www.cfr.org Open in urlscan Pro
2606:4700::6812:8ee Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret
Effective URL:
https://www.cfr.org/cyber-operations/operation-ghostsecret
Submission: On April 19 via api (April 19th 2022, 10:41:51 pm UTC) from US — Scanned from DE

Summary HTTP 61 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 19 domains to perform 61 HTTP transactions. The main IP is 2606:4700::6812:8ee, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cfr.org. The Cisco Umbrella rank of the primary domain is 139121.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 27th 2022. Valid for: a year.

This is the only time www.cfr.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 24	2606:4700::68... 2606:4700::6812:8ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:e14e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:215... 2600:9000:2156:8e00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e031	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:f349	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42::714 2a04:4e42::714	54113 (FASTLY) (FASTLY)
1	52.222.206.178 52.222.206.178	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	108.157.4.113 108.157.4.113	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	52.35.241.239 52.35.241.239	16509 (AMAZON-02) (AMAZON-02)
1	108.157.4.45 108.157.4.45	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e034	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	108.157.4.102 108.157.4.102	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	52.201.175.247 52.201.175.247	14618 (AMAZON-AES) (AMAZON-AES)
1	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
61	24

24 2606:4700::6812:8ee (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

www.cfr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:e14e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:8e00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:f7::5c7b:e031 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f349 (United States)

ASN13335 (CLOUDFLARENET, US)

hello.myfonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.178 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-178.fra56.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-113.dus51.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.241.239 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-241-239.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-45.dus51.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f7::5c7b:e034 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-102.dus51.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.201.175.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-175-247.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	cfr.org 3 redirects www.cfr.org — Cisco Umbrella Rank: 139121	715 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	56 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 510 p.typekit.net — Cisco Umbrella Rank: 625	74 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	198 KB
4	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1216 mab.chartbeat.com — Cisco Umbrella Rank: 2301	48 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 621 script.hotjar.com — Cisco Umbrella Rank: 818 vars.hotjar.com — Cisco Umbrella Rank: 999	67 KB
3	fonts.net fast.fonts.net — Cisco Umbrella Rank: 3026	58 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	500 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	51 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 2974 api.amplitude.com — Cisco Umbrella Rank: 1280	20 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2388	83 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 354	1 KB
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1170	201 B
1	google.de www.google.de — Cisco Umbrella Rank: 5383	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 4	501 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 380	14 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 95	440 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	70 KB
1	myfonts.net hello.myfonts.net — Cisco Umbrella Rank: 5349	353 B
61	19

	Domain	Requested by
24	www.cfr.org	3 redirects www.cfr.org
5	www.google-analytics.com	www.googletagmanager.com www.cfr.org
4	connect.facebook.net	www.cfr.org connect.facebook.net
4	use.typekit.net	www.cfr.org
3	static.chartbeat.com	www.cfr.org
3	fast.fonts.net	www.cfr.org fast.fonts.net
2	www.facebook.com	www.cfr.org
2	www.youtube.com	www.cfr.org www.youtube.com
2	stackpath.bootstrapcdn.com	www.cfr.org stackpath.bootstrapcdn.com
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	ping.chartbeat.net
1	www.google.de
1	www.google.com
1	js-agent.newrelic.com	www.cfr.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	vars.hotjar.com	static.hotjar.com
1	p.typekit.net	www.cfr.org
1	script.hotjar.com	static.hotjar.com
1	api.amplitude.com	cdn.amplitude.com
1	static.hotjar.com	www.googletagmanager.com
1	cdn.amplitude.com	www.cfr.org
1	mab.chartbeat.com	static.chartbeat.com
1	www.googletagmanager.com	www.cfr.org
1	hello.myfonts.net	www.cfr.org
61	24

This site contains links to these domains. Also see Links.

Domain
cfr.org
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
www.linkedin.com
www.foreignaffairs.com
securingtomorrow.mcafee.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
cdn.amplitude.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2022-01-28` - `2023-02-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.cfr.org/cyber-operations/operation-ghostsecret
Frame ID: 6FB9D2BFFAD4132CBB8DFD9812B901D1
Requests: 60 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: BF4EACDEF92E821DCC9B69AE0E47C08B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Operation GhostSecret | CFR InteractivesLogo

Page URL History Show full URLs

https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret HTTP 301
https://www.cfr.org/cyber-operations/operation-ghostsecret Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

61
Requests

97 %
HTTPS

67 %
IPv6

19
Domains

24
Subdomains

24
IPs

3
Countries

1456 kB
Transfer

4737 kB
Size

19
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://cfr.org/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/councilonforeignrelations

Search URL Search Domain Scan URL

URL: https://twitter.com/CFR_org

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cfr/featured

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cfr_org/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/council-on-foreign-relations

Search URL Search Domain Scan URL

URL: https://www.foreignaffairs.com/
Title: ForeignAffairs.com

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Title: Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret HTTP 301
https://www.cfr.org/cyber-operations/operation-ghostsecret Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2 HTTP 301
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2

Request Chain 24

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2 HTTP 301
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2

61 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request operation-ghostsecret Show response
www.cfr.org/cyber-operations/
Redirect Chain

https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret
https://www.cfr.org/cyber-operations/operation-ghostsecret

79 KB
19 KB

340ms
340ms

Document
text/html

2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a33500d7eabf250701db0bae6a44440ba4d5a8f4539c9aca333af31b0fe84f32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
age: 0
cache-control: max-age=10800, public
cf-cache-status: DYNAMIC
cf-ray: 6fe92648dc3201db-ZRH
content-encoding: gzip
content-language: en
content-type: text/html; charset=UTF-8
date: Tue, 19 Apr 2022 22:41:46 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 13 Apr 2022 07:55:28 GMT
link: <https://microsites-live-backend.cfr.org/node/1654>; rel="shortlink", <https://microsites-live-backend.cfr.org/cyber-operations/operation-ghostsecret>; rel="revision", <//microsites-live-backend.cfr.org>; rel=preconnect; crossorigin, <//microsites-live-backend.cfr.org>; rel=dns-prefetch
server: cloudflare
traceparent: 00-16fc1356a43d4966aa775fde23288dbb-b2b2fa77272b6348-00
vary: Accept-Encoding, Cookie, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-cloud-trace-context: 16fc1356a43d4966aa775fde23288dbb/12876629674270876488;o=0
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-drupal-cache: HIT
x-drupal-dynamic-cache: HIT
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-6f6b44d5b8-4sw8s
x-robots-tag: all
x-served-by: cache-mdw17372-MDW, cache-fra19135-FRA
x-styx-req-id: e4c50c2b-c031-11ec-a9fa-a62f58703fa8
x-timer: S1650408107.510873,VS0,VE182
x-ua-compatible: IE=edge
z-cf-worker: microsites-live-backend.cfr.org

Redirect headers

access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cf-ray: 6fe926476a9f01db-ZRH
content-length: 0
date: Tue, 19 Apr 2022 22:41:46 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://www.cfr.org/cyber-operations/operation-ghostsecret
server: cloudflare
vary: Accept-Encoding
x-robots-tag: all

GET
H2 200 css_hFMGFJfRJKZg7iyTG6v-IisooJkE_zs-c6nJA5yVRCg.css
www.cfr.org/cdn/ff/CR9lqtU4KIV_zGvoltUo0IRHEkvzs_zx2THvn1x0u0I/1648753470/public/css/ 10 KB
3 KB 176ms
176ms Stylesheet
text/css 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/CR9lqtU4KIV_zGvoltUo0IRHEkvzs_zx2THvn1x0u0I/1648753470/public/css/css_hFMGFJfRJKZg7iyTG6v-IisooJkE_zs-c6nJA5yVRCg.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

8453061497d124a660ee2c931babfe222b28a09904ff3b3e73a9c9039c954428

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-6w62l
x-served-by: cache-mdw17350-MDW, cache-fra19165-FRA
x-timer: S1650260271.427513,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/css;charset=UTF-8
x-styx-req-id: 94e85317-b92c-11ec-ac28-5a71cabf4831
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: d0d2609e99a34a918447dc54f6e005f4/13353615044932333731;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:46 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 3064
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-d0d2609e99a34a918447dc54f6e005f4-b95192220480f0a3-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264b2e3901db-ZRH

GET
H2 200 69fdb849-9596-41e2-bfcd-fbef96cc9216.css
fast.fonts.net/cssapi/ 40 KB
3 KB 519ms
463ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b982480e5550c9eb095ce609def69d6a31c2a1ecbe4a1d4119b63f2127a118d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Wed, 17 Feb 2021 06:09:46 GMT
server: cloudflare
x-amz-request-id: 27MYBPGQDXQPRD1A
etag: W/"59f5f5953bb1e143a7ff03043e7f7ed8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=300
x-amz-meta-mtime: 1580408781
cf-ray: 6fe9264b8cff0208-ZRH
x-amz-id-2: wbXWLcTKQpeQm0SNNazEiMtvP+zIzIaMc2b3JKQF6fLi/jqzLXzLKpggH8pSMKGkZtsTzt4Fxek=
expires: Tue, 19 Apr 2022 22:46:47 GMT

GET
H2 200 css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/ 870 KB
160 KB 152ms
151ms Stylesheet
text/css 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

3d0dbc13717a3726b829dbaf9d95b84cefc928c4bcef09a169104accd77fdc2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-lwhnb
x-served-by: cache-mdw17356-MDW, cache-hhn4081-HHN
x-timer: S1650364649.903979,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/css;charset=UTF-8
x-styx-req-id: 66c5ad61-b125-11ec-befc-827ec85074c7
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: c32e54ab68874bed8849e603a4f2d220/1053533008785426169;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:46 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 163298
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-c32e54ab68874bed8849e603a4f2d220-0e9ee6b08bcdc6f9-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264b2e3b01db-ZRH

GET
H2 200 js_JvjVZf22lVrqBDpom2woUqDL0kH_iOH-F9GakV8hJvE.js Show response
www.cfr.org/cdn/ff/EbpnOM6reKlI1j59b1Ac3ltPFI3jFDU15WRQQ0ishVM/1648753471/public/js/ 843 B
986 B 148ms
147ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/EbpnOM6reKlI1j59b1Ac3ltPFI3jFDU15WRQQ0ishVM/1648753471/public/js/js_JvjVZf22lVrqBDpom2woUqDL0kH_iOH-F9GakV8hJvE.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

26f8d565fdb6955aea043a689b6c2852a0cbd241ff88e1fe17d19a915f2126f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
fastly-original-body-size: 513
age: 479
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-65mrv
x-served-by: cache-mdw17364-MDW, cache-fra19164-FRA
x-timer: S1648757983.321502,VS0,VE1
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 66c5bcf1-b125-11ec-a525-eec4103032ce
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 78edae7d826f476c80d48aeaf0af95e1/14850853565051241515;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:46 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: HIT
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 513
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-78edae7d826f476c80d48aeaf0af95e1-ce18d4a25c39042b-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264b2e3d01db-ZRH

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
10 KB 45ms
7ms Script
application/x-javascript 2600:9000:2156:8e00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8e00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4be319fc7e78bf1beb5b73bb76e33e445bf3170ebcd66fd72639743115287a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:44:34 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:18:19 GMT
server: nginx
age: 7032
etag: W/"625616cb-595b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: _HQdjvY32pZ6d6ZrDGPIjJRUJEzL-fOTTSChbJuAOZZSuda4GmHHrg==
expires: Tue, 19 Apr 2022 22:44:34 GMT

GET
H2 200 cfr-logo.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 5 KB
3 KB 221ms
219ms Image
image/svg+xml 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-logo.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 441e4e3fe5729e0accb9821c52fe1bad58dd4f340b690dd2e2f92e4a56dc9349

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe9264ea97b01db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 2430
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17351-MDW, cache-hhn4080-HHN
expires: Wed, 05 Apr 2023 20:06:42 GMT
last-modified: Sun, 03 Apr 2022 01:53:12 GMT
server: cloudflare
traceparent: 00-f78de5f411d14d26a0a558c799c1e795-6d82b621f5d746ab-00
x-timer: S1650385464.804718,VS0,VE2
etag: W/"6248fe08-131d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: bec6196d-b452-11ec-ac28-5a71cabf4831
x-cloud-trace-context: f78de5f411d14d26a0a558c799c1e795/7891069754081232555;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-6w62l

GET
H2 200 cfr-monogram.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 1 KB
1 KB 215ms
213ms Image
image/svg+xml 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-monogram.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c27689acf09443c53ff547643bd6485954e4220e6bb04de4698ba05ad2fece7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe9264ea97c01db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 806
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17355-MDW, cache-hhn4025-HHN
expires: Wed, 12 Apr 2023 12:45:55 GMT
last-modified: Sat, 09 Apr 2022 07:09:17 GMT
server: cloudflare
traceparent: 00-f2061c67f3e54e66b14c5516b36e21a3-5ffa36364bb99db1-00
x-timer: S1650408107.498504,VS0,VE1
etag: W/"6251311d-5a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: 5421c88f-b995-11ec-a33b-6a0231a91d36
x-cloud-trace-context: f2061c67f3e54e66b14c5516b36e21a3/6915899784607407537;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-sjzth

GET
H2 200 cfr-monogram-white.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 1 KB
1 KB 215ms
213ms Image
image/svg+xml 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-monogram-white.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6260ec37635d4bf6de6c5a19ee5afd3ddac9807858accda9fe27fb102b0306a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe9264ea97e01db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 808
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17358-MDW, cache-fra19156-FRA
expires: Wed, 05 Apr 2023 20:06:42 GMT
last-modified: Sun, 03 Apr 2022 01:53:12 GMT
server: cloudflare
traceparent: 00-ad7034c54aa646b98f8b12075c8fb3e8-8cfea3d049e677ac-00
x-timer: S1650396300.444593,VS0,VE1
etag: W/"6248fe08-59d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: bec5a079-b452-11ec-8b2b-aa0e25b4ae92
x-cloud-trace-context: ad7034c54aa646b98f8b12075c8fb3e8/10159737924382783404;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-zvfwh

GET
H2 200 cfr-logo-grey.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 5 KB
3 KB 216ms
215ms Image
image/svg+xml 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-logo-grey.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88c718b918764a88fb43e244368d824167eca1b7d4b5586f428d2c654f5db084

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe9264ea98001db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 2431
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17358-MDW, cache-hhn4052-HHN
expires: Wed, 19 Apr 2023 22:02:49 GMT
last-modified: Mon, 18 Apr 2022 00:37:28 GMT
server: cloudflare
traceparent: 00-9d73c1995eed46d29eefff1f48583ae6-b0023d788ed1a1d1-00
x-timer: S1650408108.500629,VS0,VE1
etag: W/"625cb2c8-131d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: 49413d17-bf63-11ec-a1ba-564a52df1d80
x-cloud-trace-context: 9d73c1995eed46d29eefff1f48583ae6/12682767088630211025;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-jqprh

GET
H2 200 fb.png
www.cfr.org/themes/custom/cfr_interactives/images/ 361 B
735 B 195ms
193ms Image
image/png 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/fb.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 858ab6f5b4ffcfc2c7d2a766d0280c773155d12419e4413afabaabbfbd327178

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe9264ea98201db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 361
x-served-by: cache-mdw17376-MDW, cache-hhn4062-HHN
expires: Sat, 01 Apr 2023 19:11:23 GMT
last-modified: Thu, 31 Mar 2022 19:03:21 GMT
server: cloudflare
traceparent: 00-1bf78421fa174ee8829e631dcfb3283d-70fe2f3708b5cf02-00
x-timer: S1650368423.246213,VS0,VE1
etag: "6245faf9-169"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 5ada12f7-b126-11ec-90c9-c2ea4801bb9c
x-cloud-trace-context: 1bf78421fa174ee8829e631dcfb3283d/8141997089748274946;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-2h5j7

GET
H2 200 tw.png
www.cfr.org/themes/custom/cfr_interactives/images/ 566 B
949 B 225ms
224ms Image
image/png 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/tw.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0b3d5944c5c487975713c560c2f2d231833194d6e17a234e543bf5008c4a0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe9264ea98301db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 566
x-served-by: cache-mdw17370-MDW, cache-hhn4072-HHN
expires: Sat, 01 Apr 2023 19:05:08 GMT
last-modified: Thu, 31 Mar 2022 19:03:21 GMT
server: cloudflare
traceparent: 00-c1313ee628454e85b01b1f5b37bdacf0-8d3c07f7cac390b4-00
x-timer: S1650408108.502472,VS0,VE1
etag: "6245faf9-236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 7b45c356-b125-11ec-8365-5e704e22f4b6
x-cloud-trace-context: c1313ee628454e85b01b1f5b37bdacf0/10177018018790609076;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-cnstd

GET
H2 200 linkedin.png
www.cfr.org/themes/custom/cfr_interactives/images/ 477 B
832 B 196ms
194ms Image
image/png 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/linkedin.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25339168c3002c3963458b77ea5958b13ff3f5360d3ade657ec02e9a15241f2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe9264ea98501db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 477
x-served-by: cache-mdw17348-MDW, cache-hhn4059-HHN
expires: Sun, 16 Apr 2023 08:10:01 GMT
last-modified: Wed, 13 Apr 2022 12:53:11 GMT
server: cloudflare
traceparent: 00-80a3446f953643d88a59087f28fbb21f-e6b2fe559351d262-00
x-timer: S1650368423.266051,VS0,VE1
etag: "6256c7b7-1dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 731b0923-bc93-11ec-b93f-a2c7c03b7d3e
x-cloud-trace-context: 80a3446f953643d88a59087f28fbb21f/16623628818075210338;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-5rbmp

GET
H2 200 email.png
www.cfr.org/themes/custom/cfr_interactives/images/ 2 KB
2 KB 302ms
301ms Image
image/png 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/email.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16dca0578c5dad27c98ceb0f111551005f088753941e0e7477cfd6b6418eff10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe9264ea98801db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 1604
x-served-by: cache-mdw17379-MDW, cache-fra19156-FRA
expires: Fri, 14 Apr 2023 23:26:22 GMT
last-modified: Wed, 13 Apr 2022 20:36:42 GMT
server: cloudflare
traceparent: 00-5f9918614b674c99b25ab13892fc9186-b2fc3c802d0b69e5-00
x-timer: S1650408108.585945,VS0,VE2
etag: "6257345a-644"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 2165356b-bb81-11ec-a33b-6a0231a91d36
x-cloud-trace-context: 5f9918614b674c99b25ab13892fc9186/12897249954091461093;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-sjzth

GET
H2 200 email-decode.min.js Show response
www.cfr.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
831 B 14ms
14ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 11:16:45 GMT
server: cloudflare
etag: W/"62555f9d-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6fe9264c3f3401db-ZRH
vary: Accept-Encoding
expires: Thu, 21 Apr 2022 22:41:46 GMT

GET
H2 200 js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js Show response
www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/ 778 KB
226 KB 150ms
150ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

e8ec246be847bd1e0fb874b1fa30d5e86d0c7a545100701c61466cb274a24fba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-lwhnb
x-served-by: cache-mdw17368-MDW, cache-fra19160-FRA
x-timer: S1650260271.385840,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 66c5b236-b125-11ec-befc-827ec85074c7
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: ef330c04fba74c48aa3db30073f99f21/3804534434668529470;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 230303
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-ef330c04fba74c48aa3db30073f99f21-34cc6be93a28c73e-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264cefc101db-ZRH

GET
H2 200 ygq0fud.js Show response
use.typekit.net/ 17 KB
7 KB 191ms
135ms Script
text/javascript 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ygq0fud.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

1fc25c6ef9e9f8c6c661521910a0d4d6daa67795b49fd275799e5b52ff4fa7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Tue, 19 Apr 2022 22:41:47 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6649

GET
H2 200 js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js Show response
www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/ 689 KB
160 KB 293ms
292ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

81c4d4938e8222055bd3392ebcac90f52469848f54a02a36cbbcdd4402cdaa48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-2h5j7
x-served-by: cache-mdw17344-MDW, cache-fra19180-FRA
x-timer: S1650260271.483050,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 7bc44356-b125-11ec-90c9-c2ea4801bb9c
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 96bdb1fdbadb4612b04227b113f8be19/9343816227866854069;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 163180
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-96bdb1fdbadb4612b04227b113f8be19-81abe75a8488c2b5-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264e693601db-ZRH

GET
H2 200 eu_cookie_compliance.js Show response
www.cfr.org/cdn/ff/vXTTwiYJwISsM1d971vkeBkODBIrSuGclrozxpKT0R8/1649764438/:relative:/modules/contrib/eu_cookie_compliance/js/ 58 KB
9 KB 217ms
216ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/vXTTwiYJwISsM1d971vkeBkODBIrSuGclrozxpKT0R8/1649764438/:relative:/modules/contrib/eu_cookie_compliance/js/eu_cookie_compliance.js?v=1.19

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

12d4333dcb06732662dc11038f64c540376dd42f9ece747a2c9a4f22b6760821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-8g5bs
x-served-by: cache-mdw17323-MDW, cache-fra19145-FRA
x-timer: S1650408108.500259,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 81fad026-ba5c-11ec-bbb0-022df9d6f5fb
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: dc8024976f6e46019d53e96401b4b8f2/18347050893782361949;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: MISS
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 9043
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-dc8024976f6e46019d53e96401b4b8f2-fe9dd194bfe9275d-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264ea98901db-ZRH

GET
H2 200 js_SKCzW6eupnaDuc9nhV-4x5vc3GvKS6lR_dvSO4nXkLU.js Show response
www.cfr.org/cdn/ff/CiowIbPUHeyhZ8gnIJkGZm5K0Kho9uiBt6Fb7peMl6I/1648753473/public/js/ 7 KB
3 KB 197ms
194ms Script
application/javascript 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/CiowIbPUHeyhZ8gnIJkGZm5K0Kho9uiBt6Fb7peMl6I/1648753473/public/js/js_SKCzW6eupnaDuc9nhV-4x5vc3GvKS6lR_dvSO4nXkLU.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

48a0b35ba7aea67683b9cf67855fb8c79bdcdc6bca4ba951fddbd23b89d790b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-k9k8g
x-served-by: cache-mdw17324-MDW, cache-fra19141-FRA
x-timer: S1650396299.734879,VS0,VE94
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: d86b4830-b53b-11ec-b916-86f34e631ba9
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 641e30356f364b01ac9f33de15aa01d2/4142394311226973013;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 1936
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-641e30356f364b01ac9f33de15aa01d2-397cbdadc0485b55-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe9264ea97901db-ZRH

GET
H2 200 320b78
hello.myfonts.net/count/ 0
353 B 99ms
37ms Stylesheet
text/css 2606:4700::6811:f349
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hello.myfonts.net/count/320b78
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:f349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: cloudflare
age: 1
expect-ct: null
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 6fe9264cbc1a021d-ZRH
content-length: 0
expires: Wed, 19 Apr 2023 22:41:47 GMT

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 49ms
18ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617
age: 31274922
cdn-cachedat: 2021-04-23 01:07:22
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 1e0763d9c4fa9b0b2a42b4408ee65d0f
cf-ray: 6fe9264c7bdf021d-ZRH
cdn-requestcountrycode: CH
cdn-requestpullsuccess: True

GET
H2 200 1.css
fast.fonts.net/t/ 0
224 B 35ms
35ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=69fdb849-9596-41e2-bfcd-fbef96cc9216
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
cf-cache-status: HIT
age: 378046
cf-ray: 6fe9264e781c0208-ZRH
content-length: 0
x-amz-id-2: LYzftFaL1hmaay4uFRLgMKUIjkJ/HITm1esXsXmgnPr1jxOxpa0I7F24Pz7D+0vdX2M2HMVkhUM=
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: Y46VC3XXCC5ME47F
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1519217722

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 247 KB
70 KB 50ms
27ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b6216800634d559022c519ec8a7cc05aa64727d0f10fdc213bb5cee26fada9ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71497
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:41:47 GMT

GET
H2

200

320B78_3_0.woff2
www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/
Redirect Chain

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2

42 KB
42 KB

165ms
165ms

Font
font/woff2

2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dad1738d16a4a903c1e60e47a7bc561699983e53859269575bc4074d738ba86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe9264ffae101db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 2
vary: Accept-Encoding
content-length: 42748
x-served-by: cache-mdw17365-MDW, cache-fra19180-FRA
expires: Tue, 11 Apr 2023 16:20:40 GMT
last-modified: Sat, 09 Apr 2022 00:36:49 GMT
server: cloudflare
traceparent: 00-be6b9a9b7c814d4cbee99982deb0fe32-49d6ffecece53697-00
x-timer: S1650408108.648857,VS0,VE1
etag: "6250d521-a6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
x-styx-req-id: 29af5b07-b8ea-11ec-b916-86f34e631ba9
x-cloud-trace-context: be6b9a9b7c814d4cbee99982deb0fe32/5320721402836629143;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-k9k8g

Redirect headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: cloudflare
location: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
x-robots-tag: all
cf-ray: 6fe9264eb99701db-ZRH
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
content-length: 0

GET
H2

200

320B78_1_0.woff2
www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/
Redirect Chain

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2

42 KB
42 KB

163ms
163ms

Font
font/woff2

2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Server: 2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd8f8bea0609488a4902819881e728bec9ce24da7b4ddc409f6e9439bea6b205

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe9264ffade01db-ZRH
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 42904
x-served-by: cache-mdw17359-MDW, cache-hhn4022-HHN
expires: Sat, 01 Apr 2023 19:11:23 GMT
last-modified: Thu, 31 Mar 2022 19:03:24 GMT
server: cloudflare
traceparent: 00-182bce9d41da4e61828f9f6f788ee3c8-d1727e2a44452e51-00
x-timer: S1650364650.083523,VS0,VE2
etag: "6245fafc-a798"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
x-styx-req-id: 5b1a6225-b126-11ec-aac2-b6d4b691b347
x-cloud-trace-context: 182bce9d41da4e61828f9f6f788ee3c8/15092264021271064145;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-q9h4q

Redirect headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: cloudflare
location: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
x-robots-tag: all
cf-ray: 6fe9264eb99801db-ZRH
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
content-length: 0

GET
H2 200 8b6420fe-9ace-4e4c-87a7-33443a3cb299.woff2
fast.fonts.net/dv2/14/ 54 KB
55 KB 485ms
459ms Font
application/octet-stream 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/8b6420fe-9ace-4e4c-87a7-33443a3cb299.woff2?d44f19a684109620e484167ca290e818d9c1120d6d0fea3d498fda0806f1e5eae97c96851e3f4384ff35ca4cfffa38c19a656128e0e2395e9e78c9e9c493fe4ccab829002d6d00c976ad63585b912a52d51da549cd071660d3261ab779a9cbcb3562db307bb363cb3ad0d44bacfcc9da8ab0a43826e97d225c7a63b26337aa2f1a97401c9867888356c8b381240ad815d8ede6416d5872768bcec0d086e32e9547d5ce747430bfda2132820d7132855394660cda7a43bf961780ab77601a42a8d05a65c788b3d4a323a0d1bd15f0723c39b84264558f5e11f265a999ccfa8a640254dbb8329ea09548676820bc6005f0fe85067349192ed693aba568cc959c&projectId=69fdb849-9596-41e2-bfcd-fbef96cc9216
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533d4bc4adee3856a32a9fb3551504a67d39cdfae04ae16510229c5af6e69ac3

Request headers

Referer: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: WDMSC7G7YCHGN3GJ
content-length: 55372
x-amz-id-2: iPFO7I/07wcIgJWjd/IVklc9PIyFrJnKASh3JQ3sAioq0ASGE0yS/TAN3okVs1vxz8n6EMw19YQ=
expires: Tue, 19 Apr 2022 22:46:47 GMT
last-modified: Sat, 14 Nov 2020 04:52:26 GMT
server: cloudflare
etag: "e6e00338332336a89212db660bdfb15a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 6fe9264eee1d01df-ZRH
x-amz-meta-mtime: 1425319654

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 184 B
495 B 198ms
130ms XHR
application/json 2a04:4e42::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=cfr.org&domain=cfr.org&path=%2Fcyber-operations%2Foperation-ghostsecret
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 62e19aefef88039342ffdf949a82726abbf2e578a995de68cf6ae0760d0cfc77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: gzip
x-cache-hits: 0
age: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 142
x-served-by: cache-mxp6964-MXP
access-control-allow-origin: *
x-timer: S1650408107.429673,VS0,VE104
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sun, 17 Apr 2022 22:41:47 GMT

GET
H3 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 33ms
18ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 718
age: 39684
cdn-cachedat: 2021-08-02 20:43:32
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 4172bb7958e7953e66dcf8659e4277ba
accept-ranges: bytes
cf-ray: 6fe9264f3e6801df-ZRH
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 amplitude-7.1.0-min.gz.js Show response
cdn.amplitude.com/libs/ 60 KB
20 KB 41ms
7ms Script
application/javascript 52.222.206.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-7.1.0-min.gz.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.178 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-178.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a9a2e998ee0fd7c858904e6a1ece449c07dea8477a51aa735b7ef1187742a102

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 23:52:33 GMT
content-encoding: gzip
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 5525355
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 19526
access-control-allow-origin: *
last-modified: Mon, 29 Jun 2020 06:18:29 GMT
server: AmazonS3
etag: "8d78d87e6eadfbd4df24e750b9c398ae"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 9zlZ7fCv5jRdo6qeyQG2EZMqwYjFbDWy
via: 1.1 33febf2d58aeb0618cba096d54cae018.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: hLcHyVLlDRNXEcF1ywpadIqENGREEdoo-_bKlBQ5j2URPUYUYiYVJw==

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 49ms
27ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

694d8fc000129e93ffaaad7d7573313f9fce12cbe3455fdb055fce9c36a21705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 19 Apr 2022 22:41:47 GMT

GET
H2 200 hotjar-1768366.js Show response
static.hotjar.com/c/ 4 KB
2 KB 55ms
20ms Script
application/javascript 108.157.4.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1768366.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-113.dus51.r.cloudfront.net

Software

Resource Hash

6ebf822896f62e201e0e985cabc106c5d47a27ba846a859a550610532f7808d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1901
access-control-allow-origin: *
x-cache-hit: 1
etag: W/75634000c67bab039d5765289dbad5c2
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
cache-control: max-age=60
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: I9a4NT-dmY0Ytpq9hhI2lxxIJgQyGtM3DwpsJJODlTQPUx3KX2B2AQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: Vqrqe4cEuPPegcGjK5Li2rxLj6J5ovdW+RBzKi6j9GEb6BOExSZ7WsgdjHN3qrOPltTzc9kghvmNUlSvej4xvg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 19 Apr 2022 22:41:47 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 / Show response
api.amplitude.com/ 7 B
168 B 519ms
160ms XHR
text/html 52.35.241.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-7.1.0-min.gz.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.241.239 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-241-239.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.cfr.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 19 Apr 2022 22:41:47 GMT
content-length: 7
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/ 152 KB
49 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8168a10196e8806277248bfe5a5d7c7dd3936dd15eddbe4bb52c49d108321d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:10:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1850
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50468
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 00:11:53 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 19 Apr 2023 22:10:57 GMT

GET
H2 200 modules.0076bf93c385ddf0ff58.js Show response
script.hotjar.com/ 239 KB
63 KB 55ms
10ms Script
application/javascript 108.157.4.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1768366.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-45.dus51.r.cloudfront.net

Software

Resource Hash

e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 10:49:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 561161
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63817
access-control-allow-origin: *
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
etag: "838915b4bc2438e3190a8320d0520962"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 b0067143f1e1520182fe27b53cced2a6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: O3MDt3UO85dHyQowipoNyKR5u83cQj2C86exBg-9pX_amGXF9DRBJg==

GET
H3 200 1714601028806149 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1714601028806149?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c8c5680917d5b71eef16f83c0faac8912db660d5337b834074f9e6e17b82a36b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 89189
x-xss-protection: 0
pragma: public
x-fb-debug: hi+Q4OQHXGz3Zgk2gKPPUMZg+xKV7XJ7T8TUTPBAsawcuhulMSxeN7PAaOxhF0TzphDlp/JHrxeE0xwReKtRKQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:41:47 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 25ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1714601028806149&ev=PageView&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret&rl=&if=false&ts=1650408106901&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1650408106898.447151773&it=1650408106842&coo=false&exp=p0&rqm=GET

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 19 Apr 2022 22:41:47 GMT

GET
H2 200 l
use.typekit.net/af/502632/00000000000000000001748f/27/ 22 KB
22 KB 68ms
28ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/502632/00000000000000000001748f/27/l?subset_id=1&fvd=n4&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a3f8eef8811877a6d90ea98c65f5f65ecaf55156b7e3daf2344cd42b9bcffe09

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: nginx
etag: "67de382613545a8d856bebf617df6207953bcca8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22772

GET
H2 200 l
use.typekit.net/af/0098d0/000000000000000000017490/27/ 22 KB
23 KB 60ms
21ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0098d0/000000000000000000017490/27/l?subset_id=1&fvd=i4&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 784f301f5fedd36f20fe297ce9ba6554ccb14585a4c0781eb6a1b919184db764

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: nginx
etag: "99c1499906537400d974e50dabcd06ae06fb74f1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22848

GET
H2 200 l
use.typekit.net/af/fb58b1/000000000000000000017493/27/ 22 KB
22 KB 65ms
26ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/fb58b1/000000000000000000017493/27/l?subset_id=1&fvd=n7&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 966fa640940030dfce1169bd82f9029043add4c9c836f71df739d496cdab1814

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
server: nginx
etag: "6204cf9074abc4f1d2b021fa96f9ebb9dd0570df"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22724

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1c2f042f026160356ba3ba2cab8afa1838687b82f3de2700d9f2bf449ad3f50d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: t4ssFNE4R2loZXScKP7/PQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: l8/NHon9luO4Z8URjBlcgFerXhjoBGv+fU4p4r2q8Hip1Ti8GoFxRDlFP1LUxTv2Z7iWwz1lx0CLh4LBfdGiLA==
x-fb-content-md5: ae72c2a4b32386b6d547631af1af89fb
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:41:47 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "34d04959ef4649e371742c1ef8aef8bc"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 19 Apr 2022 22:49:16 GMT

GET
H2 200 cfr-wrapper Show response
www.cfr.org/site-api/ 154 KB
35 KB 175ms
174ms XHR
text/html 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/site-api/cfr-wrapper

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07755cd06d517fac17e880efe46f0f04f4b483b28a895e14da4e61dd20048d47

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
age: 27404
x-pantheon-styx-hostname: styx-fe4-b-545d78fdf9-pxhrf
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
x-served-by: cache-mdw17380-MDW, cache-fra19158-FRA
x-timer: S1650408108.784193,VS0,VE2
vary: Accept-Encoding, Cookie, Cookie, Cookie
access-control-allow-methods: POST, GET, OPTIONS
content-language: en
x-styx-req-id: 16fa67f5-bff2-11ec-b10e-a283ce57c544
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: ee4a8654363c4d3ca8f797b46e73f475/14506784591039854619;o=0
cache-control: max-age=86400, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:41:47 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
access-control-allow-origin: *
x-cache: HIT, HIT
x-drupal-dynamic-cache: MISS
x-ua-compatible: IE=edge
link: <//cdn.cfr.org>; rel=preconnect; crossorigin, <//cdn.cfr.org>; rel=dns-prefetch
last-modified: Tue, 19 Apr 2022 15:05:03 GMT
server: cloudflare
traceparent: 00-ee4a8654363c4d3ca8f797b46e73f475-c95273b9ae0a781b-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
cf-ray: 6fe92650abda01db-ZRH
x-drupal-cache: MISS

GET
H2 200 eu-cookie-compliance-check Show response
www.cfr.org/ 29 B
419 B 346ms
346ms XHR
application/json 2606:4700::6812:8ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/eu-cookie-compliance-check

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cb9b278e1e74917ae3942b081796752d22110b9d419e716e510f70a6756862f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cfr.org/cyber-operations/operation-ghostsecret
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
age: 0
x-pantheon-styx-hostname: styx-fe4-a-6f6b44d5b8-mvn5f
x-served-by: cache-mdw17341-MDW, cache-fra19182-FRA
x-timer: S1650408108.830989,VS0,VE185
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
x-styx-req-id: e58ef2b8-c031-11ec-8a74-c29ac26ce6e1
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 2c600fae85164af6948297cd965f7b7d/15930957148105524375;o=0
cache-control: private, must-revalidate
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-cache-hits: 0, 0
date: Tue, 19 Apr 2022 22:41:48 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
access-control-allow-origin: *
x-cache: MISS, MISS
content-length: 49
x-ua-compatible: IE=edge
server: cloudflare
traceparent: 00-2c600fae85164af6948297cd965f7b7d-dd16211ed0ccc497-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 6fe926510c2301db-ZRH

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 92 KB
36 KB 154ms
15ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-PWR4BQ4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a8c038d491b388ce9c38f4f2e8aa587f688bf9f89954cdd2a79c3973031e5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36678
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:41:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 142ms
8ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4017
date: Tue, 19 Apr 2022 21:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 19 Apr 2022 23:34:50 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 288 KB
82 KB 16ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=229411025d1c0b7c11b813c67a26233e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f241575bf81fb74f0146bb65e27bc29b2b66257363efcc8d1f5a800ce7718bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: NyB2lte42ghCv9f5+VcBIw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84316
x-fb-rlafr: 0
x-fb-debug: T5MgkSQtIrhLUOLqJF4KtWOewcWRZI6Z08lWkeJg95oh7xe9eFCogv6jOkw1o2oAfPyBjrpIZ8k9K1PYm5Q0QA==
x-fb-content-md5: 8adadbf975c60a3f133a969c9048042e
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:41:47 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "919b1acea994eedf5b586bdf4c456da7"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 19 Apr 2023 19:33:49 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 133ms
13ms Image
image/gif 2a02:26f0:f7::5c7b:e034
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=ygq0fud&ht=tk&h=www.cfr.org&f=1883.1884.1885&a=6042891&js=1.21.0&app=typekit&e=js&_=1650408107064
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e034 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:47 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 box-4924254a9ce4dc9b959b6e4a9b662d60.html Show response
vars.hotjar.com/ Frame BF4E 2 KB
1 KB 38ms
10ms Document
text/html 108.157.4.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1768366.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-102.dus51.r.cloudfront.net
Software: /
Resource Hash: 67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer: https://www.cfr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 561161
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 13 Apr 2022 10:49:06 GMT
etag: "1635635016e428baa170305e9282c34a"
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
vary: Accept-Encoding
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
x-amz-cf-id: eGlKEnuKvpC6dv190QZfQnqB8Y-XK3JSKa-bil8sQ-2pE416AaY9eg==
x-amz-cf-pop: DUS51-P2
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
440 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3596942-1&cid=1995404103.1650408107&jid=478979424&gjid=310949945&_gid=734588030.1650408107&_u=aGBAiEABRAAAAE~&z=1185320593

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cfr.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 19 Apr 2022 22:41:47 GMT
content-type: text/plain
access-control-allow-origin: https://www.cfr.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
6ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=308294302&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret&ul=en-us&de=UTF-8&dt=Operation%20GhostSecret%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiEABR~&jid=478979424&gjid=310949945&cid=1995404103.1650408107&tid=UA-3596942-1&_gid=734588030.1650408107&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1654&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&z=713439920

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 21:05:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5771
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-1215.min.js Show response
js-agent.newrelic.com/ 36 KB
14 KB 30ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1215.min.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: mrZZlI3m.d3cabi4HqLBBkr4pQ2c77UF
content-encoding: gzip
etag: "615035bb6557b191e767e19087efabaf"
x-amz-request-id: EWYKNSDS3SGP7J1G
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 13666
x-amz-id-2: xxzn1QDlYmq6N+dWx6DIEnl7oBswakSr9uPTKrfd3YHMAS78y2n12m8ja5lbRwWvRpD2pTxUnqA=
x-served-by: cache-hhn4023-HHN
last-modified: Mon, 24 Jan 2022 22:13:53 GMT
server: AmazonS3
x-timer: S1650408108.973234,VS0,VE0
date: Tue, 19 Apr 2022 22:41:47 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2829

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 8ms
7ms Script
application/x-javascript 2600:9000:2156:8e00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8e00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 094a02cb7e067f306e94e6c08963acd1164d9787e53ae8cb7fa3930198decfa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:10:52 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:05:19 GMT
server: nginx
age: 1854
etag: W/"625613bf-11346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: PHoc9OITemH4YjTreFMa-8RAmmn-y5tumEScNM7GJ0bmrQhyGOZQkA==
expires: Wed, 20 Apr 2022 00:10:52 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 9ms
9ms Script
application/x-javascript 2600:9000:2156:8e00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/operation-ghostsecret
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8e00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: bcb8040a38eb5f6cfc9b625c2b0f2045e4636b5c1f8ba39ffdb4f0f2ebed6046

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:05:56 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:03:51 GMT
server: nginx
age: 2151
etag: W/"62561367-8e65"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: dnQXWw0agy5syjf4ascfu98VvyOOb5i-xNT-mXMv_5ULZzWqMLliTQ==
expires: Wed, 20 Apr 2022 00:05:56 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=308294302&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret&ul=en-us&de=UTF-8&dt=Operation%20GhostSecret%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=25%25&_u=aGDAiEABRAAAAE~&jid=&gjid=&cid=1995404103.1650408107&tid=UA-3596942-1&_gid=734588030.1650408107&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1654&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&cm1=1&z=2005412700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 21:05:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5771
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=308294302&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret&ul=en-us&de=UTF-8&dt=Operation%20GhostSecret%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=50%25&_u=aGDAiEABRAAAAE~&jid=&gjid=&cid=1995404103.1650408107&tid=UA-3596942-1&_gid=734588030.1650408107&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1654&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&cm1=1&z=84105389

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 21:05:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5771
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 41ms
18ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3596942-1&cid=1995404103.1650408107&jid=478979424&_u=aGBAiEABRAAAAE~&z=872004303

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:41:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 45ms
18ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3596942-1&cid=1995404103.1650408107&jid=478979424&_u=aGBAiEABRAAAAE~&z=872004303

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:41:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 296ms
98ms Image
image/gif 52.201.175.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=cfr.org&p=%2Fcyber-operations%2Foperation-ghostsecret&u=bz7bHDjK-Y2DMX_Gf&d=cfr.org&g=61524&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=1827&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1853&t=CO-zVExhj1ICZNT4frpcboBvs2KK&V=131&i=Operation%20GhostSecret%20%7C%20CFR%20Interactives&tz=0&sn=1&sv=BidhEBBrbksrBb9fUWB_Pil-hSP4X&sd=1&im=06530c43&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.201.175.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-201-175-247.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:41:48 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H/1.1 200
OK NRJS-41206ed7d43567b5fba Show response
bam-cell.nr-data.net/1/ 49 B
1 KB 286ms
261ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRJS-41206ed7d43567b5fba?a=629193583&v=1215.1253ab8&to=bgNRNkIAWEFYUkALCVdJcgFECFlcFkFVBQNmBVIBWAQ%3D&rst=1915&ck=1&ref=https://www.cfr.org/cyber-operations/operation-ghostsecret&ap=56&be=646&fe=1854&dc=1567&perf=%7B%22timing%22:%7B%22of%22:1650408105415,%22n%22:0,%22r%22:0,%22re%22:273,%22f%22:273,%22dn%22:273,%22dne%22:273,%22c%22:273,%22ce%22:273,%22rq%22:274,%22rp%22:613,%22rpe%22:617,%22dl%22:617,%22di%22:1566,%22ds%22:1566,%22de%22:1591,%22dc%22:1853,%22l%22:1853,%22le%22:1859%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1478&fcp=1478&at=QkRSQAoaS08%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1215.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:41:48 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Connection: keep-alive
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmehaKe3K%2BkBXpF8zF19YTotHhmN68lVw1DrJ7g6nlVi4ZIrb8uFYER%2BUvJ7WX9%2FM5TYM%2BhND%2Bi6LvHoA0tnefnxLTV98bOSoQr2Kg99I5MIY%2FyQO7jAXyTq8K%2FYSbIn0i%2BeuNE2"}],"group":"cf-nel","max_age":604800}
Content-Type: text/javascript
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
CF-Ray: 6fe926533c8b5c44-FRA

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1714601028806149&ev=Microdata&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret&rl=&if=false&ts=1650408107405&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Operation%20GhostSecret%20%7C%20CFR%20Interactives%22%2C%22meta%3Adescription%22%3A%22A%20threat%20actor%20targets%20critical%20infrastructure%20and%20organizations%20in%20the%20entertainment%2C%20finance%2C%20health-care%2C%20education%2C%20and%20telecommunications%20sectors.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Council%20on%20Foreign%20Relations%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Foperation-ghostsecret%22%2C%22og%3Atitle%22%3A%22Connect%20the%20Dots%20on%20State-Sponsored%20Cyber%20Incidents%20-%20Operation%20GhostSecret%22%2C%22og%3Adescription%22%3A%22A%20threat%20actor%20targets%20critical%20infrastructure%20and%20organizations%20in%20the%20entertainment%2C%20finance%2C%20health-care%2C%20education%2C%20and%20telecommunications%20sectors.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cfr.org%2Finteractive%2Fsites%2Fdefault%2Ffiles%2F2017-07%2Fcst-map_0.png%22%2C%22og%3Astreet_address%22%3A%2258%20East%2068th%20Street%22%2C%22og%3Alocality%22%3A%22New%20York%22%2C%22og%3Aregion%22%3A%22NY%22%2C%22og%3Apostal_code%22%3A%2210065%22%2C%22og%3Acountry_name%22%3A%22USA%22%2C%22og%3Aphone_number%22%3A%221.212.434.9400%22%2C%22og%3Afax_number%22%3A%221.212.434.9800%22%2C%22og%3Alocale%22%3A%22en_US%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1650408106898.447151773&it=1650408106842&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:41:48 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 19 Apr 2022 22:41:48 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.myfonts.net/	1970-01-20 02:26:49	Name: __cf_bm Value: R1w5_0021jcKTf9Q.iBUrXKW4By.E2zKCABhTaR_sC4-1650408107-0-AZKvUnQFLAXjfGZuZ9VXuxsPEm6kSWQufHKazLoKYfOX0xMozMNqG4db63MKRoVRYh7B8xKkyzTnyG2K7C8wauI=
.fonts.net/	1970-01-20 02:26:49	Name: __cf_bm Value: d7nxtzWuxXO0JvKdShr2wjjbpUWUA1T0jtrJjH9t24U-1650408107-0-AYkZe0Gh552fRmW1e8+cUKLtxhCx1HoRq9qwIQ2hpvZCJEZOmLjRDZf+eytM22ZDd7403u9JSQDxkUpB76Lr65Y=
www.cfr.org/	1970-01-20 11:55:36	Name: _cb_ls Value: 1
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: SBtAL08D05A
.youtube.com/	1970-01-20 06:46:00	Name: VISITOR_INFO1_LIVE Value: 0DqP5fW4sws
.cfr.org/	1970-01-23 18:02:48	Name: amp_2be1ae Value: M4wTC-bIV7CyXaQXBQbmT4...1g11vqaq5.1g11vqaq6.1.0.1
.cfr.org/	1970-01-20 04:36:24	Name: _fbp Value: fb.1.1650408106898.447151773
.facebook.com/	1970-01-20 04:36:24	Name: fr Value: 03D0yrRVT8fUvH0rM..BiXzqr...1.0.BiXzqr.
.cfr.org/	1970-01-20 19:58:00	Name: _ga Value: GA1.2.1995404103.1650408107
.cfr.org/	1970-01-20 02:28:14	Name: _gid Value: GA1.2.734588030.1650408107
.cfr.org/	1970-01-20 02:26:48	Name: _dc_gtm_UA-3596942-1 Value: 1
.cfr.org/	1970-01-20 11:12:24	Name: _hjSessionUser_1768366 Value: eyJpZCI6ImFkNjBkNTQ2LTU0ZjgtNWMyOS04N2FkLTI5Y2MwNzdkYzQ4OCIsImNyZWF0ZWQiOjE2NTA0MDgxMDY5NzUsImV4aXN0aW5nIjpmYWxzZX0=
.cfr.org/	1970-01-20 02:26:49	Name: _hjFirstSeen Value: 1
.cfr.org/	1970-01-20 02:26:49	Name: _hjSession_1768366 Value: eyJpZCI6IjcwNmY4M2IyLWQ0NDItNDE1Ni04NTc2LTEwNzFhMzcyMDY1NSIsImNyZWF0ZWQiOjE2NTA0MDgxMDcyODAsImluU2FtcGxlIjpmYWxzZX0=
.cfr.org/	1970-01-20 02:26:49	Name: _hjAbsoluteSessionInProgress Value: 0
www.cfr.org/	1970-01-20 11:55:36	Name: _cb Value: bz7bHDjK-Y2DMX_Gf
www.cfr.org/	1970-01-20 11:55:36	Name: _chartbeat2 Value: .1650408107313.1650408107313.1.BidhEBBrbksrBb9fUWB_Pil-hSP4X.1
www.cfr.org/	1970-01-20 02:26:49	Name: _cb_svref Value: null
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 7a9358d22a8bcaf1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.amplitude.com
bam-cell.nr-data.net
cdn.amplitude.com
connect.facebook.net
fast.fonts.net
hello.myfonts.net
js-agent.newrelic.com
mab.chartbeat.com
p.typekit.net
ping.chartbeat.net
script.hotjar.com
stackpath.bootstrapcdn.com
static.chartbeat.com
static.hotjar.com
stats.g.doubleclick.net
use.typekit.net
vars.hotjar.com
www.cfr.org
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
108.157.4.102
108.157.4.113
108.157.4.45
151.101.130.137
162.247.243.146
2600:9000:2156:8e00:18:1fcd:34f:cdc1
2606:4700::6811:e14e
2606:4700::6811:f349
2606:4700::6812:8ee
2606:4700::6812:acf
2a00:1450:4001:812::200e
2a00:1450:4001:813::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::2008
2a00:1450:400c:c0c::9a
2a02:26f0:f7::5c7b:e031
2a02:26f0:f7::5c7b:e034
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::714
52.201.175.247
52.222.206.178
52.35.241.239
07755cd06d517fac17e880efe46f0f04f4b483b28a895e14da4e61dd20048d47
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
094a02cb7e067f306e94e6c08963acd1164d9787e53ae8cb7fa3930198decfa8
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12d4333dcb06732662dc11038f64c540376dd42f9ece747a2c9a4f22b6760821
16dca0578c5dad27c98ceb0f111551005f088753941e0e7477cfd6b6418eff10
18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb
1c2f042f026160356ba3ba2cab8afa1838687b82f3de2700d9f2bf449ad3f50d
1fc25c6ef9e9f8c6c661521910a0d4d6daa67795b49fd275799e5b52ff4fa7e2
25339168c3002c3963458b77ea5958b13ff3f5360d3ade657ec02e9a15241f2c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26f8d565fdb6955aea043a689b6c2852a0cbd241ff88e1fe17d19a915f2126f1
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cb9b278e1e74917ae3942b081796752d22110b9d419e716e510f70a6756862f
3d0dbc13717a3726b829dbaf9d95b84cefc928c4bcef09a169104accd77fdc2e
441e4e3fe5729e0accb9821c52fe1bad58dd4f340b690dd2e2f92e4a56dc9349
48a0b35ba7aea67683b9cf67855fb8c79bdcdc6bca4ba951fddbd23b89d790b5
4a8c038d491b388ce9c38f4f2e8aa587f688bf9f89954cdd2a79c3973031e5d3
4be319fc7e78bf1beb5b73bb76e33e445bf3170ebcd66fd72639743115287a2a
4dad1738d16a4a903c1e60e47a7bc561699983e53859269575bc4074d738ba86
533d4bc4adee3856a32a9fb3551504a67d39cdfae04ae16510229c5af6e69ac3
5e0b3d5944c5c487975713c560c2f2d231833194d6e17a234e543bf5008c4a0e
6260ec37635d4bf6de6c5a19ee5afd3ddac9807858accda9fe27fb102b0306a3
62e19aefef88039342ffdf949a82726abbf2e578a995de68cf6ae0760d0cfc77
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
694d8fc000129e93ffaaad7d7573313f9fce12cbe3455fdb055fce9c36a21705
6ebf822896f62e201e0e985cabc106c5d47a27ba846a859a550610532f7808d8
784f301f5fedd36f20fe297ce9ba6554ccb14585a4c0781eb6a1b919184db764
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81c4d4938e8222055bd3392ebcac90f52469848f54a02a36cbbcdd4402cdaa48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8453061497d124a660ee2c931babfe222b28a09904ff3b3e73a9c9039c954428
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858ab6f5b4ffcfc2c7d2a766d0280c773155d12419e4413afabaabbfbd327178
88c718b918764a88fb43e244368d824167eca1b7d4b5586f428d2c654f5db084
966fa640940030dfce1169bd82f9029043add4c9c836f71df739d496cdab1814
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a33500d7eabf250701db0bae6a44440ba4d5a8f4539c9aca333af31b0fe84f32
a3f8eef8811877a6d90ea98c65f5f65ecaf55156b7e3daf2344cd42b9bcffe09
a9a2e998ee0fd7c858904e6a1ece449c07dea8477a51aa735b7ef1187742a102
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b6216800634d559022c519ec8a7cc05aa64727d0f10fdc213bb5cee26fada9ba
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
b982480e5550c9eb095ce609def69d6a31c2a1ecbe4a1d4119b63f2127a118d9
bcb8040a38eb5f6cfc9b625c2b0f2045e4636b5c1f8ba39ffdb4f0f2ebed6046
bd8f8bea0609488a4902819881e728bec9ce24da7b4ddc409f6e9439bea6b205
c27689acf09443c53ff547643bd6485954e4220e6bb04de4698ba05ad2fece7b
c8c5680917d5b71eef16f83c0faac8912db660d5337b834074f9e6e17b82a36b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8168a10196e8806277248bfe5a5d7c7dd3936dd15eddbe4bb52c49d108321d9
e8ec246be847bd1e0fb874b1fa30d5e86d0c7a545100701c61466cb274a24fba
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f241575bf81fb74f0146bb65e27bc29b2b66257363efcc8d1f5a800ce7718bc0

www.cfr.org Open in urlscan Pro 2606:4700::6812:8ee Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

97 %HTTPS

67 %IPv6

19 Domains

24 Subdomains

24 IPs

3 Countries

1456 kBTransfer

4737 kBSize

19 Cookies

8 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.cfr.org Open in urlscan Pro
2606:4700::6812:8ee Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

97 %
HTTPS

67 %
IPv6

19
Domains

24
Subdomains

24
IPs

3
Countries

1456 kB
Transfer

4737 kB
Size

19
Cookies

61 HTTP transactions
0 data transactions