urlscan.io logo urlscan.io
SecurityTrails logo

ghoststealer.com Open in urlscan Pro
2606:4700:3030::6815:50fc  Public Scan

Go To Rescan Add Verdict Report
URL: https://ghoststealer.com/
Submission: On January 31 via manual from CZ — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3030::6815:50fc, located in United States and belongs to CLOUDFLARENET, US. The main domain is ghoststealer.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 30th 2022. Valid for: a year.
This is the only time ghoststealer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 162.159.133.232 13335 (CLOUDFLAR...)
1 141.193.213.21 209242 (CLOUDFLAR...)
1 151.101.66.217 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
12 8
3    2606:4700:3030::6815:50fc (United States)

ASN13335 (CLOUDFLARENET, US)
ghoststealer.com
3    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.google.com
1    162.159.133.232 (None, )

ASN13335 (CLOUDFLARENET, US)
media.discordapp.net
1    141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.withum.com
1    151.101.66.217 (United States)

ASN54113 (FASTLY, US)
images.contentstack.io
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227
164 KB
3 ghoststealer.com
ghoststealer.com
5 KB
1 gstatic.com
fonts.gstatic.com
8 KB
1 contentstack.io
images.contentstack.io — Cisco Umbrella Rank: 13107
79 KB
1 withum.com
www.withum.com — Cisco Umbrella Rank: 315546
283 KB
1 discordapp.net
media.discordapp.net — Cisco Umbrella Rank: 4730
40 KB
1 google.com
fonts.google.com — Cisco Umbrella Rank: 31215
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
1 KB
12 8
Domain Requested by
3 cdnjs.cloudflare.com ghoststealer.com
cdnjs.cloudflare.com
3 ghoststealer.com ghoststealer.com
1 fonts.gstatic.com fonts.googleapis.com
1 images.contentstack.io ghoststealer.com
1 www.withum.com ghoststealer.com
1 media.discordapp.net ghoststealer.com
1 fonts.google.com ghoststealer.com
1 fonts.googleapis.com ghoststealer.com
12 8

This site contains links to these domains. Also see Links.

Domain
discord.gg
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-30 -
2023-01-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
discordapp.net
Cloudflare Inc ECC CA-3		 2021-11-03 -
2022-11-02		 a year crt.sh
www.withum.com
Go Daddy Secure Certificate Authority - G2		 2020-08-13 -
2022-10-12		 2 years crt.sh
*.contentstack.io
GlobalSign Atlas R3 DV TLS CA 2020		 2021-05-03 -
2022-06-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-01-10 -
2022-04-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ghoststealer.com/
Frame ID: 80D6E0FADC62A5B2F9D23764C11C4A9D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ghost

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

12
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

580 kB
Transfer

633 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ghoststealer.com/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ghoststealer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:50fc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27e3f19a01c1d241cb530eebb2b4dd7ae7e51c5a73a41ca9b6b65762ce196caf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Mon, 31 Jan 2022 18:36:46 GMT
content-type
text/html; charset=utf-8
access-control-allow-origin
*
expect-ct
max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster
global
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FB9dzTqN%2BW15rUuBzqZ8GMAqR%2FUwXrYyAGlB9QwUCuczDqfMhfhL%2F%2BWL26DeGnbtoJqgCtOcSm9%2BaLjAJ6AzAsGS195DqZ35Qtik64ReW%2BWTaJvb2iFPoSOGGoQtQCXtnBI5c9fSC0lHUOOwH4RQ"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6d650c250ac8928f-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
404908
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10462
timing-allow-origin
*
last-modified
Mon, 13 Sep 2021 19:10:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"613fa20b-28de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6SVjrZoCAILOctXNoFck8BiasGdXj2ITxSXNxTJBTigRYKpri4o%2FF8mOnMS4lbQKnCcuvVgt0i1GVvZt%2Bud6eSGyGyx%2FaX%2B7PjMpZogvsAsy3wK5yhEmdXegYGbO35skva74QeZp2%2BXQED%2BIeogeINO"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d650c2ac9a1923d-FRA
expires
Sat, 21 Jan 2023 18:36:47 GMT
utils.css
ghoststealer.com/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ghoststealer.com/css/utils.css
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:50fc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f12731e555cff5e5f611d28bf0c51d5a70588244e315cddf3659a8337fd82a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
content-encoding
br
replit-cluster
global
cf-cache-status
MISS
last-modified
Mon, 31 Jan 2022 18:36:47 GMT
server
cloudflare
expect-ct
max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTRZBFVJ9zPKMZ2pGSaVwgsk6O2dWaL1VPro7uN%2Betj%2BOrmnvIZmYJaw26siYSUCp5CU2egomJJ8oYGepcbCmcem%2FsnkaPoSCkZOo3LwmHW5rtYb8p%2Bll0OGb3Oj5bN8sw%2Bn2sDZBXzICC3Grb0G"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6d650c2a884e928f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
style.css
ghoststealer.com/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ghoststealer.com/css/style.css
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:50fc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1ee7a8583dad035f65053222d86c706f465ad283bafd2b0cdcb7e4b0386d327

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
content-encoding
br
replit-cluster
global
cf-cache-status
MISS
last-modified
Mon, 31 Jan 2022 18:36:47 GMT
server
cloudflare
expect-ct
max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QVZsMtNsjYyMOGL16Frq3WymJf2xTZKFGHqz%2FCq8Ib3CWwoNQOmwG8530MuNstpig3slp0niHNNA9y%2Fqq9GLdMH4RkfYeNAwHVjMxpYQPgiEi7C1tNjLfsSjW767AL22Qp1%2B3YmxRqWrFVmYxcB"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6d650c2a8850928f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
css2
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;1,200&family=Ubuntu:wght@300&display=swap
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6ce928a28d2b5a75b02b8d642f01ec32c0c3dcedb8a52f3820f0dee0b1571444
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 31 Jan 2022 18:36:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 31 Jan 2022 18:36:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 31 Jan 2022 18:36:47 GMT
Oswald
fonts.google.com/specimen/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.google.com/specimen/Oswald
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/css/utils.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
image-1633334197sBg_1_1.png
media.discordapp.net/attachments/936148219417739277/936736241322442872/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.discordapp.net/attachments/936148219417739277/936736241322442872/image-1633334197sBg_1_1.png?width=1980&height=500
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.133.232 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a14e42134e51e8898ae8d7926646c1bb77b42d4ff70e545f1bf32c087a0363b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6
cf-ray
6d650c2f3e56928d-FRA
x-envoy-upstream-service-time
84
content-length
40482
last-modified
Fri, 28 Jan 2022 21:35:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S87Q50qcAHMl1IEhbjhSugX1WRyuP%2BnRMZKNGJx7DbCWYFNVKFsu%2BzBiW1IGK52cXXtJmaDVH4a9Y6bjVeZQNW4rL34uiLe%2B1Hqq8yEZIFPfUWPY2IbOfKld1MB9x4%2F8wty5%2FLxN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nocache, noimageindex, noodp
expires
Tue, 31 Jan 2023 18:36:47 GMT
1920x300-Dataforensics.png
www.withum.com/wp-content/uploads/2019/09/ 		282 KB
283 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.withum.com/wp-content/uploads/2019/09/1920x300-Dataforensics.png
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c8498bea21956e2d4d2fac9ca71d1c5277df9bbf1bffedaa69757e9536fbdc6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
cf-cache-status
HIT
age
51912
cf-polished
origFmt=png, origSize=394405
content-disposition
inline; filename="1920x300-Dataforensics.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
288778
last-modified
Thu, 13 Jan 2022 11:59:04 GMT
server
cloudflare
etag
"61e01408-604a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
6d650c2f7b459290-FRA
cf-bgj
imgq:100,h2pri
malware-detection-blog-banner.jpg
images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67ef472a10e72ed4/5d6ed0637c973409fa2b7b22/ 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67ef472a10e72ed4/5d6ed0637c973409fa2b7b22/malware-detection-blog-banner.jpg
Requested by
Host: ghoststealer.com
URL: https://ghoststealer.com/css/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
41afaf8ed289be7deed2757b62a864b1c9be9a7aae250d930ae270c3cbf028bf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ghoststealer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
via
1.1 varnish, 1.1 varnish
age
244730
x-cache
HIT, HIT
fastly-io-info
ifsz=129604 idim=2000x415 ifmt=jpeg ofsz=79958 odim=2000x415 ofmt=jpeg
content-disposition
inline; filename=malware-detection-blog-banner.jpg
fastly-stats
io=1
content-length
79958
x-request-id
58457
x-served-by
cache-sjc10052-SJC, cache-hhn4078-HHN
x-runtime
154ms
x-timer
S1643654208.890768,VS0,VE1
x-contentstack-organization
blte0c820e234b5b1e5
etag
"Bn1+exxNj+AD0cT6hHigTpAqbubyFH08d+6fq9YuwgI"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
content-disposition, content-type, cache-control, status, content-length
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v19/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v19/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;1,200&family=Ubuntu:wght@300&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ghoststealer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 19:31:44 GMT
x-content-type-options
nosniff
age
428703
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7884
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 19:17:03 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 26 Jan 2023 19:31:44 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin
https://ghoststealer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
556934
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78268
timing-allow-origin
*
last-modified
Mon, 13 Sep 2021 19:10:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"613fa20b-131bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ge3pg6mmRIawCHzydY%2BeHBXKjbcRjnHTp09ZHluO4a03nH8SQtVUeaq1P8HPFqf31pMGPSPaExe1h8HAp7HadT9QpouVGgiQ5BhBmh6wHfjAjx2ReS1coPspEY%2Ft%2FtpnWbUMHl64w60sw4a5WqlLFkLn"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d650c2f1a069159-FRA
expires
Sat, 21 Jan 2023 18:36:47 GMT
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin
https://ghoststealer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 31 Jan 2022 18:36:47 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
297568
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
76736
timing-allow-origin
*
last-modified
Mon, 13 Sep 2021 19:10:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"613fa20b-12bc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNjGSVnvTeLy%2B0rhl92QQkPxmQt0uw5Y83%2BKQAC%2BaFu8W6RGHaIXbL1FVGc3MjqkPGeo1RsHv9H6Ob9ASged5NhY5Xpr1ZYquX5CsN9jCDV12J7p0fdgDzdCw4nPcimzPttXpFJ82jUPdLhJgxFpNkuN"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d650c2f1a099159-FRA
expires
Sat, 21 Jan 2023 18:36:47 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| wname object| ymessage function| sendMessage

1 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=Zri5P4QM4ojlgc6wWF5PFcykHorpvuO4Q7NOj6b4o4rhReroE8adXeSrRFCl9hSxuoANcXTRV1oeScPq6qHQcfx-hdqLN0v-lQ0cGKoUML2k4d-9OkLuro4vmW8YfVehEeSgs-JfiPLIC6yYspSPBsE-WbwUUavTEEC9FgF_1zk