow.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

78 23.205.250.154 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-250-154.deploy.static.akamaitechnologies.com

www.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:391::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0217991c.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dc7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:59a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.255.235.57 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-235-57.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.82.204.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-204-65.compute-1.amazonaws.com

api2932.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-109.fra50.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2a27 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.75.88.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.220.215.179 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-215-179.eu-west-1.compute.amazonaws.com

mcafeeinc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.191.66 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.208.16.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cu1pehnsweb01.servicebus.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.193.254.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-254-175.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.38.21 (United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2615.1e100.net

jelly.mdhv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.70.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-70-77.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:6e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-31.fra50.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.20.200 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-200.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.20.197 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-197.deploy.static.akamaitechnologies.com

xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dcd (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dc9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	mcafee.com 1 redirects securingtomorrow.mcafee.com www.mcafee.com smetrics.mcafee.com	733 KB
14	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 980	137 KB
9	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	712 B
8	google.de www.google.de — Cisco Umbrella Rank: 5383	1 KB
8	google.com www.google.com — Cisco Umbrella Rank: 4	1 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 stats.g.doubleclick.net — Cisco Umbrella Rank: 95	9 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	296 KB
7	gstatic.com fonts.gstatic.com	56 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	375 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 491	118 KB
5	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 436	87 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1956 xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1953 fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3894	6 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 216 mcafeeinc.demdex.net — Cisco Umbrella Rank: 244528	6 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 482 www.linkedin.com — Cisco Umbrella Rank: 603 px4.ads.linkedin.com — Cisco Umbrella Rank: 4702	3 KB
3	d41.co api2932.d41.co — Cisco Umbrella Rank: 841041 cdn-0.d41.co — Cisco Umbrella Rank: 16237	77 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3990	60 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 975 pixel.quantserve.com — Cisco Umbrella Rank: 423	10 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 327	800 B
2	windows.net cu1pehnsweb01.servicebus.windows.net — Cisco Umbrella Rank: 224711	309 B
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 13709 apt.techtarget.com — Cisco Umbrella Rank: 19110	2 KB
2	t.co t.co — Cisco Umbrella Rank: 476	437 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 524	433 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 104	32 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1272 c.go-mpulse.net — Cisco Umbrella Rank: 558	52 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 238	82 KB
1	akstat.io 0217991c.akstat.io — Cisco Umbrella Rank: 55642	201 B
1	cloudfront.net d6tizftlrpuof.cloudfront.net	3 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 903	1 KB
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 3338	24 KB
1	mdhv.io jelly.mdhv.io — Cisco Umbrella Rank: 5353	235 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1009	517 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 619	10 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 913	3 KB
202	36

	Domain	Requested by
78	www.mcafee.com	www.mcafee.com s.go-mpulse.net
14	tags.tiqcdn.com	www.mcafee.com tags.tiqcdn.com
9	www.facebook.com	www.mcafee.com
8	www.google.de	www.mcafee.com
8	www.google.com	www.mcafee.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com tags.tiqcdn.com
7	googleads.g.doubleclick.net	www.googleadservices.com
7	fonts.gstatic.com	fonts.googleapis.com
5	connect.facebook.net	www.mcafee.com connect.facebook.net
5	assets.adobedtm.com	www.mcafee.com assets.adobedtm.com
5	cdn.jsdelivr.net	www.mcafee.com
4	tags.srv.stackadapt.com	tags.tiqcdn.com tags.srv.stackadapt.com s.go-mpulse.net
3	smetrics.mcafee.com	s.go-mpulse.net www.mcafee.com assets.adobedtm.com
3	dpm.demdex.net	assets.adobedtm.com www.mcafee.com
3	static.addtoany.com	www.mcafee.com static.addtoany.com
3	fonts.googleapis.com	www.mcafee.com
2	www.google-analytics.com	www.googletagmanager.com s.go-mpulse.net
2	idsync.rlcdn.com	2 redirects
2	cu1pehnsweb01.servicebus.windows.net	s.go-mpulse.net
2	api2932.d41.co	assets.adobedtm.com cdn-0.d41.co
2	px.ads.linkedin.com	2 redirects
2	t.co	www.mcafee.com
2	analytics.twitter.com	www.mcafee.com
2	www.googleadservices.com	www.mcafee.com www.googletagmanager.com
2	cdnjs.cloudflare.com	www.mcafee.com cdnjs.cloudflare.com
1	fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	0217991c.akstat.io	s.go-mpulse.net
1	d6tizftlrpuof.cloudfront.net	www.mcafee.com
1	stats.g.doubleclick.net	s.go-mpulse.net
1	pixel.quantserve.com	www.mcafee.com
1	rules.quantcount.com	secure.quantserve.com
1	w.usabilla.com	www.mcafee.com
1	secure.quantserve.com	tags.tiqcdn.com
1	jelly.mdhv.io	www.mcafee.com
1	apt.techtarget.com	www.mcafee.com
1	cm.everesttech.net	1 redirects
1	mcafeeinc.demdex.net	assets.adobedtm.com
1	trk.techtarget.com	www.mcafee.com
1	cdn-0.d41.co	assets.adobedtm.com
1	px4.ads.linkedin.com	www.mcafee.com
1	www.linkedin.com	1 redirects
1	c.go-mpulse.net	s.go-mpulse.net
1	static.ads-twitter.com	www.mcafee.com
1	snap.licdn.com	www.mcafee.com
1	s.go-mpulse.net	www.mcafee.com
1	securingtomorrow.mcafee.com	1 redirects
202	49

This site contains links to these domains. Also see Links.

Domain
careers.mcafee.com
ir.mcafee.com
service.mcafee.com
forums.mcafee.com
home.mcafee.com
techmaster.mcafee.com
securingtomorrow.mcafee.com
attack.mitre.org
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.youtube.com
www.addtoany.com

Subject Issuer	Validity	Valid
www.mcafee.com McAfee OV SSL CA 2	`2020-05-21` - `2022-05-21`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-27` - `2022-04-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.d41.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-01` - `2023-03-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
smetrics.mcafee.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-16` - `2023-01-16`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
servicebus.windows.net Microsoft Azure TLS Issuing CA 05	`2022-04-12` - `2023-04-07`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
jelly.mdhv.io GTS CA 1D4	`2022-04-11` - `2022-07-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
w.usabilla.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Frame ID: F4CC2F3D517D8A05608F46CE3CBA7EFF
Requests: 193 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 91269D37CD985099E6711F250C2F924F
Requests: 1 HTTP requests in this frame

Frame: https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Frame ID: CA62CE7488FFB3B0D2708A01110C2CC0
Requests: 2 HTTP requests in this frame

Frame: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Frame ID: 156CFD28F453455BA254FC170121164C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: EA952DA2D655C2EB28B51D86C8950FD8
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: EAA5E0B1229D0DFEBEDA02AE0BB72C6A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: E51D0628DE8BC8DF950794C9F79BE8B2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: E4A0A2C44CDB3ECA127C2DA32E7B1074
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Frame ID: 6B9BBDCA7EEF0D913A7775C43AEEC733
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide

Page URL History Show full URLs

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-stea... HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-t... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

202
Requests

98 %
HTTPS

50 %
IPv6

36
Domains

49
Subdomains

41
IPs

5
Countries

2207 kB
Transfer

5859 kB
Size

45
Cookies

52 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.mcafee.com/
Title: Search Job Openings

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/life-at-mcafee
Title: Life at McAfee

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-teams
Title: Our Teams

Search URL Search Domain Scan URL

URL: https://careers.mcafee.com/our-locations
Title: Our Locations

Search URL Search Domain Scan URL

URL: https://ir.mcafee.com/
Title: Investors

Search URL Search Domain Scan URL

URL: https://service.mcafee.com/
Title: Consumer Support

Search URL Search Domain Scan URL

URL: https://forums.mcafee.com/
Title: Support Community

Search URL Search Domain Scan URL

URL: https://home.mcafee.com/Secure/MyAccount/DashBoard.aspx?culture=en-us
Title: Login

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/Subscription
Title: TechMaster Concierge

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/mcafee-labs/global-malware-campaign-pilfers-data-from-critical-infrastructure-entertainment-finance-health-care-and-other-industries
Title: “Global Malware Campaign Pilfers Data from Critical Infrastructure, Entertainment, Finance, Health Care, and Other Industries.”

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-1.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-2.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-3.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-4.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-5.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-6.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-7.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-8.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-9.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-10.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-11.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-12.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-13.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-14.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-15.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-16.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-17.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-18.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-19.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-20.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-21.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-22.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-23.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-24.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-25.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-26.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-27.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-28.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-29.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-30.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-31.png

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/wp-content/uploads/2018/04/20180412-GhostSecret-32.png

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/wiki/Main_Page
Title: MITRE ATT&CK

Search URL Search Domain Scan URL

URL: http://www.facebook.com/mcafee

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee_home

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mcafee/?hl=en

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee?trk=prof-exp-company-name

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mcafee4consumers

Search URL Search Domain Scan URL

URL: https://www.facebook.com/McAfee/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mcafee/

Search URL Search Domain Scan URL

URL: https://techmaster.mcafee.com/subscription
Title: McAfee® Techmaster Concierge

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/ HTTP 301
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1650408602555%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs%252Fother-blogs%252Fmcafee-labs%252Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQIB5qkIz8WhGwAAAYBEBL3-9-hmla2-Gb_2ACtAOe6Iy_S82Xh1gplyADYFEegdgvR4F31H

Request Chain 122

https://cm.everesttech.net/cm/dd?d_uuid=89792275559063424790455786507776896401 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88mgAAAMBBwAQA

Request Chain 150

https://idsync.rlcdn.com/365868.gif?partner_uid=89792275559063424790455786507776896401 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODk3OTIyNzU1NTkwNjM0MjQ3OTA0NTU3ODY1MDc3NzY4OTY0MDEQABoNCJv5_JIGEgUI6AcQAEIASgA HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=1292d24c2937eeace0c13d0c8f4a6136fdac2c4642fc9a21dfd77c12e2a456b0b0da87c991749652

Request Chain 199

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pmglndjp2 HTTP 302
https://xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 200

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pmglndjp2 HTTP 302
https://fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net/eum/results.txt

202 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Redirect Chain

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

198 KB
38 KB

842ms
799ms

Document
text/html

23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

326dc8f9a28bb9c1fedd5cdb62b5a00f974078e1c40550763d3d2d9b6853b67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 37074
content-type: text/html; charset=UTF-8
date: Tue, 19 Apr 2022 22:50:01 GMT
expires: Tue, 19 Apr 2022 22:50:01 GMT
last-modified: Tue, 19 Apr 2022 21:02:09 GMT
link: <https://www.mcafee.com/blogs/wp-json/>; rel="https://api.w.org/"
referrer-policy: no-referrer-when-downgrade
server: Apache
server-timing: cdn-cache; desc=REVALIDATE edge; dur=6 origin; dur=660
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mTOE,1mRUM,2
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 330
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 Apr 2022 22:50:00 GMT
Location: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Server: Apache

GET
H2 200 main.min.css
www.mcafee.com/enterprise/www/css/ 79 KB
15 KB 12ms
10ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/main.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

02af54bc2bacd59ea605b64bf5a3b880b6d6bae73e5c24a52b49ca2d6d7d3844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 14909
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Jan 2022 23:38:23 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "13b7c-5d6e947bf59c0-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-includes/css/dist/block-library/ 81 KB
11 KB 17ms
13ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 11204
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Apr 2022 06:39:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 22:02:43 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/ 27 KB
4 KB 22ms
19ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.5.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3267
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 15:37:37 GMT

GET
H2 200 dashicons.min.css
www.mcafee.com/blogs/wp-includes/css/ 58 KB
35 KB 26ms
23ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/css/dashicons.min.css?ver=5.9.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 35749
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 03:54:27 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 21:23:34 GMT

GET
H2 200 wpmm.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/css/ 71 KB
10 KB 31ms
27ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/css/wpmm.css?ver=1.3.7

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ee51b51995f3768e62a8ab777746d972874bace6cd2482629f6e58f37b65e758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9844
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Wed, 19 Apr 2023 12:25:15 GMT

GET
H2 200 wp-megamenu.css
www.mcafee.com/blogs/wp-content/uploads/wp-megamenu/ 18 KB
2 KB 35ms
31ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/wp-megamenu/wp-megamenu.css?ver=1.3.7

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1625
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 25 Jan 2022 05:30:03 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 wpmm-featuresbox.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 868 B
684 B 39ms
35ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 322
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 16:29:07 GMT

GET
H2 200 wpmm-gridpost.css
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 6 KB
2 KB 44ms
40ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1484
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 11:51:08 GMT

GET
H2 200 style.min.css
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 2 KB
882 B 48ms
44ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/style.min.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 519
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Feb 2022 08:49:12 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 21:23:34 GMT

GET
H2 200 style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/ 28 KB
6 KB 52ms
48ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/style.css?ver=5.9.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5824
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 23 Jul 2021 05:58:51 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 17:29:35 GMT

GET
H2 200 front.css
www.mcafee.com/blogs/wp-content/plugins/super-socializer/css/ 73 KB
21 KB 56ms
52ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/super-socializer/css/front.css?ver=7.13.16

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

282656d5ab704ddf2bead855584893e798b59b9b1494b5cf40f73230cc571ee2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 20874
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 19:40:14 GMT

GET
H2 200 addtoany.min.css
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 1 KB
825 B 60ms
56ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 462
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 19:43:30 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
950 B 137ms
49ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f66a48a13c4d8604a7f8f41bc198bf10044fc4dd7c0dfc8f8a1d3adc8be91941

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:04:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 19 Apr 2022 22:50:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 136ms
48ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A200%2C300%2Cregular%2C500%2C600%2C700&ver=1.3.7

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8230dd99a840ebad43aacb1e94192f44d5dd12393a1c0e638feaed0014878d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 22:12:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 19 Apr 2022 22:50:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 87 KB
88 KB 63ms
60ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 89501
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/ 11 KB
11 KB 79ms
76ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/jquery-updater/js/jquery-migrate-3.3.2.min.js?ver=3.3.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 11224
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:02:43 GMT

GET
H2 200 addtoany.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/add-to-any/ 129 B
480 B 83ms
80ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 129
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 19:40:15 GMT

GET
H2 200 wpmm-featuresbox.js Show response
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 488 B
840 B 87ms
84ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 488
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 20:03:31 GMT

GET
H2 200 wpmm-gridpost.js Show response
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 2 KB
3 KB 91ms
88ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 2493
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 19:40:15 GMT

GET
H2 200 script.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/ 925 B
1 KB 94ms
92ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown-click/script.min.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Feb 2022 08:49:12 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 925
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 20:55:16 GMT

GET
H2 200 blog.css
www.mcafee.com/enterprise/www/css/ 21 KB
5 KB 70ms
68ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/blog.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4753909d47b250070815b12b4b69fa0500302f30795fa77ccde3227fd10ec3ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5007
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Feb 2022 21:22:42 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "55aa-5d6fb8058ec80-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/ 158 KB
25 KB 57ms
23ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2554098
x-jsd-version: 4.6.1
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19177-FRA, cache-hhn4054-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"278e1-H7g/xZXPKL+TYth2EOrfo7e7vlk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skKmgxjHi9tyn7T%2Fp09wf%2BD6XcoV4Lr21XecBvzFLL2oDa8fUzkcN0T2mRUeNSdB%2BixPaFQZdYhTpGM3nvi194o3eZFvn4pODle5Xvx3wcYQi4KBelY1jFJifmK5CYO4OQVajVUyEf3uGypSADg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6fe932630c409b8f-FRA

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 52ms
19ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4366120
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cncLdB%2BjhXytrx%2B1%2BTkRtzC0fKNUPzQv%2FGbCacqeV80xvUfyzRQri5RT189f2jW195dZXvaryVxSjnkg5StkHmIBlPlD6UbJqp%2FBsJR4IMGX6wzYtZDvBG3Fy99BrHoMNX4kCINzTUuTUO5cfkZgy%2BTt"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6fe932630e825b38-FRA
expires: Sun, 09 Apr 2023 22:50:02 GMT

GET
H2 200 static_nav.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 53 KB
8 KB 73ms
72ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 7985
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 22 Jan 2022 05:57:56 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 19:12:25 GMT

GET
H2 200 static_footer.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 18 KB
3 KB 74ms
72ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_footer.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2840
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 07 Jan 2022 13:21:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 22:25:03 GMT

GET
H2 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 54ms
21ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=5.6.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2554100
x-jsd-version: 1.8.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19175-FRA, cache-hhn4068-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0N%2But%2BLbFoNxF1RxuZMYpy3ktX3aNKGLH2x7F%2Fk6umsikzME7eiJo1bSuyKYQtKSwkbZGgd8VK%2FDFxSamVx%2FFLoPhr%2Fc2GyVzRFpGL1h5vM%2Bj%2F4sDDAnYdqyQjIhBGjNb0Hu5UgMkLXwMGAqKq8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6fe9326308c39164-FRA

GET
H2 200 newtheme-style.css
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/ 80 KB
14 KB 97ms
96ms Stylesheet
text/css 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e906436e21a8490ebb646535185815624343377d407320f064f69045f3332f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 13865
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Apr 2022 10:06:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: max-age=14400, public
accept-ranges: bytes
expires: Wed, 19 Apr 2023 21:08:23 GMT

GET
H2 200 McAfeeHzRed.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 3 KB
3 KB 47ms
42ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/McAfeeHzRed.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 13:48:31 GMT
server: Apache
x-frame-options: DENY
etag: "b88-5dc896ed09fb0"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=31536000
date: Tue, 19 Apr 2022 22:50:02 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 2952
x-mcafee-cache: 365-days
expires: Wed, 19 Apr 2023 22:50:02 GMT

GET
H2 200 chevron-up-black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 265 B
601 B 50ms
45ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/chevron-up-black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 23 Jul 2021 05:58:51 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 265
x-content-type-options: nosniff
expires: Sat, 16 Apr 2022 21:02:00 GMT

GET
H2 200 search_icon_black.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 54ms
49ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/search_icon_black.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5c911eb39ad184a724aac53d6e259a6c1598d9d4341ca481f9db71e22c76b6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 09 Nov 2021 07:08:51 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1211
x-content-type-options: nosniff
expires: Thu, 19 May 2022 09:43:05 GMT

GET
H2 200 cross-grey-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 447 B
783 B 59ms
54ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/cross-grey-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 28 Jul 2021 11:04:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 447
x-content-type-options: nosniff
expires: Tue, 10 May 2022 11:41:58 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1 KB 62ms
57ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 26 Jul 2021 04:39:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1087
x-content-type-options: nosniff
expires: Fri, 13 May 2022 21:37:17 GMT

GET
H2 200 facebook.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 691 B
919 B 66ms
62ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

c2360a63214a4c506ea53b464da6013fad961ec65f5ac3132f2d161b70e20b86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 17 Aug 2021 05:32:24 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2357743
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 691
expires: Tue, 17 May 2022 05:45:45 GMT

GET
H2 200 linkedin.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 775 B
1003 B 71ms
67ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

6f5900b58770638d1557e62f3a54eb5d2565562eb8050e68d63954dbf6ee77d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 17 Aug 2021 05:32:23 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2357730
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 775
expires: Tue, 17 May 2022 05:45:32 GMT

GET
H2 200 twitter.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 806 B
1 KB 76ms
71ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ff91452f83ca176dd6aef8ddca1f0eef9b1a7edade26ca0167e1e93485ed088c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 17 Aug 2021 05:32:33 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2358005
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 806
expires: Tue, 17 May 2022 05:50:07 GMT

GET
H2 200 email.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 734 B
962 B 81ms
76ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/email.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

c48dfe2811b178d0d09b499f4c07d74f6c417e4bc14eafce2b3c94781548bd7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 17 Aug 2021 05:32:34 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2357547
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 734
expires: Tue, 17 May 2022 05:42:29 GMT

GET
H2 200 link.png
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 844 B
1 KB 87ms
82ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/link.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

c776499873d7afef2f42887296b1a505c237a4dd3f2fe60c8c34116dd9e9a3ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 19 Oct 2021 15:20:28 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=837181
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 844
expires: Fri, 29 Apr 2022 15:23:03 GMT

GET
H2 200 facebook-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 509 B
839 B 91ms
87ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/facebook-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7d96d2e1b074aae1837dca30f5a377b312196ebec0060a99c7d64655bae7c05b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 509
x-content-type-options: nosniff
expires: Thu, 21 Apr 2022 04:43:27 GMT

GET
H2 200 twitter-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 2 KB
2 KB 95ms
91ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/twitter-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

48a3f2f17c97ab0f447cbf07748755c5fb27841a0f20149519bd6f4be5274e9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1595
x-content-type-options: nosniff
expires: Fri, 13 May 2022 08:10:49 GMT

GET
H2 200 instagram-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 3 KB
4 KB 100ms
96ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/instagram-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c8801a050e21e0e0aef39f1517a6dcce6d56a71950460282d873f4553cd98977

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 3442
x-content-type-options: nosniff
expires: Fri, 06 May 2022 09:15:01 GMT

GET
H2 200 linkedin-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 888 B
1 KB 104ms
100ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/linkedin-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

47826fb7ccc2189d0bedd25fc09c57b8dab9b03ce66d60f02af04f78f1001b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 888
x-content-type-options: nosniff
expires: Mon, 09 May 2022 21:19:47 GMT

GET
H2 200 youtube-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 993 B
1 KB 108ms
104ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/youtube-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8dbf13ee25ebb0469215de647614d72bc7828eefd22b2a2779b283e7a67af8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 993
x-content-type-options: nosniff
expires: Sat, 30 Apr 2022 20:34:13 GMT

GET
H2 200 rss-white.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 744 B
1 KB 111ms
107ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/rss-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 09 Aug 2021 11:05:19 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 744
x-content-type-options: nosniff
expires: Thu, 19 May 2022 18:58:15 GMT

GET
H2 200 300x200_Blog_ukrainescam.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/04/ 14 KB
14 KB 116ms
113ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/04/300x200_Blog_ukrainescam.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ae76c1a3226452722f7648a7a0d0a0bc030afaab66d0bf5f2a26146e3ec0303b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 01 Apr 2022 21:22:14 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=1031575
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 14224
expires: Sun, 01 May 2022 21:22:57 GMT

GET
H2 200 300x200_Blog_scamparty.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/03/ 16 KB
16 KB 121ms
118ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/03/300x200_Blog_scamparty.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

7716b50cc0675d22d9f9cf1224e282269b57a7d6a3a4541f3b9b48862df03419

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Thu, 10 Mar 2022 19:24:17 GMT
x-serial: 1128
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=1456493
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 16128
server: Akamai Image Manager
expires: Fri, 06 May 2022 19:24:55 GMT

GET
H2 200 300x200_Blog_phonenotifications.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 17 KB
17 KB 126ms
123ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_Blog_phonenotifications.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

d8d255d26500377962ab84e9578971dd558a5772b8d6bbbb8a16e98f55a3611b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Thu, 24 Feb 2022 00:16:27 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2511142
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 17006
expires: Thu, 19 May 2022 00:22:24 GMT

GET
H2 200 300x200_maskingIP.jpg
www.mcafee.com/blogs/wp-content/uploads/2022/02/ 20 KB
21 KB 131ms
127ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2022/02/300x200_maskingIP.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

b6008a46367feb68269adff71ca0507a7ffa2fafffa8c3af83a4f6f6518936e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 04 Feb 2022 22:57:46 GMT
x-serial: 1589
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2067083
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 20746
server: Akamai Image Manager
expires: Fri, 13 May 2022 21:01:25 GMT

GET
H2 200 300x200_HANCITOR.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/12/ 14 KB
14 KB 136ms
133ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/12/300x200_HANCITOR.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

f266dd76093d18576935f25c75b429165ae83e5630b6e723f282c5e2eeb00c1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 25 Jan 2022 05:44:32 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2067183
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 14448
expires: Fri, 13 May 2022 21:03:05 GMT

GET
H2 200 300x200_SeasonforScams.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 23 KB
23 KB 142ms
139ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/300x200_SeasonforScams.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

24d11f91b5546461b004b858c726ef1228ca8fa47e5e09b2e39f3789c9413447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 25 Jan 2022 05:44:33 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2067006
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 23198
expires: Fri, 13 May 2022 21:00:08 GMT

GET
H2 200 300x200_Squirrelwaffle.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/11/ 12 KB
13 KB 147ms
144ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/11/300x200_Squirrelwaffle.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

89b9296a15088c3885813778cff511c9ed386423aa985e3c4a374295163fcd51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Thu, 17 Mar 2022 20:58:17 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2067060
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 12564
expires: Fri, 13 May 2022 21:01:02 GMT

GET
H2 200 300x200_AndroidGaming.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/10/ 9 KB
9 KB 152ms
149ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/10/300x200_AndroidGaming.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

e26c61587827a4d320d0766a1d979cdcdf9ca93cd7323e2aff6822b7ba39b15f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 18 Feb 2022 20:58:09 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2067007
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9132
expires: Fri, 13 May 2022 21:00:09 GMT

GET
H2 200 300x200_powerpoint.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 14 KB
15 KB 159ms
156ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_powerpoint.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

a535c591be3492fdf85462e10f231e43c2e6e3becd254698dc508b9b7e15c3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 18 Feb 2022 20:58:08 GMT
x-serial: 1504
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2067126
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 14730
server: Akamai Image Manager
expires: Fri, 13 May 2022 21:02:08 GMT

GET
H2 200 300x200_MalwareMexico.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 10 KB
10 KB 165ms
162ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_MalwareMexico.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

d5cd84cc07e1b1de269767307530f3d99a79ea0387d98a4fb9e9b0f65cb09a23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 18 Feb 2022 20:58:08 GMT
x-serial: 71
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2067011
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10142
server: Akamai Image Manager
expires: Fri, 13 May 2022 21:00:13 GMT

GET
H2 200 300x200_MalwareIndia.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/09/ 6 KB
6 KB 170ms
167ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/09/300x200_MalwareIndia.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

6dc29b86dd6cb91a632a411bddaddb571dff296f2628cbc4f666c36ef54a6e3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Thu, 17 Mar 2022 20:52:42 GMT
x-serial: 1273
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2066609
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5862
server: Akamai Image Manager
expires: Fri, 13 May 2022 20:53:31 GMT

GET
H2 200 300x200_RiseofDeepLearning.jpg
www.mcafee.com/blogs/wp-content/uploads/2021/08/ 21 KB
22 KB 179ms
176ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2021/08/300x200_RiseofDeepLearning.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

485d3d9905192b37c2b35167d3f095bb1bc3804fb272e533342f182b5dce4165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 18 Feb 2022 20:58:07 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=2066891
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 21972
expires: Fri, 13 May 2022 20:58:13 GMT

GET
H2 200 logo-red.svg
www.mcafee.com/content/dam/consumer/en/company-logo/ 4 KB
4 KB 182ms
179ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/consumer/en/company-logo/logo-red.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
x-content-type-options: nosniff
last-modified: Thu, 14 Apr 2022 01:49:30 GMT
server: Apache
x-frame-options: DENY
etag: "e1a-5dc93813f3a5b"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=31536000
date: Tue, 19 Apr 2022 22:50:02 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 3610
x-mcafee-cache: 365-days
expires: Wed, 19 Apr 2023 22:50:02 GMT

GET
H2 200 backtotop.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 742 B
1000 B 187ms
185ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/backtotop.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

b948b4e3f54ac94c26f8ca688fb6f84974e5f95128bd291213562ada2b854c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 25 Jan 2022 06:03:45 GMT
x-serial: 1355
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=2067027
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 742
server: Akamai Image Manager
expires: Fri, 13 May 2022 21:00:29 GMT

GET
H2 200 navigation.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 2 KB
2 KB 11ms
11ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/navigation.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 24 Jan 2022 09:37:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1617
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 15:38:44 GMT

GET
H2 200 jquery.slim.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.5.1/dist/ 71 KB
25 KB 23ms
22ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2554075
x-jsd-version: 3.5.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19149-FRA, cache-hhn4052-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"11abc-z42YIVUtUbtQzlcuaWq6EwkGWAA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeiiJaulOwmc48UKUjt4FUgXSS%2FbabjJv9Jj0SBWwIvzeL3Ey8e74kZXm0m6r7rgGR%2BAyILNvUqht9Ai2thZ5Px2D0TjN71CmrxY14oK4L5yZmb4LUOOr%2Fe0EzJFl7eRflYlf7pOSVZkXnPtsLA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6fe93263bd499b8f-FRA

GET
H3 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/ 81 KB
23 KB 65ms
15ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2554099
x-jsd-version: 4.6.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"14535-A2PLWLentg73+/gri862MFIyUBo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TMyPpLmCKIeulYma1Io0jxC9adhiORQci40V3XxtoBsLBz6mklsYP9Hf8IC%2B3sXAcycUjA2FyvWMY37dqtGHcx8QLQcn5vxmo8U%2FRYIwM0243gHf3fvnKdPuotB2G5%2FA%2FDAPtABs688fmMk20s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6fe932647fc45b38-FRA

GET
H3 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 72ms
22ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=10faaf528e636a046163bdb6753031b2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2554104
x-jsd-version: 1.8.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=40zMXOssgbizktWR5kiw7i11D8Jfkhqb8B5vyEHCxN%2B9ZlNNoXlCsN9DlMRJn3AxvI7mhmBMdYEztpEvjMfwCeGIVnZ3Ej%2BeOJE0AY%2B3BmsRHb4tB3zH5g%2BFnas8WlRvjW6gr0VebosWLjykzIk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6fe9326479229a2d-FRA

GET
H2 200 launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js Show response
assets.adobedtm.com/ 335 KB
94 KB 58ms
6ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:50 GMT
server: AkamaiNetStorage
etag: "f4f97dfb86834a4f03017580725d0f33:1648761350.205862"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 95958
expires: Tue, 19 Apr 2022 23:50:02 GMT

GET
H2 200 mpp-frontend.js Show response
www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/ 331 B
683 B 16ms
9ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.5.0

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 331
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 hlst-extend.min.js Show response
www.mcafee.com/blogs/wp-content/plugins/highlight-search-terms/ 7 KB
7 KB 20ms
13ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/highlight-search-terms/hlst-extend.min.js?ver=1.5

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 6701
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 21:23:35 GMT

GET
H2 200 shortcodes.js Show response
www.mcafee.com/blogs/wp-content/plugins/social-polls-by-opinionstage/public/js/ 439 B
791 B 23ms
17ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.7.9

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:43 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 439
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 wpmm.js Show response
www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/js/ 8 KB
8 KB 27ms
21ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/wp-megamenu/assets/js/wpmm.js?ver=1.3.7

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b9e485828e3ab9be4f5285e9214960c209adae3a0e6332e869a5b104007008f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:38 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 7883
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 21:07:34 GMT

GET
H2 200 theme-script.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 4 KB
4 KB 31ms
25ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/theme-script.js?ver=5.9.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 23 Jul 2021 05:58:51 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 3736
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 19:23:47 GMT

GET
H2 200 skip-link-focus-fix.min.js Show response
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/ 325 B
677 B 34ms
29ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/js/skip-link-focus-fix.min.js?ver=20151215

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 23 Jul 2021 05:58:51 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 325
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 general.js Show response
www.mcafee.com/blogs/wp-content/plugins/super-socializer/js/front/social_login/ 1 KB
2 KB 38ms
33ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-content/plugins/super-socializer/js/front/social_login/general.js?ver=7.13.16

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 18 Jun 2021 04:03:39 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1433
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 16:04:26 GMT

GET
H2 200 FZlJEMRw Show response
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 84 KB
21 KB 46ms
41ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Resource Hash

fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Mon, 28 Feb 2022 19:29:24 GMT
etag: "a7a61709860c0c57ec0c92584ae4f1bc214dfc71043ea43843572e55d14841f6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=21600
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
content-length: 20456

GET
H2 200 wp-emoji-release.min.js Show response
www.mcafee.com/blogs/wp-includes/js/ 18 KB
18 KB 192ms
189ms Script
application/javascript 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 26 Jan 2022 06:39:27 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, public
content-disposition: inline
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 18181
x-content-type-options: nosniff
expires: Wed, 19 Apr 2023 22:17:31 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 67ms
21ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137510
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6fe932647d5b5ba4-FRA
cf-bgj: minify

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
981 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5d60ce49f261c72be59ec3eda251d9f890be64e5f98390633c391ae53ba5b0b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:02:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 19 Apr 2022 22:50:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H2 200 LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC Show response
s.go-mpulse.net/boomerang/ 204 KB
50 KB 60ms
7ms Script
application/javascript 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
last-modified: Tue, 18 Jan 2022 06:15:03 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50742

GET
H2 200 gray-arrowdwn.svg
www.mcafee.com/content/dam/en-us/test-assets/header-redesign/ 179 B
523 B 187ms
187ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/content/dam/en-us/test-assets/header-redesign/gray-arrowdwn.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://pam.mcafee.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/static_nav.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://pam.mcafee.com
x-content-type-options: nosniff
last-modified: Fri, 15 Apr 2022 01:21:35 GMT
server: Apache
x-frame-options: DENY
etag: "b3-5dca73b3ec428"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: max-age=31536000
date: Tue, 19 Apr 2022 22:50:02 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 179
x-mcafee-cache: 365-days
expires: Wed, 19 Apr 2023 22:50:02 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 132ms
46ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 19:31:15 GMT
x-content-type-options: nosniff
age: 530327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:11:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 19:31:15 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 124ms
41ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 19:30:15 GMT
x-content-type-options: nosniff
age: 530387
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:17:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 19:30:15 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 162ms
82ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 19:31:09 GMT
x-content-type-options: nosniff
age: 530333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:11:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 19:31:09 GMT

GET
H2 200 blue-right-arrow.svg
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
2 KB 171ms
171ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/blue-right-arrow.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 18 Aug 2021 05:39:36 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1332
x-content-type-options: nosniff
expires: Tue, 17 May 2022 05:16:27 GMT

GET
H2 200 Ryan.jpg
www.mcafee.com/blogs/wp-content/uploads/2018/07/ 6 KB
6 KB 176ms
176ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/07/Ryan.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

d0444653d0b6016785ad1489d32bc5b5185e740c125312f1f4f0c4e19e2b46c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Sat, 19 Feb 2022 09:32:14 GMT
x-serial: 1409
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2127668
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6048
server: Akamai Image Manager
expires: Sat, 14 May 2022 13:51:10 GMT

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 42ms
20ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 493024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvoSVhhW6LdkTDec1dDk3l9GqZ9MsQ1HAvySsxU7jd54zT80x8MoRt32XBxiBHYfaEiY%2FgY30v%2FYkAh7XC2HPM1v6GadRiEb%2BmffuMfsr6o%2BF%2FX4fkqGRewOeaRU3m%2B4UfnA4pxgA%2Fu2n2HHTChSYODE"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6fe932649eb7697b-FRA
expires: Sun, 09 Apr 2023 22:50:02 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 143ms
86ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 19:30:15 GMT
x-content-type-options: nosniff
age: 530387
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:11:40 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 19:30:15 GMT

GET
H2 200 pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 7 KB
8 KB 109ms
52ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 01:44:40 GMT
x-content-type-options: nosniff
age: 421522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7632
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:17:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 01:44:40 GMT

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
9 KB 152ms
96ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 19:30:20 GMT
x-content-type-options: nosniff
age: 530382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8668
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:10:31 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 19:30:20 GMT

GET
H2 200 opensans-regular-webfont.woff2
www.mcafee.com/enterprise/www/css/fonts/ 18 KB
19 KB 793ms
792ms Font
application/font-woff2 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/fonts/opensans-regular-webfont.woff2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/enterprise/www/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/enterprise/www/css/main.min.css
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Jun 2021 06:28:08 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "48b4-5c56902840e00"
strict-transport-security: max-age=31536000
content-type: application/font-woff2
x-xss-protection: 1; mode=block
content-disposition: attachment
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=4, origin; dur=618
accept-ranges: bytes
content-length: 18612
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v19/ 8 KB
8 KB 146ms
90ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v19/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mcafee.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 01:44:27 GMT
x-content-type-options: nosniff
age: 421535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:15:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 01:44:27 GMT

GET
H2 200 20180412-GhostSecret-1.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 63 KB
63 KB 917ms
916ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-1.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

678e8e73815c022d0dd0a7cb8eaf7a37d5c7759c692ad945a5f042bc36a5a6e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Tue, 25 Jan 2022 13:38:45 GMT
x-serial: 1634
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2354091
server-timing: cdn-cache; desc=MISS, edge; dur=471, origin; dur=348
content-length: 64370
server: Akamai Image Manager
expires: Tue, 17 May 2022 04:44:54 GMT

GET
H2 200 20180412-GhostSecret-2.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 6 KB
6 KB 583ms
582ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-2.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ab05c963114aa7b9486b6fffd9409af3cb1aa0f55762f72819b23df7cefb429d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Wed, 26 Jan 2022 14:00:50 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2401100
server-timing: cdn-cache; desc=HIT, edge; dur=479
content-length: 5938
expires: Tue, 17 May 2022 17:48:22 GMT

GET
H2 200 20180412-GhostSecret-3.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 46 KB
47 KB 740ms
738ms Image
image/webp 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-3.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

d384a06e51a2768147e3cc3cb97d5b09c2bdb6b2e0e4bc238ebd76bd1cfac850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Wed, 26 Jan 2022 14:00:51 GMT
x-serial: 190
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=2332497
server-timing: cdn-cache; desc=MISS, edge; dur=281, origin; dur=351
content-length: 47410
server: Akamai Image Manager
expires: Mon, 16 May 2022 22:45:00 GMT

GET
H2 200 20180412-GhostSecret-4.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 6 KB
7 KB 846ms
845ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-4.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

559afeaefaee506a69375fb058a699f782b2246c40810f6b4a6cd967981aec0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Wed, 26 Jan 2022 14:00:49 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2291580
server-timing: cdn-cache; desc=HIT, edge; dur=734
content-length: 6435
expires: Mon, 16 May 2022 11:23:03 GMT

GET
H2 200 20180412-GhostSecret-5.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 5 KB
6 KB 698ms
697ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-5.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

7bdf7d3d48d514d3537d7849fe90f75475ab2bf49c2b65b5c5aed0c9bcdeeca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Tue, 01 Feb 2022 19:52:51 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2332470
server-timing: cdn-cache; desc=HIT, edge; dur=580
content-length: 5546
expires: Mon, 16 May 2022 22:44:33 GMT

GET
H2 200 20180412-GhostSecret-6.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 8 KB
8 KB 570ms
569ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-6.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

accd271a82a97837718c0a3bf0e1c6fad3ac21f801dce9ae10a66de015a681da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Wed, 26 Jan 2022 14:00:51 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2387746
server-timing: cdn-cache; desc=HIT, edge; dur=446
content-length: 8291
expires: Tue, 17 May 2022 14:05:48 GMT

GET
H2 200 20180412-GhostSecret-7.png
www.mcafee.com/blogs/wp-content/uploads/2018/04/ 13 KB
13 KB 719ms
718ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2018/04/20180412-GhostSecret-7.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

baa8b1d358b515d8b7e9622eca0fed65802a19df40e23b7c67138d04f141827b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Wed, 26 Jan 2022 14:00:54 GMT
x-serial: 119
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=131100
server-timing: cdn-cache; desc=MISS, edge; dur=344, origin; dur=244
content-length: 13421
server: Akamai Image Manager
expires: Thu, 21 Apr 2022 11:15:03 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 28ms
11ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: QrI6VVQBtB8pouyQQKE2veZd0nFg5TpM0MHbtWbdKNXv43x2ju0QQB8d5L+LYiHwxwEjEG36f6HrVYY/Cq8ILg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:50:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 42ms
8ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dc7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dc7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
X-EdgeConnect-Cache-Status: 1
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=36953
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 28 KB
10 KB 28ms
10ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dd0aab4060ef1c321293aa501648b607c5b2123b504db705357a90b560fb855c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 19:47:38 GMT
etag: "ddc5cdcd86497322d9e46464798180f9+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 9501
x-served-by: cache-iad-kjyo7100031-IAD, cache-hhn11563-HHN

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 126ms
54ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9f2fc412da514ae1b4748fb922a7e06c5aab9a29296e3c021f86513f6a1e8ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17225
x-xss-protection: 0
server: cafe
etag: 16958488767326041532
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H3 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 9126 741 B
820 B 57ms
33ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1924483
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6fe93265d8d49be8-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 19 Apr 2022 22:50:02 GMT
etag: W/"2e5-5cc9e128a4c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 36ms
33ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7312884
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6fe93265e8d89be8-FRA
cf-bgj: minify

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 6 KB
2 KB 191ms
15ms XHR
application/json 2a02:26f0:7100:59a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC&d=www.mcafee.com&t=5501362&v=1.737.0&sl=0&si=886b6502-3af8-49c8-b02e-72c59f01125f-ralzfc&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=250743
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:7100:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 26a72872d350a3a965b52ddd360b5f95a4fd5b4b041767bc98f600433f85d56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1676

GET
H3 200 448732493334171 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 72ms
55ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/448732493334171?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

125214d6e905ae98a9b8cc8664244c3dce376d6e32e59f294878762a0eec128f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 0DyCZg68M31z/3sZ4O2AQjDZjXDBjYSRsmckVxNiD7xri6KFLcETsO4DrdzMYvS+vLZRFsyfUmoJIO8QcfxHJg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:50:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 281ms
114ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=a9528134-cba2-4885-a64c-671b9111991c&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 107
date: Tue, 19 Apr 2022 22:50:02 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 281ad30c4577fa2b40f594458f86b16ff3699a2251f42db52375bda64822472c
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
336 B 150ms
118ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=a9528134-cba2-4885-a64c-671b9111991c&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 112
date: Tue, 19 Apr 2022 22:50:01 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 92815315d65559a2826d6d5c73bf6fa90ee227ce2b3c023f84d97fde11ecd37e
content-length: 43

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-st...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1650408602555%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-st...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-s...

0
264 B

198ms
180ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQIB5qkIz8WhGwAAAYBEBL3-9-hmla2-Gb_2ACtAOe6Iy_S82Xh1gplyADYFEegdgvR4F31H
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1937BD5785194DAAA54114A54C0C7E72 Ref B: FRAEDGE1113 Ref C: 2022-04-19T22:50:03Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXdCbKJyvcYQrXbH/obIA==
x-li-fabric: prod-lor1

Redirect headers

date: Tue, 19 Apr 2022 22:50:03 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 16EB6327B5944C59B9F7B2F9A218B897 Ref B: FRAEDGE0813 Ref C: 2022-04-19T22:50:03Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1650408602555&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&liSync=true&e_ipv6=AQIB5qkIz8WhGwAAAYBEBL3-9-hmla2-Gb_2ACtAOe6Iy_S82Xh1gplyADYFEegdgvR4F31H
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXdCbKF/rXkhJlNBUb5NA==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/ 2 KB
2 KB 139ms
51ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/?random=1650408602642&cv=9&fst=1650408602642&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de8531b0964e602be32079e017d8881fef2b6a264217076b9412dbee81d9634e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1081
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 526 B
1 KB 120ms
30ms XHR
application/json 34.255.235.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A729776A5245B1590A490D44%40AdobeOrg&d_nsid=0&ts=1650408602667

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.255.235.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-235-57.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1865ade5e7830c3206e09d5f6e0513279c07daf869c7cb12efb8263da41dd94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v031-03e1eced0.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: psY/Zt9yTAQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.mcafee.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 360
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 33 KB
12 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12161
expires: Tue, 19 Apr 2022 23:50:02 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1607
expires: Tue, 19 Apr 2022 23:50:02 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 25 KB
9 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "7324535d27629ca693bad7fd0da315ea:1591133412.560246"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8764
expires: Tue, 19 Apr 2022 23:50:02 GMT

GET
H/1.1 204
No Content / Show response
api2932.d41.co/sync/ 0
516 B 466ms
108ms Script
text/plain 54.82.204.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/sync/

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.204.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-204-65.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Apr 2022 22:50:03 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
access-control-allow-origin: https://www.mcafee.com
Cache-Control: no-cache, no-store
access-control-allow-credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 74 KB
75 KB 50ms
19ms Script
application/javascript 143.204.98.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-109.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 19 Apr 2022 22:50:02 GMT
Via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
Last-Modified: Thu, 18 Nov 2021 14:57:32 GMT
Server: AmazonS3
Age: 57
ETag: "c5b0d60b7c887bcae6d8897835a15d14"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 76079
X-Amz-Cf-Id: o-CdvZ3WAp58kay2iCfruAdILkqwVF_lLXHvI0YpRZoK5BzeQ1So0Q==

GET
H3 200 187610925152304 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 58ms
57ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/187610925152304?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4efd0e4384f1de3d392d29f8a82bdd641c68d4d743105b7797b56237af1eb8ee

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: oE3XOjYN5VYPD593XxlEVlyLRRxnHoC7d/WGKMKf4jTGOGuUPYbAEj9gXGIYMepDHjrG0zi3GL+sR4xHwXkVrQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:50:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 24ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=448732493334171&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408602709&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408602708.1497294671&it=1650408602552&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H/1.1 200
OK api Show response
api2932.d41.co/ 1 KB
2 KB 385ms
111ms Fetch
application/json 54.82.204.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/api?req=api2932&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.204.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-204-65.compute-1.amazonaws.com

Software

Resource Hash

9e6a01faf67a22da7d55bef10743c9bf80840237594948d925ac6cdc1d134345

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Apr 2022 22:50:03 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/json
access-control-allow-origin: https://www.mcafee.com
Cache-control: no-store
access-control-allow-credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 1174
X-XSS-Protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
42 KB 135ms
48ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf762455aab2b955314fc01f27b9a529af98bf15ada3c0b36b4b0eafdeab041d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42177
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1650408602777&cv=9&fst=1650408602642&num=2&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

631f0dfc443198487a3fd640b365284b9a0a8381770b5876d3799b2d5efe8d5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1083
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 83ms
26ms Script
text/javascript 2606:4700:4400::6812:2a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2a27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 253
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 19 Apr 2022 22:55:49 GMT
cache-control: max-age=1200
cf-ray: 6fe93267b84e9013-FRA
cf-bgj: minify

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 322 KB
78 KB 39ms
15ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cc5d6ee0ec9d7b82d1a540fc2d3a47150b6da73616dcbbd76f79601153497020

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 11:05:20 GMT
server: AkamaiNetStorage
etag: "3921ae90c2a3395d0ebc577fba047a21:1650366320.57554"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Tue, 19 Apr 2022 22:55:02 GMT

POST
H2 201 FZlJEMRw Show response
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 18 B
744 B 163ms
163ms XHR
application/json 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
vary: Origin
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
x_req_id: 83cbf13d-569c-4f10-90bc-4d64949a21a7
server-timing: edge; dur=2, origin; dur=151, cdn-cache; desc=MISS
access-control-allow-headers: Content-Type
content-length: 18

GET
H/1.1 200
OK dest5.html Show response
mcafeeinc.demdex.net/ Frame CA62 7 KB
3 KB 157ms
35ms Document
text/html 54.220.215.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcafeeinc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.220.215.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-220-215-179.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v031-07a8a00ef.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: if3yF4WRS0c=
content-encoding: gzip
date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Wed, 13 Apr 2022 14:59:55 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.mcafee.com/ 48 B
508 B 105ms
16ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&mid=86202197825133991540967980018573964972&ts=1650408602800

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

484c43853080c5c976abe985eda1f359671c2895293f800615ae6faf0b3e07c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b6f4bb9f7-vq87w
vary: Origin
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Yl88mgAAAMBBwAQA
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=89792275559063424790455786507776896401
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88mgAAAMBBwAQA

42 B
945 B

33ms
33ms

Image
image/gif

34.255.235.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88mgAAAMBBwAQA

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

HTTP/1.1

Server

34.255.235.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-235-57.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v031-065c4c565.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: HOPLxSijQv0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl88mgAAAMBBwAQA
Date: Tue, 19 Apr 2022 22:50:02 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 slider-right-arrow.png
www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 746 B
974 B 13ms
13ms Image
image/png 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/img/new-icons/slider-right-arrow.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ce6418b62f6e6f2ffd7676db898aa6da5d64c75517766210a15ad53ce8d91404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/wp-content/themes/securingtomorrow-brillio/css/newtheme-style.css?ver=5.7.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Tue, 25 Jan 2022 06:00:51 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2066909
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 746
expires: Fri, 13 May 2022 20:58:31 GMT

GET
H2 200 globe-icon.svg
www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/ 1 KB
1 KB 11ms
11ms Image
image/svg+xml 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow-brillio/img/new-icons/globe-icon.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 26 Jul 2021 04:39:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1087
x-content-type-options: nosniff
expires: Mon, 02 May 2022 11:56:37 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975085349/ 42 B
108 B 137ms
52ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975085349/?random=1650408602642&cv=9&fst=1650405600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=3909882520&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975085349/ 42 B
108 B 133ms
49ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975085349/?random=1650408602642&cv=9&fst=1650405600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=3909882520&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 766537420057144 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 56ms
56ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/766537420057144?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cf718792729fdd90fa7a301c371e0bd6b1bab7df4ec664bfa7e7f0656a58b87c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: pV2X4v4STsK0GXR/mG6TyS1jybBJBgwsff6Mx3IOzDGjkZtrBxohmPRR9KGUI5NlNn9baHCPlSr5JfxoykYJkA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:50:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 15ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=187610925152304&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408602872&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408602708.1497294671&it=1650408602552&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 19 Apr 2022 22:50:02 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
548 B 118ms
52ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1650408602777&cv=9&fst=1650405600000&num=2&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=2345566826&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
548 B 113ms
49ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1650408602777&cv=9&fst=1650405600000&num=2&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&fmt=3&is_vtc=1&random=2345566826&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
324 B 405ms
100ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1259816&version=2.1.1&ref=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&r=1650408602889
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:03 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 43

GET
H2 200 utag.currency.js Show response
tags.tiqcdn.com/utag/tiqapp/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.currency.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7c0817627eb49057128efed83f2ca779e1f3bef48376624533eed1196e1e5c0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Sun, 17 Apr 2022 01:00:03 GMT
server: AkamaiNetStorage
etag: "dc2d5489932657353866b998d769ea10:1650157203.827368"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1716
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.276.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 33 KB
5 KB 14ms
14ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.276.js?utv=ut4.39.202204191104
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8bfed30326b8ffb6bc3f54db1157dde5278c961d56922390e2353c6d163bf19d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 11:05:20 GMT
server: AkamaiNetStorage
etag: "c915295bd8c771678bdf1b1890a84bed:1650366320.044767"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5065
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.331.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 6 KB
2 KB 13ms
12ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.331.js?utv=ut4.39.202201051242
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 08:45:24 GMT
server: AkamaiNetStorage
etag: "59b591af9c74eed7eeee7eb9933434aa:1640076324.779275"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2298
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.356.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 103 KB
27 KB 23ms
21ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.356.js?utv=ut4.39.202204191104
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3428ca4123d41c84536344c96b18d6ddc89cdd354790bde33b9b24c4407025b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 11:05:19 GMT
server: AkamaiNetStorage
etag: "5622bdd71323d5a8d52b620b0bcb30b5:1650366319.758452"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 27162
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.444.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 19 KB
6 KB 18ms
15ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.444.js?utv=ut4.39.202204191104
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 09:32:59 GMT
server: AkamaiNetStorage
etag: "b2cb1df33dd6b8a4f10369db69c7e7dd:1632130379.813891"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 6343
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.476.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 17ms
14ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.476.js?utv=ut4.39.202006041316
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 10:34:56 GMT
server: AkamaiNetStorage
etag: "6b2903b10789da4d6134a59bb1fc8a49:1572518096.337345"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2366
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.515.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 18ms
16ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Thu, 23 Jul 2020 12:04:49 GMT
server: AkamaiNetStorage
etag: "7365d951d30f1fa9668d0437fedeb4e3:1595505889.289423"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1048
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.518.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 8 KB
3 KB 18ms
17ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.518.js?utv=ut4.39.202204191104
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6c109fc598f457e5cee21e846082801d00bf09ed0a5eaa2762deeb63dc978a5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 11:05:21 GMT
server: AkamaiNetStorage
etag: "c4cda173010944d4ffdd95bf47eac4ac:1650366321.256729"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2499
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.521.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 20ms
19ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Wed, 15 Jul 2020 10:59:20 GMT
server: AkamaiNetStorage
etag: "c09f093e0e4ce83103416febd13a6294:1594810760.535353"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3237
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.523.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 22ms
21ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.523.js?utv=ut4.39.202201051242
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Thu, 27 Aug 2020 12:46:09 GMT
server: AkamaiNetStorage
etag: "fb30f56886da031845524ee15f427821:1598532369.53687"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1163
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.531.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 22ms
21ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.531.js?utv=ut4.39.202202081111
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Tue, 01 Dec 2020 04:25:45 GMT
server: AkamaiNetStorage
etag: "3a9ced3787ddb191062f19331c8d30bd:1606796745.86938"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3239
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H2 200 utag.537.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 3 KB
2 KB 23ms
22ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.537.js?utv=ut4.39.202012161058
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Oct 2020 13:17:10 GMT
server: AkamaiNetStorage
etag: "8b5d313be7f848419f47125d0c6664fd:1602681430.396878"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1538
expires: Wed, 04 May 2022 22:50:02 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=766537420057144&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408602956&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408602708.1497294671&it=1650408602552&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 19 Apr 2022 22:50:02 GMT

POST
H/1.1 201
Created messages Show response
cu1pehnsweb01.servicebus.windows.net/webp32h01/ 0
309 B 510ms
134ms XHR
application/xml 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
type: entry
Authorization: SharedAccessSignature sr=http%3a%2f%2fcu1pehnsweb01.servicebus.windows.net%2fwebp32h01&sig=egeBP80h1RMGKxIU3lvC2c7N8fqicJTBSJTk9weZQwA%3d&se=2188580224&skn=webp32h01send
Content-Type: application/json; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.mcafee.com
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 19 Apr 2022 22:50:03 GMT
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8

OPTIONS
H/1.1 200
OK messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ Frame 0
0 519ms
122ms Preflight 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,type
Access-Control-Request-Method: POST
Origin: https://www.mcafee.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,content-type,type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Max-Age: 3600
Content-Length: 0
Date: Tue, 19 Apr 2022 22:50:03 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 124ms
76ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

921cc9f05a82459d11cd4917ca8303b82273c750228905a1536b05970415ce2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38753
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 141ms
93ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5471927&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8cfb0b7d08c3ac7cc35e787e2d1f7e6d2169821421e332d1461ba38374d1d259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38248
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 155ms
108ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

21e20d9b2a5c0701d54b00c35c8f7c451b95d1c78cc0f675bb758e8325e88fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42176
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H/1.1

200
OK

ibs:dpid=477&dpuuid=1292d24c2937eeace0c13d0c8f4a6136fdac2c4642fc9a21dfd77c12e2a456b0b0da87c991749652
dpm.demdex.net/ Frame CA62
Redirect Chain

https://idsync.rlcdn.com/365868.gif?partner_uid=89792275559063424790455786507776896401
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODk3OTIyNzU1NTkwNjM0MjQ3OTA0NTU3ODY1MDc3NzY4OTY0MDEQABoNCJv5_JIGEgUI6AcQAEIASgA
https://dpm.demdex.net/ibs:dpid=477&dpuuid=1292d24c2937eeace0c13d0c8f4a6136fdac2c4642fc9a21dfd77c12e2a456b0b0da87c991749652

42 B
945 B

31ms
30ms

Image
image/gif

34.255.235.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=477&dpuuid=1292d24c2937eeace0c13d0c8f4a6136fdac2c4642fc9a21dfd77c12e2a456b0b0da87c991749652

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

HTTP/1.1

Server

34.255.235.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-235-57.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mcafeeinc.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v031-0d1e61c70.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Cis3rsYEQ5s=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Tue, 19 Apr 2022 22:50:03 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dpm.demdex.net/ibs:dpid=477&dpuuid=1292d24c2937eeace0c13d0c8f4a6136fdac2c4642fc9a21dfd77c12e2a456b0b0da87c991749652
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 13 KB
5 KB 461ms
153ms Script
text/javascript 34.193.254.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-254-175.compute-1.amazonaws.com
Software: /
Resource Hash: cb4e3611009ca1abf12609baae9b4a6a70e6c4baa77ce345d14840dc2c8f8e32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 19 Apr 2022 22:50:03 GMT
Content-Encoding: gzip
Cache-Control: max-age=30
Content-Length: 4430
Connection: keep-alive
Content-Type: text/javascript

GET
H3 200 577185772377767 Show response
connect.facebook.net/signals/config/ 308 KB
88 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/577185772377767?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d94ad9b24f79c97da646cbe15951b0895a28017ce0bfa8dd6a2ac1361b76d6ec

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 89624
x-xss-protection: 0
pragma: public
x-fb-debug: DpVD9NoR0+QbO7Sza6DKPkub63aIk3Xpu/yty3ERwJxWGci4nmhgySSYYadJ+xrIuOMwSZvl+CAysNQfMfTo5Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:50:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 star.gif
jelly.mdhv.io/v1/ 43 B
235 B 160ms
118ms Image
image/gif 216.239.38.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jelly.mdhv.io/v1/star.gif?pid=Fm4ZsumnWdLJITEAOIqxG583lBzi&src=mh&evt=hi&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&_rnd=0.656139642211164
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.21 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: any-in-2615.1e100.net
Software: Google Frontend /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
server: Google Frontend
content-type: image/gif
x-cloud-trace-context: 8773637e9d68601091c16acf44f22419
cache-control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
content-length: 43
expires: -1

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 85ms
50ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0486175a0b31633468a90a015424d70c763279375ecedddf7fe6e792bd27506a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42174
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 153ms
118ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

36ea11155147e644506e0bea563439de74ae380c4a7fecef762b5421ad89e789

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42177
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 149 KB
55 KB 82ms
49ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6fb8e74cd0ec703e1e3b5016c23366acdf8cd8863fadbb1c0a53a3a67e1f1d55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56770
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 27ms
8ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Tue, 26 Apr 2022 22:50:03 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 7ms
7ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mcafee/consumer-main/202204191104&cb=1650408603028
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 19 Apr 2022 23:00:03 GMT

GET
H2 200 s59510531459882
smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/ 43 B
351 B 17ms
17ms Image
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/s59510531459882?AQB=1&ndh=1&pf=1&t=19%2F3%2F2022%2022%3A50%3A3%202%200&sdid=1D363E76A8D16DD1-464002BE864AEE36&mid=86202197825133991540967980018573964972&aamlh=6&ce=UTF-8&ns=mcafeeconsumer&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&events=event120%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&v1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&c5=%5Bconsumer%3Aweb%5Dother-blogs&v5=%5Bconsumer%3Aweb%5Dother-blogs&c6=%5Bconsumer%3Aweb%5Dmcafee-labs&v6=%5Bconsumer%3Aweb%5Dmcafee-labs&c7=Page%20Name-%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&c8=www.mcafee.com&v8=new&c9=en-us&v9=en-us&v13=%3A&v14=direct&c15=consumer&v15=consumer&v20=na&v21=united%20states&v23=3%3A30PM&v24=Tuesday&c26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&v26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&c33=web&v33=web&v116=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 20 Apr 2022 22:50:03 GMT
server: jag
xserver: anedge-7b6f4bb9f7-fvqwv
etag: 3544225488875913216-4619369227609482399
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 18 Apr 2022 22:50:03 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
78 B 118ms
117ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=1ed43be2-d66b-42dd-85de-f936e36cc76f&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 110
date: Tue, 19 Apr 2022 22:50:02 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 281ad30c4577fa2b40f594458f86b16ff3699a2251f42db52375bda64822472c
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
101 B 116ms
116ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=1ed43be2-d66b-42dd-85de-f936e36cc76f&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 109
date: Tue, 19 Apr 2022 22:50:02 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 92815315d65559a2826d6d5c73bf6fa90ee227ce2b3c023f84d97fde11ecd37e
content-length: 43

GET
H2 200 1eb8bd09b246.js Show response
w.usabilla.com/ Frame 156C 194 KB
24 KB 97ms
30ms Script
text/javascript 54.77.70.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/1eb8bd09b246.js?lv=1
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.70.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-70-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d03acb4f99b67b990814738b04d0e709390465fbf841bed44787828366e749f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "da1b28189fe1aad7848e4c3efdb21dfe"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 23822

GET
H2 200 rules-p-hvA1U3-AR_BCf.js Show response
rules.quantcount.com/ 3 KB
1 KB 26ms
8ms Script
application/javascript 2600:9000:2156:6e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-hvA1U3-AR_BCf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:6e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:14:03 GMT
content-encoding: gzip
age: 2596
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Tue, 04 May 2021 18:33:58 GMT
server: AmazonS3
etag: W/"eb0fff4b7031d9152713e8e316a7cc4e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: NaCF0eHMiieXM2bixoTVffqwTSzJ6sM4Rw3T7bXmNvFAtXxTbCaDOA==

GET
H2 200 pixel;r=516827977;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F;uh...
pixel.quantserve.com/ 35 B
371 B 12ms
12ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=516827977;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F;uht=2;fpan=1;fpa=P0-1673713044-1650408603050;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=mcafee.com;je=0;sr=1600x1200x24;dst=0;et=1650408603050;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide%2Cdescription.McAfee%20Advanced%20Threat%20Research%20analysts%20have%20uncovered%20a%20global%20data%20reconnaiss%2Curl.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostse%2Csite_name.McAfee%20Blog%2Cimage.https%3A%2F%2Fsecuringtomorrow%252Emcafee%252Ecom%2Fwp-content%2Fuploads%2F2018%2F04%2F20180412-GhostSec

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408603055&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650408602708.1497294671&it=1650408602552&coo=false&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&rl=&if=false&ts=1650408603056&cd[content_type]=product&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1650408602708.1497294671&it=1650408602552&coo=false&tm=1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1972
date: Tue, 19 Apr 2022 22:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 20 Apr 2022 00:17:11 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 95ms
52ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14892
x-xss-protection: 0
server: cafe
etag: 4605403730725282575
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 19 Apr 2022 22:50:03 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame EA95 0
15 B 8ms
8ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 19 Apr 2022 22:50:03 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 201 FZlJEMRw Show response
www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/ 18 B
745 B 177ms
177ms XHR
application/json 23.205.250.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/Wd-CT/zKF/EIIT/Y-/fRNlo_/9itYbzXNOw/Lh8ZKF85/CC1/FZlJEMRw

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.250.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-250-154.deploy.static.akamaitechnologies.com

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
vary: Origin
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
x_req_id: dfcab46d-ffcc-40f1-88fd-2bd521c2ad67
server-timing: edge; dur=3, origin; dur=165, cdn-cache; desc=MISS
access-control-allow-headers: Content-Type
content-length: 18

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/ 3 KB
1 KB 140ms
93ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/?random=1650408603353&cv=9&fst=1650408603353&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bed36d1ed3863092d3a55a64c294113355b827aa1cacc0ce241af4498495257d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1242
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 102ms
57ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1650408603356&cv=9&fst=1650408603356&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

191f23c118f6ab025b2dcfa882c02aade267fd59aa77bcac86bf6cf95d27d787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1242
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 134ms
90ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1650408603357&cv=9&fst=1650408603357&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15ef29bea901251b686cba0009ca243a70789fd317c5f5295ceb4d3b887a0113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1119
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 3 KB
1 KB 135ms
91ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1650408603358&cv=9&fst=1650408603358&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bc9b01ad61a41f3d867818bcd8c8d1da1095c9f17b01d4bb4f78bc478408825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1117
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/ 3 KB
1 KB 98ms
56ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/?random=1650408603359&cv=9&fst=1650408603359&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a340fa33a81a65626f42200d9b62985cfb0962c66d8ed91bc62f3f0788883795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1118
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 126ms
46ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1253736817&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&ul=en-us&de=UTF-8&dt=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBACUABBAAAAC~&jid=505872873&gjid=520078229&cid=1556523304.1650408603&tid=UA-35949610-14&_gid=783017305.1650408603&_r=1&gtm=2ou4i1&cd1=na&cd2=us&cd3=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&cd9=&cd10=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&cd13=&cd16=Ryan%20Sherstobitoff&cd17=Apr%2024%2C%202018&cg1=blogs&cg2=other-blogs&cg3=mcafee-labs&cg4=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&cg5=&z=34716996

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame EAA5 0
15 B 7ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 19 Apr 2022 22:50:03 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 s58304778355398 Show response
smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/ 491 B
764 B 43ms
42ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBWB/s58304778355398?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=19%2F3%2F2022%2022%3A50%3A3%202%200&d.&nsid=0&jsonv=1&.d&sdid=1D363E76A8D16DD1-464002BE864AEE36&mid=86202197825133991540967980018573964972&aamlh=6&ce=UTF-8&pageName=other-blogs%3Amcafee-labs%3Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&cc=USD&ch=other-blogs&server=www.mcafee.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=other-blogs&c6=D%3Dv6&v6=mcafee-labs&c8=D%3Dv153&c16=Ryan%20Sherstobitoff&c26=D%3Dg&v26=D%3Dg&c51=%7C&c52=Apr%2024%2C%202018&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F100.0.4896.75%20Safari%2F537.36&v100=2.20.0&v153=www.mcafee.com&v154=us&v155=english&v166=%7C785564837%7Cnull%7Cnull%7CThe%20Professional%20Basketball%20Club%20LLC%7CUSA%7CSports%20Teams%20and%20Clubs%7CMedium%7C135%7C%7C200%7C&v180=year%3D2022%20%7C%20month%3DApril%20%7C%20date%3D19%20%7C%20day%3DTuesday%20%7C%20time%3D3%3A50%20PM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&v190=analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

b8886022f288d4428de85f6260ef151a4924b0a400495836602fda1993cace43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-aam-tid: vLq7IAYXSw8=
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
vary: *
content-length: 491
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v031-0bc8e4ee4.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Wed, 20 Apr 2022 22:50:03 GMT
server: jag
xserver: anedge-7b6f4bb9f7-mkn8f
etag: 3544225488830922752-4619879737622768225
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 18 Apr 2022 22:50:03 GMT

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 101ms
100ms Stylesheet
text/css 34.193.254.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-254-175.compute-1.amazonaws.com
Software: /
Resource Hash: 7c9880e7e013ae4f7c46519c07dc20dff912fdf7fd9e7747b34a27e1c0d688bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 19 Apr 2022 22:50:03 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 402ms
100ms Fetch
image/jpeg 34.193.254.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-254-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 19 Apr 2022 22:50:03 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

POST
H3 200 / Show response
www.facebook.com/tr/ Frame E51D 0
15 B 9ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 19 Apr 2022 22:50:03 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 /
www.google.com/pagead/1p-user-list/614089511/ 42 B
64 B 98ms
50ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/614089511/?random=1650408603359&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2507193995&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/614089511/ 42 B
64 B 101ms
52ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/614089511/?random=1650408603359&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2507193995&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
64 B 97ms
51ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1650408603356&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3113224538&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 98ms
50ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1650408603356&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3113224538&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 74ms
51ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1650408603357&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3168877605&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 76ms
51ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1650408603357&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=3168877605&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
64 B 68ms
48ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1650408603358&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2822023150&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 73ms
51ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1650408603358&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2822023150&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/597407903/ 42 B
64 B 68ms
49ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/597407903/?random=1650408603353&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2482025057&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/597407903/ 42 B
64 B 74ms
53ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/597407903/?random=1650408603353&cv=9&fst=1650405600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4i1&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Danalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%3Bcontent_group5%3D%3Bauthor%3DRyan%20Sherstobitoff%3BpubDate%3DApr%2024%5C%2C%202018%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&tiba=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&async=1&fmt=3&is_vtc=1&random=2482025057&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 57ms
18ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35949610-14&cid=1556523304.1650408603&jid=505872873&gjid=520078229&_gid=783017305.1650408603&_u=4GBACUAABAAAAC~&z=1310711709

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 19 Apr 2022 22:50:03 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 47ms
47ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35949610-14&cid=1556523304.1650408603&jid=505872873&_u=4GBACUAABAAAAC~&z=568844770

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 49ms
49ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35949610-14&cid=1556523304.1650408603&jid=505872873&_u=4GBACUAABAAAAC~&z=568844770

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame E4A0 0
15 B 8ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.mcafee.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 19 Apr 2022 22:50:03 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 RC4fa51485b5894d1cb92974356ae0fc00-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/ 828 B
708 B 7ms
7ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/07eb4e49d341/RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:50:03 GMT
content-encoding: gzip
last-modified: Thu, 31 Mar 2022 21:15:51 GMT
server: AkamaiNetStorage
etag: "ab1faf76266ac8bdf276f0bda62d7148:1648761351.579427"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 443
expires: Tue, 19 Apr 2022 23:50:03 GMT

GET
H/1.1 200
OK mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 6B9B 3 KB
3 KB 41ms
12ms Image
image/png 143.204.101.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/mcafee-consumer-button-1944989b2cb625c962c6ef510fb08a96.png
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 18:53:45 GMT
Via: 1.1 bab8148a65b29113f79cf2725076287c.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Fri, 13 Aug 2021 12:15:04 GMT
Server: AmazonS3
Age: 20577379
ETag: "1944989b2cb625c962c6ef510fb08a96"
X-Cache: Hit from cloudfront
x-amz-version-id: HisYRYbV2ml0Cly3Ot1zesxtMBlwdJ2E
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2675
X-Amz-Cf-Id: aVV0exJBSjlveVWdE3iqWTJJA6xHFbQYEORjtomLqMQEV-xGPw22EQ==

POST
H2 204 /
0217991c.akstat.io/ 0
201 B 19ms
18ms Ping
image/gif 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://0217991c.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:50:03 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Tue, 19 Apr 2022 22:50:03 GMT

GET
H/1.1

200
OK

results.txt Show response
xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pmglndjp2
https://xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

58ms
6ms

XHR
text/plain

2.21.20.197
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2.21.20.197 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-197.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:03 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Tue, 19 Apr 2022 22:50:03 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pmglndjp2
https://fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

66ms
7ms

XHR
text/plain

2a02:26f0:3500:7::17d8:4dc9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2a02:26f0:3500:7::17d8:4dc9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:03 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net/eum/results.txt
Date: Tue, 19 Apr 2022 22:50:03 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 141 B
444 B 101ms
101ms XHR
text/plain 34.193.254.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=uSyobPfzhDJe2LRnhI_IVA&is_js=true&landing_url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2F&t=Analyzing%20Operation%20GhostSecret%3A%20Attack%20Seeks%20to%20Steal%20Data%20Worldwide&host=https://www.mcafee.com&sa_conv_data_css_value=%20%220-6d3b2d8f-d344-4b4b-411c-403eee126afd%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd99f8a677f0bfe417b69d67dc5aaa52afcb9d59ba9
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.254.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-254-175.compute-1.amazonaws.com
Software: /
Resource Hash: 597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:50:03 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 141

Verdicts & Comments Add Verdict or Comment

219 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide	1969-12-31 23:59:59	Name: dnbDetails Value: \|785564837\|null\|null\|The Professional Basketball Club LLC\|USA\|Sports Teams and Clubs\|Medium\|135\|\|200\|
.mcafee.com/	1970-01-20 02:27:03	Name: bm_sz Value: 89B032E5FDB5AA89C85DB30FFC89E278~YAAQvacpF9U28RSAAQAAS7kERA8NPVy/YhGIinVwrYd3FqhqkIx3E21p5pWkfTfpAkvZ9KmANF3TKe/WfL5CKuADBtdw0DGDFApHhdXDLnyPSd0mspNQnD5RfEaii+i+m9cmKq9NI1sALygAEkAX4S80xkPYHkPxHRByr1NnrMFEOqZG00EiNOsBTehbgkls/HizyBPRlD23DGdig+SMet+sGWANYjuKBtwbcoIYMF/+ZnZplkmlOStRqpNKvgKRNScFhTzeEf/SBLcSUIyRpxO7hjokKsJ5ul36R+gW54S67lE=~3752501~4408642
.t.co/	1970-01-20 19:58:00	Name: muc_ads Value: 290b9999-7270-42c0-bd65-cf7c0ca2a89a
.mcafee.com/	1970-01-20 04:36:24	Name: _fbp Value: fb.1.1650408602708.1497294671
.demdex.net/	1970-01-20 06:46:00	Name: demdex Value: 89792275559063424790455786507776896401
.mcafee.com/	1969-12-31 23:59:59	Name: AMCVS_A729776A5245B1590A490D44%40AdobeOrg Value: 1
.linkedin.com/	1970-01-20 03:10:00	Name: UserMatchHistory Value: AQISvH96YZ4czwAAAYBEBLxIgnFQCZObjGBYDCUYJeoJagx7BSdM6K_AyB_zt86zlS_uAQPdTTioPA
.linkedin.com/	1970-01-20 03:10:00	Name: AnalyticsSyncHistory Value: AQJhr2bvRXxbwwAAAYBEBLxIckUNmCJ9Bzqx5OtjZVNAyjJKpFhX2xI8atfJhhDQLwxSQVdnh3iLu0qmx2ilDg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:58:42	Name: bcookie Value: "v=2&9bd1a535-7494-468c-8f19-c096fa2697a9"
.linkedin.com/	1970-01-20 02:28:15	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2280:u=1:x=1:i=1650408602:t=1650495002:v=2:sig=AQHL3pE5ANop_blVgg3Wsoz3hZuxY6cn"
.twitter.com/	1970-01-20 19:58:00	Name: personalization_id Value: "v1_mzwzvS2BVy/A2/v/gFS/nQ=="
.techtarget.com/	1970-01-20 02:26:50	Name: __cf_bm Value: CtSqGb9GWJlznuQKeQmGoIdxgzXAWTPs8dwND59AJQg-1650408602-0-AXueZCW4VnAq5phMcVDspZuhQuIumeclewjGqmk8jOjIfloS2U3l0s7SP88msAn4ATo8ry1fa8RGQJD4yVMhQIU=
.everesttech.net/	1970-01-20 11:12:24	Name: everest_g_v2 Value: g_surferid~Yl88mgAAAMBBwAQA
.mcafee.com/	1970-01-20 19:58:00	Name: s_ecid Value: MCMID%7C86202197825133991540967980018573964972
.dpm.demdex.net/	1970-01-20 06:46:00	Name: dpm Value: 89792275559063424790455786507776896401
.mcafee.com/	1978-01-11 21:31:40	Name: run_fs_for_user Value: false
.mcafee.com/	1970-01-20 19:59:27	Name: AMCV_A729776A5245B1590A490D44%40AdobeOrg Value: -408604571%7CMCIDTS%7C19102%7CMCMID%7C86202197825133991540967980018573964972%7CMCAAMLH-1651013402%7C6%7CMCAAMB-1651013402%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1650415802s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19109%7CvVersion%7C4.6.0
.demdex.net/	1970-01-20 06:46:00	Name: dextp Value: 60-1-1650408602991
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:58:42	Name: bscookie Value: "v=1&2022041922500280e6ffce-139c-4429-8d21-662f7fabc09cAQErbelIFpyXBnDStDX11B7YFofc7WMN"
.linkedin.com/	1970-01-20 19:57:49	Name: li_gc Value: MTswOzE2NTA0MDg2MDI7MjswMjHLQis57OGrl6R4Iigh1hojlYVGrphx3PuD2YZLP+hRNA==
.mcafee.com/	1970-01-20 11:12:24	Name: utag_main Value: v_id:01804404bd150056be2e6822db5803073007a06b00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1650410402901$ses_id:1650408602901%3Bexp-session$vapi_domain:mcafee.com
.mcafee.com/	1970-01-20 02:26:50	Name: s_gpv Value: %5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Canalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide
.mcafee.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.quantserve.com/	1970-01-20 11:57:03	Name: mc Value: 625f3c9b-0e5fc-fa679-423c9
.mcafee.com/	1970-01-20 11:51:17	Name: __qca Value: P0-1673713044-1650408603050
.rlcdn.com/	1970-01-20 11:12:24	Name: rlas3 Value: bbyvdwkn0o0aaNxdqkQJnLafGj27kLsDnOJByLSqq4Q=
.rlcdn.com/	1970-01-20 03:53:12	Name: pxrc Value: CJv5/JIGEgUI6AcQABIGCPHrARAA
.mcafee.com/	1970-01-20 04:36:24	Name: _gcl_au Value: 1.1.1410651547.1650408603
.mcafee.com/	1970-01-20 19:58:00	Name: _ga Value: GA1.2.1556523304.1650408603
.mcafee.com/	1970-01-20 02:28:15	Name: _gid Value: GA1.2.783017305.1650408603
.mcafee.com/	1970-01-20 02:26:48	Name: _gat_gtag_UA_35949610_14 Value: 1
.mcafee.com/	1970-01-20 11:12:24	Name: s_nr Value: 1650408603390-New
.mcafee.com/	1970-01-20 02:26:50	Name: gpv Value: other-blogs%3Amcafee-labs%3Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide
.mcafee.com/	1969-12-31 23:59:59	Name: tp Value: 25360
.mcafee.com/	1969-12-31 23:59:59	Name: s_ppv Value: other-blogs%253Amcafee-labs%253Aanalyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide%2C5%2C5%2C1200
.mcafee.com/	1970-01-20 03:10:00	Name: Target_Test Value: seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040
.mcafee.com/	1970-01-20 04:50:48	Name: aam_uuid Value: 89792275559063424790455786507776896401
tags.srv.stackadapt.com/	1970-01-20 11:12:24	Name: sa-user-id Value: s%3A0-6d3b2d8f-d344-4b4b-411c-403eee126afd.F0q3wqieDfDJ003i3N33tKVmE3K7ZXv3DnYdbgMQ92Y
.srv.stackadapt.com/	1970-01-20 11:12:24	Name: sa-user-id-v2 Value: s%3AbTstj9NES0tBHEA-7hJq_bnVm6k.mqbK%2FuJfg2fNTrYc7qkSVIyMpCoFbwWCfqi3tfIs6Og
.mcafee.com/	1970-01-20 11:12:24	Name: _abck Value: 292A71DD8D8EA72D703CF9534CB33447~-1~YAAQvacpF9g28RSAAQAAWb8ERAeTPXtma1brZbfqB6HFBlTCB28nhx3kEn1rQc53AoDMdHn/+hy8L1jLeeTveWrxjj0z6CrsuEY7oHZLj0Z91Dnd9Dp25VfyJpdKEYt3AUWJYWk0Jf4buHLlGMIdyGs8yQB0732Z8iQ4B912jw0yvSQmMQ13k2B2/znHaQqaPwSSWNqZZfLfvXVRF8gLwPo7KxdVaK2GlOYHr80ErDyc9rYehUWgbGDEGkHZk8JM0x8PmZ5xt6kFPGiLHQvSphwZQ1SPDJZEZ3MKwUFFN6SNJU+cuY52+5GhF/+Pe2f0Kf51P+rpayEUhBOJMuWmDbuYCmY8GfpTxJKkrdDFxZ9hXLmRr9RJc0VjxWrS8/vAP4E1U5L3nhnZ9w==~-1~-1~-1
.doubleclick.net/	1970-01-20 11:48:24	Name: IDE Value: AHWqTUk0ornNMl1cdBFOEKe5x8JOLyEFwQBGWU0T53yIkiCPAmjeeBVMK7pe40Ab
www.mcafee.com/	1969-12-31 23:59:59	Name: usbls Value: 1
.mcafee.com/	1970-01-20 02:36:53	Name: RT Value: "z=1&dm=mcafee.com&si=bc9a234b-cffb-4c3c-82d7-58bd2bdcfe2e&ss=l26qo23b&sl=1&tt=2n7&bcn=%2F%2F0217991c.akstat.io%2F&ld=2na"

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/(Line 1734) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/(Line 1734) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 3) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0217991c.akstat.io
analytics.twitter.com
api2932.d41.co
apt.techtarget.com
assets.adobedtm.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cu1pehnsweb01.servicebus.windows.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
fibrwiaaa3ybckqce3ydkaaaa5rf6pe3-pmglnd-b383057d5-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
idsync.rlcdn.com
jelly.mdhv.io
mcafeeinc.demdex.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s.go-mpulse.net
secure.quantserve.com
securingtomorrow.mcafee.com
smetrics.mcafee.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tags.tiqcdn.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
trk.techtarget.com
w.usabilla.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mcafee.com
xhkzxkiccukmqys7hsnq-pmglnd-d609f5e91-clientnsv4-s.akamaihd.net
104.208.16.0
104.244.42.131
104.244.42.197
104.75.88.194
13.107.42.14
142.250.186.162
143.204.101.31
143.204.98.109
15.236.176.210
161.69.25.99
199.232.136.157
2.21.20.197
2.21.20.200
206.19.49.24
216.239.38.21
23.205.250.154
2600:9000:2156:6e00:6:44e3:f8c0:93a1
2606:4700:10::6816:47c5
2606:4700:4400::6812:2a27
2606:4700::6810:5814
2606:4700::6811:180e
2620:116:800d:21:51e4:db4b:4436:b305
2620:1ec:21::14
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9d
2a02:26f0:1700:391::11a6
2a02:26f0:3500:591::1e80
2a02:26f0:3500:7::17d8:4dc7
2a02:26f0:3500:7::17d8:4dc9
2a02:26f0:3500:7::17d8:4dcd
2a02:26f0:7100:59a::11a6
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.193.254.175
34.248.191.66
34.255.235.57
35.244.174.68
54.220.215.179
54.77.70.77
54.82.204.65
003c5212fe084a97fd7fd753297fe409de81f1be36fa96caced384c844d3d361
02af54bc2bacd59ea605b64bf5a3b880b6d6bae73e5c24a52b49ca2d6d7d3844
0486175a0b31633468a90a015424d70c763279375ecedddf7fe6e792bd27506a
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0bc9b01ad61a41f3d867818bcd8c8d1da1095c9f17b01d4bb4f78bc478408825
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f12048dcefe9bc239ae8d17fc0977bb7a704c86d72fab2a17393a056a20bebd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b
125214d6e905ae98a9b8cc8664244c3dce376d6e32e59f294878762a0eec128f
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
15ef29bea901251b686cba0009ca243a70789fd317c5f5295ceb4d3b887a0113
17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f
1865ade5e7830c3206e09d5f6e0513279c07daf869c7cb12efb8263da41dd94f
191f23c118f6ab025b2dcfa882c02aade267fd59aa77bcac86bf6cf95d27d787
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436
2170edf920df8db1736b378cacb7cbbb19d9693f32a60348d31e285ab9744591
218d05d13fe4ec02c43381f56d55867da02dbb5ed32c417c2584a44fbbfc8c2a
21e20d9b2a5c0701d54b00c35c8f7c451b95d1c78cc0f675bb758e8325e88fd0
2433290762f14878390667a857add6770254f0ce19676e8d790eeddfe16b082f
24d11f91b5546461b004b858c726ef1228ca8fa47e5e09b2e39f3789c9413447
25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6
26a72872d350a3a965b52ddd360b5f95a4fd5b4b041767bc98f600433f85d56b
27dc4635c254b8aa1eacc62b7819be57d827b663d41793078443ae7531d17f32
282656d5ab704ddf2bead855584893e798b59b9b1494b5cf40f73230cc571ee2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e
326dc8f9a28bb9c1fedd5cdb62b5a00f974078e1c40550763d3d2d9b6853b67b
3428ca4123d41c84536344c96b18d6ddc89cdd354790bde33b9b24c4407025b7
36ea11155147e644506e0bea563439de74ae380c4a7fecef762b5421ad89e789
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8
4753909d47b250070815b12b4b69fa0500302f30795fa77ccde3227fd10ec3ef
47826fb7ccc2189d0bedd25fc09c57b8dab9b03ce66d60f02af04f78f1001b20
484c43853080c5c976abe985eda1f359671c2895293f800615ae6faf0b3e07c4
485d3d9905192b37c2b35167d3f095bb1bc3804fb272e533342f182b5dce4165
48a3f2f17c97ab0f447cbf07748755c5fb27841a0f20149519bd6f4be5274e9a
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4dafc5d60a0cdc3b677a4cd543239bead37d550f86d89ec5210935ba15872ce1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4efd0e4384f1de3d392d29f8a82bdd641c68d4d743105b7797b56237af1eb8ee
506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50c8022116d8105e7c9af1cb08f1e21c26f3f8516875bba1013fe4cbdd166a8d
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
52c766d175703482411d165b1339220aac1167e3315b792928eb51de6d6b3183
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
559afeaefaee506a69375fb058a699f782b2246c40810f6b4a6cd967981aec0a
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2
5c911eb39ad184a724aac53d6e259a6c1598d9d4341ca481f9db71e22c76b6bc
5d4ac009da7f99e32023b5d21c87939275d1561bf80e4737aa5d61beba675f29
5d60ce49f261c72be59ec3eda251d9f890be64e5f98390633c391ae53ba5b0b6
5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76
631f0dfc443198487a3fd640b365284b9a0a8381770b5876d3799b2d5efe8d5e
656955dd522a5ad6e4854b1ae8cc510c8eafab407ce64ec7957b5c23a8014bd1
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
678e8e73815c022d0dd0a7cb8eaf7a37d5c7759c692ad945a5f042bc36a5a6e2
6c109fc598f457e5cee21e846082801d00bf09ed0a5eaa2762deeb63dc978a5c
6d4d659f4b34d65df2bfac351dda22f2a050352cbebf8f5df3fcb109018f945e
6dc29b86dd6cb91a632a411bddaddb571dff296f2628cbc4f666c36ef54a6e3f
6f5900b58770638d1557e62f3a54eb5d2565562eb8050e68d63954dbf6ee77d4
6fb8e74cd0ec703e1e3b5016c23366acdf8cd8863fadbb1c0a53a3a67e1f1d55
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f
75b43df6930d03341e76a75dcd100473926121ac0e707825a0e73e5666d7ff97
76e492344b7da6c17b6cfb90fd603bce68e20de9f1d2751d93eef85ee0137d74
7716b50cc0675d22d9f9cf1224e282269b57a7d6a3a4541f3b9b48862df03419
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bdf7d3d48d514d3537d7849fe90f75475ab2bf49c2b65b5c5aed0c9bcdeeca8
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c0817627eb49057128efed83f2ca779e1f3bef48376624533eed1196e1e5c0b
7c48971a72486c60216251e89061d7c2b8b03fa57551e0a6be0b7f0f9ab6254c
7c9880e7e013ae4f7c46519c07dc20dff912fdf7fd9e7747b34a27e1c0d688bb
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7d96d2e1b074aae1837dca30f5a377b312196ebec0060a99c7d64655bae7c05b
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
8230dd99a840ebad43aacb1e94192f44d5dd12393a1c0e638feaed0014878d95
8474952f856a73d936c67fc73c4b330547430caec755cab2ee773a626ec03988
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89b9296a15088c3885813778cff511c9ed386423aa985e3c4a374295163fcd51
8bfed30326b8ffb6bc3f54db1157dde5278c961d56922390e2353c6d163bf19d
8cfb0b7d08c3ac7cc35e787e2d1f7e6d2169821421e332d1461ba38374d1d259
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8dbf13ee25ebb0469215de647614d72bc7828eefd22b2a2779b283e7a67af8fb
921cc9f05a82459d11cd4917ca8303b82273c750228905a1536b05970415ce2a
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9b9e485828e3ab9be4f5285e9214960c209adae3a0e6332e869a5b104007008f
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
9dee9f7724ca98ec632aadeee67d695806122f2ceae9b874dbc47f4535345ce9
9e6a01faf67a22da7d55bef10743c9bf80840237594948d925ac6cdc1d134345
9f2fc412da514ae1b4748fb922a7e06c5aab9a29296e3c021f86513f6a1e8ae5
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a340fa33a81a65626f42200d9b62985cfb0962c66d8ed91bc62f3f0788883795
a535c591be3492fdf85462e10f231e43c2e6e3becd254698dc508b9b7e15c3a9
ab05c963114aa7b9486b6fffd9409af3cb1aa0f55762f72819b23df7cefb429d
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
accd271a82a97837718c0a3bf0e1c6fad3ac21f801dce9ae10a66de015a681da
ae76c1a3226452722f7648a7a0d0a0bc030afaab66d0bf5f2a26146e3ec0303b
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
b6008a46367feb68269adff71ca0507a7ffa2fafffa8c3af83a4f6f6518936e1
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
b8886022f288d4428de85f6260ef151a4924b0a400495836602fda1993cace43
b948b4e3f54ac94c26f8ca688fb6f84974e5f95128bd291213562ada2b854c8d
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
baa8b1d358b515d8b7e9622eca0fed65802a19df40e23b7c67138d04f141827b
bdbc00de393216f6118f704088accc9ebddd220480741d5ed088c01f46f84088
bed36d1ed3863092d3a55a64c294113355b827aa1cacc0ce241af4498495257d
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2360a63214a4c506ea53b464da6013fad961ec65f5ac3132f2d161b70e20b86
c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6
c48dfe2811b178d0d09b499f4c07d74f6c417e4bc14eafce2b3c94781548bd7e
c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1
c776499873d7afef2f42887296b1a505c237a4dd3f2fe60c8c34116dd9e9a3ab
c85b89d6b7d92272f7fb5946e61282a75b946883176c9ff73eac557dde75c724
c8801a050e21e0e0aef39f1517a6dcce6d56a71950460282d873f4553cd98977
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
cb4e3611009ca1abf12609baae9b4a6a70e6c4baa77ce345d14840dc2c8f8e32
cc2a9ed4988e65c35ca3723e7b6941441eb3cdffb9c054fd02827e794470675f
cc5d6ee0ec9d7b82d1a540fc2d3a47150b6da73616dcbbd76f79601153497020
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
ce6418b62f6e6f2ffd7676db898aa6da5d64c75517766210a15ad53ce8d91404
cf718792729fdd90fa7a301c371e0bd6b1bab7df4ec664bfa7e7f0656a58b87c
cf762455aab2b955314fc01f27b9a529af98bf15ada3c0b36b4b0eafdeab041d
d03acb4f99b67b990814738b04d0e709390465fbf841bed44787828366e749f9
d0444653d0b6016785ad1489d32bc5b5185e740c125312f1f4f0c4e19e2b46c3
d3704d9797dce227e5032123ba2c7744319bf51460b1f5a54e21ec3d9952004e
d384a06e51a2768147e3cc3cb97d5b09c2bdb6b2e0e4bc238ebd76bd1cfac850
d5cd84cc07e1b1de269767307530f3d99a79ea0387d98a4fb9e9b0f65cb09a23
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d8d255d26500377962ab84e9578971dd558a5772b8d6bbbb8a16e98f55a3611b
d94ad9b24f79c97da646cbe15951b0895a28017ce0bfa8dd6a2ac1361b76d6ec
dd0aab4060ef1c321293aa501648b607c5b2123b504db705357a90b560fb855c
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de8531b0964e602be32079e017d8881fef2b6a264217076b9412dbee81d9634e
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e02c6dc391e7e999f146bc443a116e1f35609f4faecbafedd55aaa3a0c7f234d
e26c61587827a4d320d0766a1d979cdcdf9ca93cd7323e2aff6822b7ba39b15f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e906436e21a8490ebb646535185815624343377d407320f064f69045f3332f4f
ea2fcfa550c8e004fc94f03166e8d8da9a87e9770b21a30146af7f7297735407
ee51b51995f3768e62a8ab777746d972874bace6cd2482629f6e58f37b65e758
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f266dd76093d18576935f25c75b429165ae83e5630b6e723f282c5e2eeb00c1f
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f66a48a13c4d8604a7f8f41bc198bf10044fc4dd7c0dfc8f8a1d3adc8be91941
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff4f1d3b83b386fe368a36112d66e193f81a07d24e2d4f98312fcfb53360d5e0
ff91452f83ca176dd6aef8ddca1f0eef9b1a7edade26ca0167e1e93485ed088c

www.mcafee.com Open in urlscan Pro 23.205.250.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

202 Requests

98 %HTTPS

50 %IPv6

36 Domains

49 Subdomains

41 IPs

5 Countries

2207 kBTransfer

5859 kBSize

45 Cookies

52 Outgoing links

Page URL History

Redirected requests

202 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mcafee.com Open in urlscan Pro
23.205.250.154 Public Scan

Screenshot
Live screenshot

Full Image

202
Requests

98 %
HTTPS

50 %
IPv6

36
Domains

49
Subdomains

41
IPs

5
Countries

2207 kB
Transfer

5859 kB
Size

45
Cookies

202 HTTP transactions
1 data transactions