blog.group-ib.com Open in urlscan Pro
185.129.100.113  Public Scan

36 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2 HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1672437871601%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252Fscam-is-rising%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true&e_ipv6=AQL9l0PE4hmdtgAAAYVlELXvm4v9N_yCxmfz8jyQHAi97lbP2k7aOZ_3M7EwIXlU

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request scam-is-rising Show response blog.group-ib.com/	77 KB 12 KB	115ms 63ms	Document text/html	185.129.100.113 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.113 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash 8a6a40389aae5ee17b169baadf95a0b0c7bc1db247f785b4b0162bc1499466f9 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control max-age=0 public content-encoding gzip content-length 12191 content-type text/html; charset=UTF-8 date Fri, 30 Dec 2022 22:04:30 GMT etag "1340b-5eb359d52199a-gzip" last-modified Mon, 17 Oct 2022 07:06:28 GMT server ddos-guard vary Accept-Encoding x-frame-options SAMEORIGIN x-host blog.group-ib.com
GET H2	200	tilda-fallback-1.0.min.js Show response neo.tildacdn.com/js/	2 KB 1013 B	42ms 6ms	Script application/javascript	162.55.188.142 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://neo.tildacdn.com/js/tilda-fallback-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.55.188.142 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.142.188.55.162.clients.your-server.de Software nginx / Resource Hash cdf65e26b905a653bce60df182886b032b606940391badb1e3a655f434ca446c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:30 GMT content-encoding gzip last-modified Tue, 20 Dec 2022 12:39:14 GMT server nginx etag W/"63a1acf2-77e" access-control-allow-methods GET content-type application/javascript access-control-allow-origin *
GET H2	200	tilda-grid-3.0.min.css static.tildacdn.com/css/	4 KB 1 KB	112ms 13ms	Stylesheet text/css	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/css/tilda-grid-3.0.min.css Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash f5c301b8769579afae9deb4eda7659df32661229039c6b7a37cfabd1827317ce Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc13 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 15 last-modified Sun, 25 Apr 2021 08:11:00 GMT server nginx etag W/"60852414-1010" vary Accept-Encoding x-cached-since 2022-12-04T10:59:11+00:00, 2022-12-06T10:17:44+00:00 content-type text/css cache HIT, HIT
GET H/1.1	200 OK	tilda-blocks-page30916968.min.css ws.tildacdn.com/project200703/	28 KB 6 KB	208ms 174ms	Stylesheet text/css	178.248.236.28 QRATOR
General Check archive.org Show headers Download Go to Full URL https://ws.tildacdn.com/project200703/tilda-blocks-page30916968.min.css?t=1665990388 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU), Reverse DNS Software QRATOR / Resource Hash 276603dafa21812ae42e9c25e98f7c5e9bec93f1308f81dcbab361d93c808aa6 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Fri, 30 Dec 2022 22:04:30 GMT Content-Encoding gzip Last-Modified Mon, 17 Oct 2022 07:06:28 GMT Server QRATOR Transfer-Encoding chunked Content-Type text/css cache-control max-age=0, public X-Host ws.tildacdn.com Connection keep-alive Keep-Alive timeout=15
GET H2	200	tilda-cover-1.0.min.css static.tildacdn.com/css/	3 KB 736 B	112ms 14ms	Stylesheet text/css	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/css/tilda-cover-1.0.min.css Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash a75252f44345abab620ab96d0d7339fcd3ce8aabd3caff7641ffb1da28233035 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 12 last-modified Tue, 30 Aug 2022 09:22:13 GMT server nginx etag W/"630dd6c5-a62" vary Accept-Encoding x-cached-since 2022-10-27T23:50:20+00:00, 2022-11-28T08:04:19+00:00 content-type text/css cache HIT, HIT
GET H2	200	jquery-1.10.2.min.js Show response static.tildacdn.com/js/	91 KB 31 KB	114ms 16ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/jquery-1.10.2.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 13 last-modified Sun, 25 Apr 2021 08:11:36 GMT server nginx etag W/"60852438-16b88" vary Accept-Encoding x-cached-since 2022-12-12T20:23:19+00:00, 2022-12-19T07:10:05+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-scripts-3.0.min.js Show response static.tildacdn.com/js/	14 KB 4 KB	112ms 14ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-scripts-3.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash e15a071315bd382a763fc6f5185ad89ba57b285a47d3d6170566cdea6a80b995 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc13 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 13 last-modified Fri, 23 Dec 2022 06:43:43 GMT server nginx etag W/"63a54e1f-36fb" vary Accept-Encoding x-cached-since 2022-12-23T06:46:00+00:00, 2022-12-23T06:48:20+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H/1.1	200 OK	tilda-blocks-page30916968.min.js Show response ws.tildacdn.com/project200703/	1 KB 889 B	260ms 227ms	Script application/javascript	178.248.236.28 QRATOR
General Check archive.org Show headers Download Go to Full URL https://ws.tildacdn.com/project200703/tilda-blocks-page30916968.min.js?t=1665990388 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU), Reverse DNS Software QRATOR / Resource Hash 76ff7b9032801e8f6d14315a1c8a86165d80e0d318de34ef87748b004378d8ce Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Fri, 30 Dec 2022 22:04:30 GMT Content-Encoding gzip Last-Modified Mon, 17 Oct 2022 07:06:28 GMT Server QRATOR Transfer-Encoding chunked Content-Type application/javascript cache-control max-age=0, public X-Host ws.tildacdn.com Connection keep-alive Keep-Alive timeout=15
GET H2	200	lazyload-1.3.min.js Show response static.tildacdn.com/js/	20 KB 6 KB	13ms 12ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/lazyload-1.3.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 819af3b9c50402e97408ee0e5bf74b4ac13d06537faf3860c52ac55f3226ae2c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 13 last-modified Tue, 27 Dec 2022 05:22:32 GMT server nginx etag W/"63aa8118-4e1c" vary Accept-Encoding x-cached-since 2022-12-27T05:23:10+00:00, 2022-12-27T05:23:10+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-cover-1.0.min.js Show response static.tildacdn.com/js/	12 KB 3 KB	13ms 13ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-cover-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash d4ae9a515e5200b13d9cf4da3a0a8768bbaffaf610a6854b6a1209d521b8e79e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc4 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 12 last-modified Mon, 07 Nov 2022 11:31:02 GMT server nginx etag W/"6368ec76-2f1e" vary Accept-Encoding x-cached-since 2022-11-08T09:59:09+00:00, 2022-12-19T07:14:39+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-zero-1.1.min.js Show response static.tildacdn.com/js/	23 KB 6 KB	13ms 13ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-zero-1.1.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 0fc5a67b328a4ec98c15ea8dc0daf1da2039f77507fd7141ceb7cd0817875491 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc13 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 10 last-modified Tue, 20 Dec 2022 12:42:19 GMT server nginx etag W/"63a1adab-5b5c" vary Accept-Encoding x-cached-since 2022-12-20T12:44:21+00:00, 2022-12-20T12:44:21+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-events-1.0.min.js Show response static.tildacdn.com/js/	13 KB 4 KB	12ms 11ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-events-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 521bd1fb3a256e1a6ce843a60daff90f021ed507019e1507524f435550cac474 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 10 last-modified Fri, 07 Oct 2022 16:20:46 GMT server nginx etag W/"634051de-3590" vary Accept-Encoding x-cached-since 2022-12-09T13:23:41+00:00, 2022-12-19T07:10:05+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	ya-share.js Show response static.tildacdn.com/js/	82 KB 25 KB	13ms 13ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/ya-share.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 2e59794c9e506814df50c2fe349d9fc8d6418a5959ba5a5b18cbc4742ebba1de Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT content-encoding br tserver 10 last-modified Fri, 30 Sep 2022 13:13:50 GMT server nginx etag W/"6336eb8e-147ff" vary Accept-Encoding x-cached-since 2022-12-18T16:53:57+00:00, 2022-12-19T07:10:29+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	gtm.js Show response www.googletagmanager.com/	259 KB 85 KB	405ms 57ms	Script application/javascript	2a00:1450:400d:808::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 11eeab63fb3f83c692e84ab125998b81e83df6c48bf30ffe0f61700ccf58ecd7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 86454 x-xss-protection 0 last-modified Fri, 30 Dec 2022 21:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 30 Dec 2022 22:04:31 GMT
GET H2	200	image-20221012-16250.png static.tildacdn.com/tild6265-3130-4932-a333-376431386530/-/resize/20x/	383 B 421 B	103ms 103ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6265-3130-4932-a333-376431386530/-/resize/20x/image-20221012-16250.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 04ff8ce4fa3add19fa73ff4abf27063a47c0254dee5e45dc37e5b6fe88b96038 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc4 date Fri, 30 Dec 2022 22:04:30 GMT tserver 10 server nginx content-type image/png cache-control public cache MISS, MISS expires Sun, 15 Jan 2023 23:59:59 GMT
GET H2	200	SFUIDisplayMedium.woff static.tildacdn.com/tild3239-3033-4235-a566-376533383664/	71 KB 71 KB	72ms 45ms	Font application/x-font-woff	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/tild3239-3033-4235-a566-376533383664/SFUIDisplayMedium.woff Requested by Host: ws.tildacdn.com URL: https://ws.tildacdn.com/project200703/tilda-blocks-page30916968.min.css?t=1665990388 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 19cc6e4b03f164ccb8d68121c3dfc374926bc9eaab12a4216306963bdefd76de Request headers Referer https://ws.tildacdn.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-container-storage-policy-name Policy-0 x-id m9p-up-gc37, cec-up-gc13 date Fri, 30 Dec 2022 22:04:30 GMT age 0 x-cached-since 2022-12-29T13:55:11+00:00 content-length 72492 tserver 8 last-modified Tue, 18 Apr 2017 12:57:08 GMT server nginx etag "3ba1b30b31cc1d325b305f3951058787" content-type application/x-font-woff access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control cache-control public cache MISS, HIT x-timestamp 1492520227.30915 x-container-storage-policy-index 0 accept-ranges bytes
GET H2	200	SFUIDisplayLight.woff static.tildacdn.com/tild6463-6361-4432-b234-333934313939/	71 KB 71 KB	40ms 13ms	Font application/x-font-woff	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/tild6463-6361-4432-b234-333934313939/SFUIDisplayLight.woff Requested by Host: ws.tildacdn.com URL: https://ws.tildacdn.com/project200703/tilda-blocks-page30916968.min.css?t=1665990388 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 07cc9932ed0e2c7a958c6bf6e3a928847b9fe3f271832767ec89ee34e78f5227 Request headers Referer https://ws.tildacdn.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-container-storage-policy-name Policy-0 x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT age 0 x-cached-since 2022-12-29T13:55:11+00:00 content-length 72608 tserver 12 last-modified Tue, 18 Apr 2017 12:57:03 GMT server nginx etag "08edc0015cdeec9e755f0ce361281b27" content-type application/x-font-woff access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control cache-control public cache MISS, HIT x-timestamp 1492520222.13412 x-container-storage-policy-index 0 accept-ranges bytes
GET H2	200	image-20221012-16250.png static.tildacdn.com/tild3762-3735-4437-a237-353639656639/-/resize/20x/	383 B 445 B	68ms 68ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3762-3735-4437-a237-353639656639/-/resize/20x/image-20221012-16250.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 04ff8ce4fa3add19fa73ff4abf27063a47c0254dee5e45dc37e5b6fe88b96038 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc13 date Fri, 30 Dec 2022 22:04:30 GMT tserver 10 server nginx content-type image/png cache-control public cache MISS, MISS expires Sun, 15 Jan 2023 23:59:59 GMT
GET H2	200	Frame3.png static.tildacdn.com/tild6661-3430-4734-b066-336264656663/-/resizeb/20x/	887 B 1009 B	14ms 13ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6661-3430-4734-b066-336264656663/-/resizeb/20x/Frame3.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 433d9e9d1898c6d0694a38adba4d7c5ecc5bdbf1cd896bc58df51dcaedbe343b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc4 date Fri, 30 Dec 2022 22:04:30 GMT tserver 9 server nginx x-cached-since 2022-12-29T13:52:03+00:00, 2022-12-29T13:55:12+00:00 content-type image/png cache-control public cache HIT, HIT expires Fri, 27 Jan 2023 23:59:59 GMT
GET H2	200	DRP_2.png static.tildacdn.com/tild3666-3963-4334-a566-623331336233/-/resizeb/20x/	734 B 802 B	15ms 14ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3666-3963-4334-a566-623331336233/-/resizeb/20x/DRP_2.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 751baf89cb4a39284c97a0cb6f03c1d420097d590a1a9ed34a537fb40ad2e20b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc4 date Fri, 30 Dec 2022 22:04:30 GMT tserver 9 server nginx x-cached-since 2022-12-29T13:55:12+00:00 content-type image/png cache-control public cache MISS, HIT expires Fri, 06 Jan 2023 23:59:59 GMT
GET H2	200	1_URP_Cover_1680x900.jpg static.tildacdn.com/tild6462-3339-4363-b365-363162643263/-/resizeb/20x/	340 B 412 B	14ms 14ms	Image image/jpeg	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6462-3339-4363-b365-363162643263/-/resizeb/20x/1_URP_Cover_1680x900.jpg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 3c8478777e4714f32b67e7dff359ccd2ef2dc5ea0b3070573e408b70acb019e1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT tserver 9 server nginx x-cached-since 2022-12-29T13:52:03+00:00, 2022-12-29T13:55:12+00:00 content-type image/jpeg cache-control public cache HIT, HIT expires Sat, 28 Jan 2023 23:59:59 GMT
GET H2	200	telegram-cloud-docum.jpg static.tildacdn.com/tild3633-3131-4931-b363-323635633836/-/resizeb/20x/	665 B 709 B	15ms 15ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3633-3131-4931-b363-323635633836/-/resizeb/20x/telegram-cloud-docum.jpg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash dc0b82d13fbd68066a65e7241087c2b93e0c6f75bfd300f79d955ec31366ed8c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:30 GMT tserver 11 server nginx x-cached-since 2022-12-29T13:52:03+00:00, 2022-12-29T13:55:12+00:00 content-type image/png cache-control public cache HIT, HIT expires Sat, 28 Jan 2023 23:59:59 GMT
GET DATA	200 OK	truncated /	66 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/webp
GET DATA	200 OK	truncated /	280 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aaa53b7966f71ea94c27d3ec4f5598a616723c1576bbc707698f8fc2db4b54b4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	579 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9d005c1939236926ac6f06522f0a1e32eeffda988f6272efb8b7a698be2dfb9d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	image-20221012-16250.png thumb.tildacdn.com/tild6265-3130-4932-a333-376431386530/-/format/webp/	37 KB 37 KB	148ms 110ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://thumb.tildacdn.com/tild6265-3130-4932-a333-376431386530/-/format/webp/image-20221012-16250.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 23d8e0532f2242f61f076b12310111ae23d5c67fe8e5a082c2c1ce1e260a1615 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc13 date Fri, 30 Dec 2022 22:04:31 GMT last-modified Mon, 17 Oct 2022 07:17:11 GMT server nginx etag "634d0177-9460" content-type image/png access-control-allow-origin * cache MISS, MISS x-tilda-server 1 accept-ranges bytes content-length 37984
GET H2	200	6si.min.js Show response j.6sc.co/	31 KB 10 KB	128ms 20ms	Script application/javascript	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 01 Dec 2022 20:20:43 GMT server nginx/1.14.0 (Ubuntu) etag "63890c9b-7ad6" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 10143 expires Fri, 30 Dec 2022 22:04:31 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	109ms 21ms	Script application/javascript	199.232.16.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-vie6344-VIE
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	313ms 14ms	Script application/x-javascript	2a02:26f0:11a::6867:4832 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:11a::6867:4832 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 3e6ef4f3484f029b4d1a989163d6bb29899184f008431adb932c43ff3543368a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding gzip last-modified Thu, 15 Dec 2022 18:31:06 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=82985 accept-ranges bytes content-length 4654
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	103 KB 28 KB	267ms 10ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 55c4e9ba07b641e64caa17bfcbdc63b1721a58554bd449401e600db3f6b95cf9 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 30 Dec 2022 22:04:31 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27298 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug 2UXERQoxRqBNAM2gzMYUXqz66SbTh0rUeeruUxBw2zs5zahwOKSye1VmvzdeLsEUQOZH5ihNOcrymj0jBCtgcQ== x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 920 B	118ms 44ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 762428f602d7fc240b047dd9975dc9a1dc5e75a031fe27634079a35d0883f8f8 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br cf-cache-status EXPIRED last-modified Fri, 30 Dec 2022 21:35:37 GMT server cloudflare x-hubspot-correlation-id 54152098-04f3-4bfc-a6f9-4b99c7e1b488 x-trace 2BE04CF039BFD9577D847F316D5E4378CFE43B65FD000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.group-ib.com cache-control public, max-age=30 access-control-allow-credentials true cf-ray 781e1257ff30699f-FRA
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	108ms 24ms	Script text/javascript	2a00:1450:400d:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 30 Dec 2022 20:27:20 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 5831 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Fri, 30 Dec 2022 22:27:20 GMT
GET H2	200	Vector_1.svg static.tildacdn.com/tild6464-3039-4230-b436-316464656631/	2 KB 1 KB	16ms 15ms	Image image/svg+xml	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6464-3039-4230-b436-316464656631/Vector_1.svg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-container-storage-policy-name Policy-0 x-id m9-up-gc46, cec-up-gc13 date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br age 0 x-cached-since 2022-12-29T13:55:13+00:00 x-trans-id 16bd0ef74ccb5673 tserver 10 last-modified Thu, 02 Dec 2021 21:58:15 GMT server nginx etag W/"3bd0da92e08d20c93a26e4498db2a163" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control cache-control public cache MISS, HIT x-timestamp 1638482294.74620 x-container-storage-policy-index 0
GET H2	200	1.png thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/	180 B 334 B	16ms 16ms	Image image/png	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/1.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 61cca59ebb452e7e0707d856d513e780a5d67eae947dba2786aadf76460333ce Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc10, cec-up-gc12 date Fri, 30 Dec 2022 22:04:31 GMT last-modified Tue, 18 Oct 2022 00:17:59 GMT server nginx etag "634df0b7-b4" x-cached-since 2022-10-18T00:45:00+00:00, 2022-12-27T22:28:58+00:00 content-type image/png access-control-allow-origin * cache STALE, HIT x-tilda-server 1 accept-ranges bytes content-length 180
GET H2	200	Vector_1.svg static.tildacdn.com/tild6135-3635-4134-b064-363630393233/	2 KB 1 KB	17ms 16ms	Image image/svg+xml	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6135-3635-4134-b064-363630393233/Vector_1.svg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc12 date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br age 0 x-cached-since 2022-12-29T13:52:03+00:00, 2022-12-29T13:55:13+00:00 x-trans-id 16bd0efcedc07eea tserver 10 last-modified Thu, 02 Dec 2021 21:58:39 GMT server nginx etag W/"3bd0da92e08d20c93a26e4498db2a163" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control cache-control public cache HIT, HIT x-timestamp 1638482318.95914
GET H2	200	adsct t.co/i/	43 B 378 B	195ms 113ms	Image image/gif	104.244.42.197 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=eefdaf01-463b-425d-9adc-e06615580e3b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=de43ffee-902c-48bb-90ab-f71c44cb2f4a&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.197 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-response-time 105 date Fri, 30 Dec 2022 22:04:30 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 282375013a5b6a67 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 538e9f9a4dec8d0ca30575928a1dd47dd9ba7c35e58b732b97516b745a1c7c12 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 395 B	507ms 121ms	Image image/gif	104.244.42.3 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=eefdaf01-463b-425d-9adc-e06615580e3b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=de43ffee-902c-48bb-90ab-f71c44cb2f4a&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.3 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-response-time 110 date Fri, 30 Dec 2022 22:04:31 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 4800cd7d5493e8c9 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 3b7272e1354db3a2d6b3523957330f744f76f1c96b504a1c53db1ed81f6ebd97 content-length 43
GET H2	200	collectedforms.js Show response js-eu1.hscollectedforms.net/	68 KB 25 KB	106ms 31ms	Script application/javascript	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hscollectedforms.net/collectedforms.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3999cf864b43937c278afeae5b60b6db69bb234d5641202c9e7a2385029aa3b7 Request headers Referer https://blog.group-ib.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT x-amz-version-id SN4HXBautbT5xHa4DdPckLpyluwLE8QR via 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront) cf-cache-status EXPIRED content-encoding br x-amz-cf-pop FRA56-C2 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.312/bundles/project.js&cfRay=781e1258b8625b8c-FRA x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-amz-replication-status COMPLETED last-modified Wed, 07 Dec 2022 02:49:13 UTC server cloudflare etag W/"349cabd549e2249f8fb6ac3ac6f08e00" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-hs-cache-status HIT cache-control s-maxage=600, max-age=300 cf-ray 781e1258b8625b8c-FRA x-amz-cf-id e_3ZaPXE4Xr0-j7JU51Nmyqk1WT_emIo5stXKEBc3AQoDD15XrRO7Q== x-hs-target-asset collected-forms-embed-js/static-1.312/bundles/project.js
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1672437600000/	64 KB 20 KB	96ms 25ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1672437600000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 85f908e14878ea56238cece7818560d24e83bc5ebede0d58540cbe9b75340102 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br cf-cache-status HIT x-amz-request-id 37V7X6EGRZE4DCN3 age 9 x-amz-server-side-encryption AES256 x-amz-id-2 wsZg09XrdYLMn6xqBehfXQk7hi3hH20iRHNE/OqDUNNFUNBp/fqkjGf+lJOpTKErjFMVWf9DyD0= last-modified Thu, 01 Dec 2022 14:17:47 GMT server cloudflare etag W/"a443abf4b907e8fe221cbc1a12387c2f" vary origin, Accept-Encoding content-type text/javascript cache-control max-age=300, public access-control-allow-credentials false cf-ray 781e1258b8a1bb86-FRA expires Fri, 30 Dec 2022 22:09:22 GMT
GET H2	200	banner.js Show response js-eu1.hs-banner.com/v2/25755956/	202 KB 63 KB	124ms 56ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/v2/25755956/banner.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 132b669c9634c5296fd3e6802091f16c490089a12c26c4078c2c30754ab17587 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT x-amz-version-id F6GYaCRPqK4IYB5GHkfjAxCM0YTry982 content-encoding br cf-cache-status REVALIDATED x-amz-request-id RRWSDP5SBD9ZMA6C x-amz-server-side-encryption AES256 x-amz-id-2 wFTR1fG9ovKy+ZkRKqMcVxF7xLws/HuHqWNVc/7/b1zTE9W3MOy+sjMB5IFgPJi6kzm/0FOQsi8= last-modified Thu, 08 Dec 2022 22:08:21 GMT server cloudflare etag W/"6ffab64f6c18fc303c61b02bbf12428e" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.group-ib.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 781e1258bc7d2bc2-FRA expires Fri, 30 Dec 2022 22:09:31 GMT
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	6 KB 3 KB	92ms 20ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 923f82635a75547c368b300c684da5f5f36164446310142d67c520c18d1b8f3d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT x-amz-version-id uc7chkM909y9_fdLpHcf_jlYEUuyZ4oj via 1.1 0c0a9358491c37c184a221ad07b92016.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop FRA56-C2 age 24 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.303/bundles/pixels-release.js&cfRay=781e11bfbbe49229-FRA x-cache RefreshHit from cloudfront cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-amz-replication-status COMPLETED last-modified Tue, 20 Dec 2022 06:51:27 UTC server cloudflare etag W/"cac538694d8cb071669002abe101c1fa" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT cache-control max-age=600 cf-ray 781e1258bdc29259-FRA x-amz-cf-id sWEiRz0H4vZv6QK6cOWLO4i_TmFBGWd8UJMn0h0bcMCF7K2iPOy1sg== x-hs-target-asset adsscriptloaderstatic/static-1.303/bundles/pixels-release.js
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 443 B	71ms 21ms	XHR text/plain	2a00:1450:400c:c08::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-25492706-2&cid=723578611.1672437871&jid=1211376049&gjid=1763234753&_gid=1440006288.1672437871&_u=YGBAgEABAAAAAEAEK~&z=309767783 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Fri, 30 Dec 2022 22:04:31 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 194 B	25ms 25ms	Image image/gif	2a00:1450:400d:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j98&a=1104811646&t=pageview&_s=1&dl=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&ul=en-us&de=UTF-8&dt=Scam%20is%20rising&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAAAAEK~&jid=1211376049&gjid=1763234753&cid=723578611.1672437871&tid=UA-25492706-2&_gid=1440006288.1672437871&gtm=2wgbu0PW7265&cd1=723578611.1672437871&z=317130249 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 03:42:32 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 66119 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	getuidj Show response secure.adnxs.com/	11 B 814 B	67ms 12ms	XHR application/json	37.252.171.22 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.21.3 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Pragma no-cache Date Fri, 30 Dec 2022 22:04:31 GMT AN-X-Request-Uuid 4628295c-83e5-4058-a0e7-e05a72b21ef9 Server nginx/1.21.3 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type application/json; charset=utf-8 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://blog.group-ib.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive X-Proxy-Origin 81.95.5.41; 81.95.5.41; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com Content-Length 11 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 203 B	42ms 17ms	XHR text/html	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://blog.group-ib.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	14 B 246 B	151ms 15ms	XHR text/html	2a02:26f0:11a:39e::1c91 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:11a:39e::1c91 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 74b8942009f393336b393dad1d725947fe03629bd9d58a76eabfc6eaf6762ead Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT vary Origin content-type text/html access-control-allow-origin https://blog.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:2b::6 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 14 expires Fri, 30 Dec 2022 22:04:31 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	50ms 20ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-25492706-2&cid=723578611.1672437871&jid=1211376049&_u=YGBAgEABAAAAAEAEK~&z=856554640 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	121ms 46ms	Image image/gif	2a00:1450:400d:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-25492706-2&cid=723578611.1672437871&jid=1211376049&_u=YGBAgEABAAAAAEAEK~&z=856554640 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	252ms 213ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A31%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	json Show response forms-eu1.hubspot.com/collected-forms/v1/config/	116 B 1022 B	115ms 50ms	XHR application/json	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/collected-forms/v1/config/json?portalId=25755956&utk= Requested by Host: js-eu1.hscollectedforms.net URL: https://js-eu1.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 55481f0a-c2b1-49d6-a93d-7f46a9dcb1b2 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.group-ib.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zA%2F04hIs%2F9zjRtP7OnXhkENXIkj0jw3LXxxnS1Amgon0H4zWQoyDw7vk1vYfI188XnH2xiqB%2FBpJjx1keYbn%2BgYJUYhBUnnDzFohKQnkeID9Xca5%2BPlF7rt7mQIXwdnXk3lXzxvJBg%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 180 access-control-allow-credentials false x-robots-tag none access-control-allow-headers * cf-ray 781e125988259049-FRA
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/	202 B 878 B	66ms 31ms	XHR application/json	2606:4700::6811:cccc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=25755956 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2e5858ac3b77c03c946d9f6d58fab9185a5f90d993941b7bf97f9ce25014ce74 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 80a3719b-7403-44d3-be99-c7d588c36965 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare x-trace 2B18B3A907B11F51ECE197BC32D0D4D551E223D371000000000000000000 vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.group-ib.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNymD3WJWj1m50wq8tH9cOYsWsYsseG7aDh%2B60pwFsVhSS8ABhZzHz6DOre%2Bg9S5MBCMcnOrhczv6KmpEs7i%2BCNWybjuSsb397VxANZv6Xyvd8D3aWY8SWAx9%2Fiz3fbSMo76JR4FaeELT0tPipuLVw%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-max-age 180 access-control-allow-credentials false cf-ray 781e12596d849b80-FRA access-control-allow-headers *
GET H3	200	649324202964935 Show response connect.facebook.net/signals/config/	293 KB 84 KB	78ms 67ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.90&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4abaea956e7feeeedb358ecb81669e11aafc2386649543a6d7f4daf007ec5213 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 30 Dec 2022 22:04:31 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug y/6rQQMRqz3sfRzD1h9+5wxdNWWZYybkXMM5niWHTjyTHwncrEI2xnRrZeOCIIZziqqojo64wTPyNyToNT3xCA== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
OPTIONS H2	200	token cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/	0 0	71ms 14ms	Preflight	2600:9000:2304:e400:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2304:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://blog.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET access-control-allow-origin * access-control-max-age 1800 age 56389 allow GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH content-length 0 date Fri, 30 Dec 2022 06:24:41 GMT via 1.1 452b7761b1eb87a22cbc4ec546224f1a.cloudfront.net (CloudFront) x-amz-cf-id qw6lkoYreUExQN9rIqLpRvGxbExargYpJ2HUPLkIshd12k-u69PgRw== x-amz-cf-pop VIE50-P1 x-cache Hit from cloudfront
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/	36 B 368 B	172ms 171ms	XHR application/json	2600:9000:2304:e400:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2304:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/json Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding gzip via 1.1 452b7761b1eb87a22cbc4ec546224f1a.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-P1 vary accept-encoding x-cache Miss from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id KxjjM0GmLKYVNsrlTWW5XmXlEZCZt22uoVRaJDDtbfWWNpIgB_cUjQ==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2 https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1672437871601%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252F... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true&e_ipv6=AQL9l0PE4hmdtgAAAYVlELXvm4v9N_yCxmfz8...	0 264 B	457ms 184ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true&e_ipv6=AQL9l0PE4hmdtgAAAYVlELXvm4v9N_yCxmfz8jyQHAi97lbP2k7aOZ_3M7EwIXlU Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:32 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: DE27D2CAF43A466FAA00086348805076 Ref B: FRAEDGE2016 Ref C: 2022-12-30T22:04:32Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAXxEslNkMeRBPN9Gq9Mmw== Redirect headers date Fri, 30 Dec 2022 22:04:32 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: F1AA88B9FA8B45198417DC73DB03D214 Ref B: DUS30EDGE0914 Ref C: 2022-12-30T22:04:32Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1672437871601&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tm=gtmv2&liSync=true&e_ipv6=AQL9l0PE4hmdtgAAAYVlELXvm4v9N_yCxmfz8jyQHAi97lbP2k7aOZ_3M7EwIXlU x-li-proto http/2 content-length 0 x-li-uuid AAXxEslGih3MAHjOUYa+5g==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 492 B	230ms 229ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	183 KB 67 KB	106ms 63ms	Script application/javascript	2a00:1450:400d:808::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash da456611d64cc700c3f48f1ff72c73bd6ad7b424dd0458a275fcd7c5ed590000 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 68299 x-xss-protection 0 last-modified Fri, 30 Dec 2022 21:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 30 Dec 2022 22:04:31 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	183 KB 67 KB	92ms 51ms	Script application/javascript	2a00:1450:400d:808::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash eed68156c4045bf0ea4ae17546e339d5e374ffd463221c58c62fab806924d60e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 68244 x-xss-protection 0 last-modified Fri, 30 Dec 2022 21:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 30 Dec 2022 22:04:31 GMT
GET H2	200	/ www.facebook.com/tr/	0 185 B	43ms 11ms	Image text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&rl=&if=false&ts=1672437871674&sw=1600&sh=1200&v=2.9.90&r=stable&ec=0&o=30&fbp=fb.1.1672437871673.1510090493&it=1672437871566&coo=false&rqm=GET Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 30 Dec 2022 22:04:31 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	2 KB 1 KB	117ms 51ms	Script text/javascript	2a00:1450:400d:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1672437871779&cv=11&fst=1672437871779&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tiba=Scam%20is%20rising&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1997367418.1672437872&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 48341d7b1cdd32afdd4a5cafd68b91ffc818c17a5acee8921dc73918c17be3d4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 878 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 64 B	41ms 20ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1672437871779&cv=11&fst=1672437600000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tiba=Scam%20is%20rising&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=867448110&rmt_tld=0&ipr=y Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 64 B	99ms 52ms	Image image/gif	2a00:1450:400d:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1672437871779&cv=11&fst=1672437600000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&tiba=Scam%20is%20rising&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=867448110&rmt_tld=1&ipr=y Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Fri, 30 Dec 2022 22:04:31 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/	0 18 B	79ms 11ms	Image text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=Microdata&dl=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&rl=&if=false&ts=1672437872177&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Scam%20is%20rising%22%2C%22meta%3Adescription%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising%22%2C%22og%3Atitle%22%3A%22Scam%20is%20rising%22%2C%22og%3Adescription%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild6565-6430-4632-b865-653566376131%2Fimage-20221012-16250.jpg%22%2C%22og%3Asite_name%22%3A%22Group-IB%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A1320%2C%22w%22%3A1600%7D%2C%22properties%22%3A%7B%22image%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild6265-3130-4932-a333-376431386530%2Fimage-20221012-16250.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FImageObject%22%7D%2C%7B%22dimensions%22%3A%7B%22h%22%3A710%2C%22w%22%3A1600%7D%2C%22properties%22%3A%7B%22image%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild3762-3735-4437-a237-353639656639%2Fimage-20221012-16250.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FImageObject%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.90&r=stable&ec=1&o=30&fbp=fb.1.1672437871673.1510090493&it=1672437871566&coo=false&es=automatic&tm=3&rqm=GET Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 30 Dec 2022 22:04:32 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 492 B	215ms 215ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A32%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A31%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:32 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H3	200	709834390277869 Show response connect.facebook.net/signals/config/	293 KB 84 KB	65ms 64ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/709834390277869?v=2.9.90&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 98ca134f7b99b6c77f769e4618398e49e94eb90fe6a8d18d7fcfc27776afe7d1 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 30 Dec 2022 22:04:32 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug OoOu2MhKqIwJ/Brz1hyPIvNePEzOl9xpkvNtHj4xcIVsxf11LgYAEX9bJGy/qmw0Iv3oTX/FwLFWbJTMNXU2BQ== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 924 B	178ms 113ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3792703849&v=1.1&a=25755956&rcu=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pu=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&t=Scam+is+rising&cts=1672437872690&vi=6c83ad21ea92d2e7b8036cb67c9520de&nc=true&u=84897990.6c83ad21ea92d2e7b8036cb67c9520de.1672437872687.1672437872687.1672437872687.1&b=84897990.1.1672437872687&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:32 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id aade6aae-3f54-4cb2-baf2-395729a94fb7 p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 45 last-modified Fri, 30 Dec 2022 22:04:32 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dW31WNpncu%2FOQ7y7x8aDnwUpFpjLKskNHUDB2zLBW7cH1hmYKWeecJcN7WZIO8wrwk4dXJAzbkqOqwumn%2F0xYxmw5s34wDIE%2B%2BRTn%2FZHf1DssLycVB5AYdXu3gTcYuBhc%2Fax3vv1Rg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 781e1260bf959265-FRA x-robots-tag none
GET H3	200	/ www.facebook.com/tr/	0 15 B	8ms 8ms	Image text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&rl=&if=false&ts=1672437872770&sw=1600&sh=1200&ud[external_id]=6c83ad21ea92d2e7b8036cb67c9520de&v=2.9.90&r=stable&ec=0&o=30&fbp=fb.1.1672437871673.1510090493&it=1672437871566&coo=false&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 30 Dec 2022 22:04:32 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H2	200	tilda-stat-1.0.min.js Show response static.tildacdn.com/js/	9 KB 3 KB	15ms 14ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-stat-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/scam-is-rising Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 0565de9b4919bf1cbc345d8218425e4951d97c7e8c36263bee72e2d72038c73f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9-up-gc46, cec-up-gc4 date Fri, 30 Dec 2022 22:04:32 GMT content-encoding br tserver 13 last-modified Wed, 07 Sep 2022 13:40:09 GMT server nginx etag W/"63189f39-2211" vary Accept-Encoding x-cached-since 2022-12-12T20:09:02+00:00, 2022-12-19T07:14:41+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-performance-1.0.min.js Show response static.tildacdn.com/js/	3 KB 1 KB	34ms 33ms	Script application/javascript	2a03:90c0:e1:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-performance-1.0.min.js Requested by Host: static.tildacdn.com URL: https://static.tildacdn.com/js/tilda-stat-1.0.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:e1:2801::254 Prague, Czech Republic, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 15cb1cffa887ec74a9ae3dad3c5c539e2b24c0c2e8e66f82fa536406e0c95db1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers x-id m9p-up-gc37, cec-up-gc13 date Fri, 30 Dec 2022 22:04:32 GMT content-encoding br tserver 13 last-modified Mon, 05 Dec 2022 06:48:46 GMT server nginx etag W/"638d944e-cf0" vary Accept-Encoding x-cached-since 2022-12-05T06:48:54+00:00, 2022-12-06T10:17:44+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H3	200	/ www.facebook.com/tr/	0 15 B	8ms 8ms	Image text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=Microdata&dl=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&rl=&if=false&ts=1672437873272&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Scam%20is%20rising%22%2C%22meta%3Adescription%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising%22%2C%22og%3Atitle%22%3A%22Scam%20is%20rising%22%2C%22og%3Adescription%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild6565-6430-4632-b865-653566376131%2Fimage-20221012-16250.jpg%22%2C%22og%3Asite_name%22%3A%22Group-IB%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A1320%2C%22w%22%3A1600%7D%2C%22properties%22%3A%7B%22image%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild6265-3130-4932-a333-376431386530%2Fimage-20221012-16250.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FImageObject%22%7D%2C%7B%22dimensions%22%3A%7B%22h%22%3A710%2C%22w%22%3A1600%7D%2C%22properties%22%3A%7B%22image%22%3A%22https%3A%2F%2Fstatic.tildacdn.com%2Ftild3762-3735-4437-a237-353639656639%2Fimage-20221012-16250.png%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FImageObject%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&ud[external_id]=6c83ad21ea92d2e7b8036cb67c9520de&v=2.9.90&r=stable&ec=1&o=30&fbp=fb.1.1672437871673.1510090493&it=1672437871566&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 30 Dec 2022 22:04:33 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
POST H2	200	/ Show response stat.tildacdn.com/event/	16 B 145 B	158ms 70ms	XHR application/json	193.3.17.197 TILDAPUBLISHING-RU-1
General Check archive.org Show headers Download Go to Full URL https://stat.tildacdn.com/event/ Requested by Host: static.tildacdn.com URL: https://static.tildacdn.com/js/tilda-stat-1.0.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.3.17.197 , Russian Federation, ASN210753 (TILDAPUBLISHING-RU-1, RU), Reverse DNS 197-17.addr.tildacdn.net Software / Resource Hash fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers access-control-allow-origin https://blog.group-ib.com date Fri, 30 Dec 2022 22:04:33 GMT x-tilda-server 11 content-type application/json;charset=utf-8
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	271ms 271ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A33%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A32%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:33 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 494 B	465ms 464ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:34 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 493 B	267ms 267ms	Image image/gif	104.76.152.90 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.76.152.90 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-76-152-90.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 30 Dec 2022 22:04:35 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET		img.gif b.6sc.co/v1/beacon/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

b.6sc.co

URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=d858279f-6f40-4abc-85fb-df0080812588&session=ed5148a6-9a13-43ca-858f-cf8b82b9d05f&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2030%20Dec%202022%2022%3A04%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Explore%20the%20global%20state%20of%20scams%20to%20protect%20your%20organization%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scam%20is%20rising%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Fscam-is-rising&pageViewId=46b3f66f-e264-4cf2-8b38-b2ed25dbfc51&an_uid=0