www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.group-ib.com/blog/cve---winrar-zero-day Page URL
2. https://www.group-ib.com/blog/cve---winrar-zero-day Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2 HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2&e_ipv6=AQKsYGXDaHyPCQAAAZHHS1onEEiw9t1wzLbr2IwiVW9XGboRBnq77-X9lQLCp2gWqcyqxnU

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	cve---winrar-zero-day Show response www.group-ib.com/blog/	7 KB 7 KB	223ms 43ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software / Resource Hash bc08f79100f97884786f93d6401c23dc855770e058e6141309f9f290f8ad7e79 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers cache-control no-cache, no-store, must-revalidate content-type text/html date Fri, 06 Sep 2024 12:24:46 GMT
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	343 KB 135 KB	283ms 77ms	Script text/javascript	138.201.59.158 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 138.201.59.158 Mannheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.158.59.201.138.clients.your-server.de Software nginx / Resource Hash 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:46 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 1 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET DATA	200 OK	truncated /	488 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5b3dd47491d08c95a4f1e92c54dc916498bccb4e5bc733e56ec127298c2e7ffd Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 74fcd713930c6189919d1f569c06535fb20777fb25b2b6d166cb8df73529b80c Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	205 B 686 B	58ms 58ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c0fe7c3c72571fac6710d409aaf1e3e70d142d2f2cee8a1dfa31dea9a67262ed Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 x-cfids - Response headers date Fri, 06 Sep 2024 12:24:47 GMT content-encoding gzip server nginx etag W/"hMnRDrCKXXA7//hlIxScF5UWammaELHG1/8aJWZT2IC9IPNUeMiCxxQFuvTT9FtMoz4537/EqFPBFYAMUKpMeE84YVBRedZnSlTw6QA4whRFy0Aq8gY4htckLXXXwiEFjhfUQNw7pkxfTf7IZoUHmWjA" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 1
GET H2	200	favicon.ico www.group-ib.com/	7 KB 3 KB	48ms 48ms	Other image/vnd.microsoft.icon	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:47 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 2882 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 Jun 2022 11:31:28 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/vnd.microsoft.icon access-control-allow-origin https://www.group-ib.com cache-control max-age=2592000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sun, 06 Oct 2024 12:24:47 GMT
POST H2	200	fl Show response www.group-ib.com/api/	685 B 1 KB	195ms 186ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=hMnRDrCKXXA7%2F%2FhlIxScF5UWammaELHG1%2F8aJWZT2IC9IPNUeMiCxxQFuvTT9FtMoz4537%2FEqFPBFYAMUKpMeE84YVBRedZnSlTw6QA4whRFy0Aq8gY4htckLXXXwiEFjhfUQNw7pkxfTf7IZoUHmWjA Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1d2fb9c985d236ff02e4024904f8aa9a3ab04d8e2a51c3d587d7b3428cd16cbf Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 06 Sep 2024 12:24:48 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 92 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	404	Primary Request cve---winrar-zero-day Show response www.group-ib.com/blog/	74 KB 17 KB	388ms 387ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/blog/cve---winrar-zero-day Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c2748bb8136063a1237769a0dea48a26f4cdf27c55c0f991e7d58e1e651d7e5f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-origin https://www.group-ib.com cache-control no-cache, must-revalidate, max-age=0 content-encoding gzip content-length 16800 content-type text/html; charset=UTF-8 date Fri, 06 Sep 2024 12:24:49 GMT expires Wed, 11 Jan 1984 05:00:00 GMT permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security max-age=31536000; includeSubDomains vary X-Forwarded-Proto,Accept-Encoding x-content-type-options nosniff x-frame-options sameorigin x-xss-protection 1; mode=block
POST H2	200	fl www.group-ib.com/api/	685 B 1021 B	290ms 287ms	Ping application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=cPtpJ9UVO5e%2FjX8xP%2FmYJx9TTWFBoUcV69oo8YCZF8Yy6t2rc7ZtEcW%2Be9%2BaBfIVk5di%2FpCuHxowfA%2BwcgQgaWaUH2n5S8V7BlbI83vhzKA4rTPZ2pXgP8ClldYk6%2FdGIGzKGx9qtK4W%2B5DzGRRWErQbwBWHEErQ3Rn7 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 06 Sep 2024 12:24:48 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 29 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	343 KB 135 KB	83ms 81ms	Script text/javascript	138.201.59.158 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 138.201.59.158 Mannheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.158.59.201.138.clients.your-server.de Software nginx / Resource Hash 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:49 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 1 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	swiper-bundle.min.js Show response www.group-ib.com/wp-content/themes/gib-theme/assets/js/	140 KB 39 KB	166ms 162ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 39504 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:41:14 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	classic-themes.min.css www.group-ib.com/wp-includes/css/	217 B 249 B	122ms 119ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-includes/css/classic-themes.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 189 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	dashicons.min.css www.group-ib.com/wp-includes/css/	58 KB 35 KB	126ms 122ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-includes/css/dashicons.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 35730 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 10 Jun 2022 07:03:36 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	frontend.min.css www.group-ib.com/wp-content/plugins/post-views-counter/css/	1 KB 505 B	125ms 122ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 440 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 26 Jun 2024 10:01:02 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	frontend.min.js Show response www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/	4 KB 2 KB	122ms 119ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/frontend.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ab89ce5085f7176183ab9b4787cd956f1fb7c27ef7fd9038fa331bb04bb66a41 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 1748 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 23 Jul 2024 05:27:13 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	jquery.min.js Show response www.group-ib.com/wp-includes/js/jquery/	88 KB 30 KB	84ms 81ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-includes/js/jquery/jquery.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 30995 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	page-404.css www.group-ib.com/wp-content/themes/gib-theme/assets/css/	199 KB 30 KB	127ms 125ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 87847d65e19b8d0a6a4b0ef9ddd19ae589ee1d078234c838e47010809e10e1ef Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 30746 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 02 Sep 2024 03:48:03 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	v2.js Show response js-eu1.hsforms.net/forms/	483 KB 157 KB	161ms 65ms	Script application/javascript	172.65.255.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsforms.net/forms/v2.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-encoding gzip x-evy-trace-route-service-name envoyset-translator age 479 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8bd6880c82f18fd0-OTP x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"6baa082bb753a0d6d6e8a595ed1a8003" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.5999/bundles/project-v2.js date Fri, 06 Sep 2024 12:24:49 GMT x-amz-version-id AFaf8mWb39Qooe1K5qzICbDOfESNQB7s x-content-type-options nosniff cf-cache-status HIT via 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 x-hubspot-correlation-id 16806d99-0672-43dc-b355-2040d2e85f08 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 16806d99-0672-43dc-b355-2040d2e85f08 last-modified Tue, 03 Sep 2024 14:36:36 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ue5og9ZsywbOL6pjhgATcGAu9biK5Y2pqz7foca2U72cx0r%2BWv%2Bb6BGMzazPJHwOSs9r6UuZgosi0umGt0VSqm041q1yBsZraKXVlBj78x3Hls36GQkBh8S9XfLs%2BXQyV%2FoLJA%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-75dd7fb59f-sr4vk cf-ray 8bee702b8e2e4541-TXL x-amz-cf-id nc0lwRu1LRwA-ZnVBCjXRfo-TadRtHW33ZGXTzkNlJf_PASPkU_IeQ==
GET H2	200	main-logo.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	3 KB 2 KB	79ms 77ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 1527 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 01 Apr 2024 10:01:09 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	ti.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 6 KB	78ms 76ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 5942 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	asm.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 6 KB	87ms 86ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 5964 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	fp.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	8 KB 8 KB	87ms 86ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 7840 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	drp.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	5 KB 5 KB	65ms 64ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 5421 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	mxdr.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 6 KB	119ms 109ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 6529 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	bep.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 6 KB	119ms 110ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 6275 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	search-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	982 B 474 B	117ms 108ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/search-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 410 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 14 Mar 2024 09:08:51 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	close-24.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	225 B 242 B	119ms 110ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/close-24.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 09db0fe5456fc4d29ab545243f6d9904eee2adc91cc78c426d8c756644bbf5d6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 177 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 20 Mar 2024 13:15:58 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	404.png www.group-ib.com/wp-content/themes/gib-theme/assets/images/	72 KB 71 KB	120ms 111ms	Image image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/404.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash e23ab128ffb44a94d6050cbf8d14dc53e5a4d12bae6966cc80bb9a8249865cc9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 08:38:53 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H2	200	manage_search.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/	1 KB 569 B	96ms 88ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/manage_search.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash d6bc88caffcb54a25566c447acf5340cc1dd077a3542ca03cd787a11f7078664 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 527 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 07:56:21 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	library_books.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/	1 KB 499 B	95ms 87ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/library_books.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ce9689231d794b551c47d5460e41cd3a9335da141ff438e19dce5772686551c8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 430 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 07:56:21 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	school.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/	920 B 441 B	116ms 108ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/school.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 450692317061394e6b7ec5082bc933700a1cd1653a2b4c08c9d4441b44c79f16 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 400 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 07:56:21 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	groups.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/	3 KB 818 B	84ms 77ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/gradient-icons/groups.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 980591c6ae38518228a218963130c81ae35e9597a5000ac533fefefd4efb3f39 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 753 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 07:56:21 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	Arrow_Forward_Up.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	425 B 331 B	68ms 60ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Arrow_Forward_Up.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash cdfabceb7ae1940f42d871a2ee6a2f092de52f73db37b1bc5b01a87379106401 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 266 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Sun, 21 Aug 2022 10:10:53 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	twitter-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	1 KB 566 B	83ms 77ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/twitter-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash a0da28e8bd00bbe274035dfe6c59a30984ddc71202c69842f84f0b4d04689674 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 524 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	linkedin-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	588 B 431 B	95ms 88ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/linkedin-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 6cb3c6cb78253a7cfafea392e581f5f2ce0ee177c24e53ea31e68f7aee569238 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 349 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	instagram-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	923 B 450 B	86ms 80ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/instagram-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 100a79b22a580f1698a9950e8c18aefa79de0fd88e81a0a145e90fc4e8a59a2c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 408 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	facebook-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	415 B 319 B	86ms 80ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/facebook-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 2952e22cc927982fa938a6fb0d5cd78316bb9b8e78872b27294a30addbfdc525 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 277 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	telegram-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	773 B 504 B	97ms 92ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/telegram-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 5c7deb6b8db45580119b8192f45da9486bf6fd1694660e413ee57932305b5e55 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 462 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	medium-icon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	767 B 847 B	97ms 91ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/medium-icon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1912b691f446ed5b1da215a578b0658ffa03526efb75eb2ea28bcf0e7bfd4f92 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 361 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 05 Oct 2022 12:20:15 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	jquery-ui.js Show response www.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/	517 KB 124 KB	113ms 108ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/jquery-ui.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash e97315234cc1f1c4737d98ea29c0f4d4f06c032dc5943012ae50bc4b10a92276 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	fancybox.umd.js Show response www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/	103 KB 29 KB	76ms 76ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 29634 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	main.js Show response www.group-ib.com/wp-content/themes/gib-theme/assets/js/	33 KB 5 KB	99ms 94ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 215c13199ec3ef950bd100031e13ae6efe6ad72c8b91c98fbdfed812fe2f4432 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 5081 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 08 Aug 2024 07:25:08 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	lazyload.min.js Show response www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/	9 KB 3 KB	85ms 80ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 3053 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 10 Jul 2024 14:54:05 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 1 KB	165ms 77ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 19ad5362bf1d2eb0a92a4ce64fbe6370c1a57d210c914555c47f9fe7d9ba0180 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 6459c3a6-fc64-4026-bd08-fe2fb3fda08e cf-polished origSize=2013 x-envoy-upstream-service-time 42 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6459c3a6-fc64-4026-bd08-fe2fb3fda08e cf-bgj minify last-modified Fri, 06 Sep 2024 11:50:48 GMT server cloudflare access-control-max-age 3600 vary origin, Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-576d445cf9-nknjb x-evy-trace-virtual-host all access-control-allow-credentials true cf-ray 8bee702d0f5158e4-TXL
GET H2	200	j.php Show response dev.visualwebsiteoptimizer.com/	3 KB 2 KB	134ms 43ms	XHR application/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/j.php?a=93623&u=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&vn=2.1&x=true Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gfra2 / Resource Hash 7d5299b3465084024f392e9bb88d37a0387938891d5be39c1d18908a7c0678a2 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding gzip via 1.1 google server gfra2 vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin https://www.group-ib.com cache-control public, max-age=0, no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET DATA	200 OK	truncated /	486 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash df7a1b9e6804131989c4e8bea39c3b36bb6b54206df8905f23fb336ca3c4a885 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cb006d7a6fd3cdf2af3e88c25e200338e093e5fdd5d786310a07df1482361e63 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	217 B 660 B	58ms 58ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash e2fca0d7ca2213d0b78538391c3e1ca749df5862e57a1d50c0cd9971f54fbd2f Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 pfTyhYRy4v4euGN9x3k/Kc0N9AUiyBvt95iihTC/Ie1DOynwOioaX4LRBkSObEoYhLx69P2wBpKr6gPJ7XvOsRlfkkaEi39KILMGadqd9G6l8PUfmLYexdqikGjlIqyVNff/0gO+WpHrcAv4Qvo8o7wKJnGTriW0rUkoeBcpJ4Ht939tAGjZpdC2wdhOEd5OQpnwv2v7uS6wzqVMGmv7P+NFr2iwiLboXGc26jDnwcSHRVFS7LqakbrQJhbtz/+/c3DWXQem8tMxlSoNzw== Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 uZ4Ub255b926274bc1c7ec78d8a73d1531059f35 x-cfids cPtpJ9UVO5e/jX8xP/mYJx9TTWFBoUcV69oo8YCZF8Yy6t2rc7ZtEcW+e9+aBfIVk5di/pCuHxowfA+wcgQgaWaUH2n5S8V7BlbI83vhzKA4rTPZ2pXgP8ClldYk6/dGIGzKGx9qtK4W+5DzGRRWErQbwBWHEErQ3Rn7 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding gzip server nginx etag W/"T4HOByosF3A5o7I9EOFmVUBJAcSSsucknaKDcZtsECNRm3X+8L7yW6oNwBlXhpdBVa69Nx4dzEUWL+/AzQtEtyGau4b2YDDKe0xIzZaeL/for8Cpnmsc15h5VSdbaDTWzANTEUUtoqvoDR7ApOjwXOeVBxMzlW6pIzXE" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 0
GET H2	200	G-font-Medium.otf www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	60 KB 35 KB	59ms 58ms	Font font/otf	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Origin https://www.group-ib.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 35382 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 27 Nov 2023 11:44:59 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type font/otf access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	G-font-Regular.otf www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	47 KB 30 KB	57ms 57ms	Font font/otf	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Origin https://www.group-ib.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 30798 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 27 Nov 2023 11:44:59 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type font/otf access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/	9 KB 3 KB	174ms 88ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 67d3c47593e3e595f0eab2fe26222df8b8cce4439e1e491c39c3fab20afac20a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-origin-hublet eu1 Date Fri, 06 Sep 2024 12:24:49 GMT Content-Encoding gzip x-content-type-options nosniff CF-Cache-Status DYNAMIC Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3d55e1ae-2586-469c-8478-3e1c1a8ec5d4 Transfer-Encoding chunked x-envoy-upstream-service-time 21 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3d55e1ae-2586-469c-8478-3e1c1a8ec5d4 Server cloudflare vary origin access-control-allow-methods OPTIONS, GET Content-Type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false Cache-Control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * CF-RAY 8bee702dbeb344f2-TXL x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-9vrkd
GET H2	200	cross.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	342 B 248 B	54ms 54ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 207 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	v.gif dev.visualwebsiteoptimizer.com/	35 B 146 B	137ms 136ms	Image image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=93623&d=group-ib.com&u=D18AAC07AD5B41F736C410C1D2D5022A1&h=d05270767d73c271de5f40e3e4e979bc&t=false Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv01c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:48 GMT via 1.1 google x-content-type-options nosniff server gnv01c content-type image/gif access-control-allow-origin * cache-control public, max-age=43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/	112 KB 31 KB	193ms 117ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3be28c7f1acf9dbafbc7fe80d74159aeff29a2f9eaec78e2d9c7da9dfb3536be Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-origin-hublet eu1 Date Fri, 06 Sep 2024 12:24:49 GMT Content-Encoding gzip x-content-type-options nosniff CF-Cache-Status DYNAMIC Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id df22b482-9101-487e-9e9f-d35b86e9e2a2 Transfer-Encoding chunked x-envoy-upstream-service-time 26 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id df22b482-9101-487e-9e9f-d35b86e9e2a2 Server cloudflare vary origin access-control-allow-methods OPTIONS, GET Content-Type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false Cache-Control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * CF-RAY 8bee702ded24aca4-TXL x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-ljsg5
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/	105 KB 30 KB	190ms 117ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cd73e39bc9a0edfdee0dc6a326d04df2f5d7f7e2965dc024d5050e25876c4c4d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-origin-hublet eu1 Date Fri, 06 Sep 2024 12:24:49 GMT Content-Encoding gzip x-content-type-options nosniff CF-Cache-Status DYNAMIC Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e044a00a-9713-4cd1-92b0-40a33567e3b1 Transfer-Encoding chunked x-envoy-upstream-service-time 32 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e044a00a-9713-4cd1-92b0-40a33567e3b1 Server cloudflare vary origin access-control-allow-methods OPTIONS, GET Content-Type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false Cache-Control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * CF-RAY 8bee702defbc5902-TXL x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-9vrkd
GET H2	200	dropdown_before.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	154 B 191 B	62ms 61ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 150 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	link-arrow.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	409 B 309 B	63ms 63ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 267 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=10368000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 04 Jan 2025 12:24:49 GMT
GET H2	200	404-bg-md.jpg www.group-ib.com/wp-content/themes/gib-theme/assets/images/bg/	553 KB 543 KB	64ms 63ms	Image image/jpeg	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/bg/404-bg-md.jpg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 68271e52880183aa09c4a836bd2277058ef919d2c58a28cc4026ce90f75ff03a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/page-404.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 29 May 2024 07:56:21 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/jpeg access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:48 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/	9 KB 3 KB	186ms 116ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 12696423e43ebbbe0cb6f81d52e9e3b8c5107e4492dd2f1fb64e889aa5262e20 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-origin-hublet eu1 Date Fri, 06 Sep 2024 12:24:49 GMT Content-Encoding gzip x-content-type-options nosniff CF-Cache-Status DYNAMIC Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 99160057-ac90-499b-b392-d43638242b58 Transfer-Encoding chunked x-envoy-upstream-service-time 15 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 99160057-ac90-499b-b392-d43638242b58 Server cloudflare vary origin access-control-allow-methods OPTIONS, GET Content-Type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers X-Origin-Hublet access-control-max-age 180 access-control-allow-credentials false Cache-Control max-age=0, no-cache, no-store x-robots-tag none access-control-allow-headers * CF-RAY 8bee702e0ac74504-TXL x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-xd9lb
GET H2	200	gtm.js Show response www.googletagmanager.com/	349 KB 109 KB	166ms 63ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 28ab9ef3728cd7f65a3ccdd32171a5118869e43570299b270e84cd6969606e6c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110732 x-xss-protection 0 last-modified Fri, 06 Sep 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 06 Sep 2024 12:24:49 GMT
GET H2	200	insight.min.js Show response www.group-ib.com/wp-content/themes/gib-theme/assets/js/	8 KB 3 KB	65ms 63ms	Script application/javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:49 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 3085 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 15 Jul 2022 14:12:57 GMT server nginx vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/javascript; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control max-age=31536000, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Sat, 06 Sep 2025 12:24:49 GMT
GET H2	200	banner.js Show response js-eu1.hs-banner.com/v2/25755956/	72 KB 26 KB	211ms 68ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/v2/25755956/banner.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ed9455ae719192a857e9f33f175e8b5fbccdc4523eaf3ce5c70f3d5f3851d995 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT x-amz-version-id C6rEyUu_2s7hALwruo4b0RfACYAwz9sr content-encoding gzip cf-cache-status HIT x-amz-request-id 31D6T5WFXGST222X x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id b2fbfce3-2862-4b36-a656-7f69f1d6cc2c x-envoy-upstream-service-time 49 x-amz-id-2 qh9kHHU/E5lq/pa1V8LvlP+R0BKHCIp9p7Z6IaXnFohAR+Nz+U2U05m3FSP8QbddVNhW4rP/SMc= x-evy-trace-listener listener_https x-request-id b2fbfce3-2862-4b36-a656-7f69f1d6cc2c x-evy-trace-route-configuration listener_https/all last-modified Tue, 20 Aug 2024 09:47:04 GMT server cloudflare etag W/"f3173459e8fc46af0921255adf1b8af5" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.facct.ru x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-5cc6cdbf4d-5nxw4 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 8bee702f3ae34516-TXL expires Fri, 06 Sep 2024 12:26:33 GMT
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1725623400000/	69 KB 25 KB	266ms 123ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1725623400000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e8b021d7202342b3fcdd438dd88b4d52415d6c842f3655847d31032329b33bfa Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding gzip cf-cache-status REVALIDATED x-amz-request-id EK8G77FT3NQCEEJW x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 7f205125-e690-47ff-b682-a2490e5d64cd x-envoy-upstream-service-time 23 x-amz-id-2 JnnM2S6fB6GIUn8dr6elZzecu2RCG0RYDigaw3m+LnBHIdL70euZ11s6yrZ9k3PKX7vFmJonROQ= x-evy-trace-listener listener_https x-request-id 7f205125-e690-47ff-b682-a2490e5d64cd x-evy-trace-route-configuration listener_https/all last-modified Tue, 27 Aug 2024 10:29:24 GMT server cloudflare etag W/"9d2b77db1529c218c65554401aa3b684" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-5cc6cdbf4d-497g6 cache-control max-age=300,public access-control-allow-credentials false cf-ray 8bee702f3b0a6a76-TXL expires Fri, 06 Sep 2024 12:29:49 GMT
GET H2	200	web-interactives-embed.js Show response js-eu1.hubspot.com/	83 KB 25 KB	233ms 90ms	Script application/javascript	172.65.236.181 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hubspot.com/web-interactives-embed.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-encoding gzip x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8ba6fba99fc14522-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"edf91c1320ba2916398ed791b63187bc" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.1426/bundles/project.js date Fri, 06 Sep 2024 12:24:49 GMT x-amz-version-id 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0 x-content-type-options nosniff cf-cache-status HIT via 1.1 cae5c5323232533718f592c973f01432.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 x-hubspot-correlation-id 078cccd0-4bd3-446e-b5f1-fd88afccb695 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-request-id 078cccd0-4bd3-446e-b5f1-fd88afccb695 last-modified Wed, 28 Aug 2024 20:01:26 UTC server cloudflare access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsfjkBQ%2BOH16TsQdEjr7OzYVHXFuygYjd9CskMKhvTqUYt70ijpWIyFzxz40RHs5JLWrtgrLyGoSyVmWmBz45j79OdyQIxvDu%2Ft7JQDLdMYxrMKvS7yVPlX7NpE%2BS%2FELGNZcug%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status MISS x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-75dd7fb59f-sr4vk cf-ray 8bee702f3ee16a73-TXL x-amz-cf-id 6KmmqMTyPlK0NTc3OlioTIBkhdfqvGG9mEPuO0L5CTJYqzl4j0vCBg==
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	6 KB 4 KB	194ms 51ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eeecc1c14b175e0226295f130c6121ddf605878b3489fd61181911c17c9b2a74 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT x-amz-version-id CKdUucj42qReK_MB.X3dwG61CXEt1Id2 content-encoding gzip x-content-type-options nosniff via 1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop FRA60-P6 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 94a7d8e1-f4b8-4561-9a15-35f309f40f59 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.595/bundles/pixels-release.js&cfRay=8be6fc6d1987d3bc-FRA x-cache Hit from cloudfront cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod age 6 x-envoy-upstream-service-time 5 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 94a7d8e1-f4b8-4561-9a15-35f309f40f59 last-modified Thu, 05 Sep 2024 14:32:20 UTC server cloudflare etag W/"ba2542491f85a69ea1e0553167ab5227" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status MISS x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-75dd7fb59f-sr4vk cf-ray 8bee702f3b744528-TXL x-amz-cf-id dViVg2U7dSxyWlT3zYWOX7SXnvx3XeBPxUOJ2Kuy-vhmz6AWtggVMQ== x-hs-target-asset adsscriptloaderstatic/static-1.595/bundles/pixels-release.js
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1 KB	443ms 74ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:50 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3b734cc5-3a3f-44bf-81cb-60f4a9f6d396 x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3b734cc5-3a3f-44bf-81cb-60f4a9f6d396 Server cloudflare vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-2mzwq access-control-expose-headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none CF-RAY 8bee7030b90444fe-TXL
GET H2	200	collect px.ads.linkedin.com/	0 666 B	292ms 184ms	Image application/javascript	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1725625489673&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 3DC05127911C41809FDB62F7557BB102 Ref B: FRAEDGE1205 Ref C: 2024-09-06T12:24:49Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYhcn5W1Q6xQ09HwG9iBg==
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1 KB	439ms 63ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:50 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 760e1797-a139-4497-a8fa-9aeff49e5f9b x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 760e1797-a139-4497-a8fa-9aeff49e5f9b Server cloudflare vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-2mzwq access-control-expose-headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none CF-RAY 8bee7031098644fe-TXL
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1 KB	777ms 136ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:50 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 13c5c81d-c9fc-4fcc-9cd1-88f2be97dac2 x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 13c5c81d-c9fc-4fcc-9cd1-88f2be97dac2 Server cloudflare vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-ljsg5 access-control-expose-headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none CF-RAY 8bee70335d8444fe-TXL
GET H2	200	js Show response www.googletagmanager.com/gtag/	334 KB 109 KB	73ms 72ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 90f6891b9f8203caa0bf8ac1c428dc8a2b4baeb5c5ada28a6ab4b014a08a64c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 111233 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 06 Sep 2024 12:24:49 GMT
GET H2	200	destination Show response www.googletagmanager.com/gtag/	230 KB 83 KB	52ms 51ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-10897073384&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 87e4e5c8e36f9744f7621d46980b993f0be9945c5fc9ca4b6d5419d0c23c70b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 84837 x-xss-protection 0 last-modified Fri, 06 Sep 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 06 Sep 2024 12:24:49 GMT
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	174ms 48ms	Script application/javascript	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 20 Jun 2024 19:23:03 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "71b328aff914ada8b774bfa8fff542c4" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 12116
GET H2	200	bat.js Show response bat.bing.com/	49 KB 14 KB	244ms 63ms	Script application/javascript	2620:1ec:33::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash b6929e96fec5c905d42d98c6678e07fdeee26d05ee5b90129c891303775ba87f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Fri, 06 Sep 2024 12:24:49 GMT last-modified Thu, 05 Sep 2024 15:46:55 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 5EF2CDF6CE104D48AFDD52743AA03E3B Ref B: FRA31EDGE0210 Ref C: 2024-09-06T12:24:50Z etag "80c15cd5aaffda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 14281
GET H2	200	6si.min.js Show response j.6sc.co/	68 KB 19 KB	168ms 60ms	Script application/javascript	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash aea136527ca962a15eea8eb338c7667b5a44d98bff65dc09a36f5493ddbacb99 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 05 Sep 2024 16:37:55 GMT server nginx/1.14.0 (Ubuntu) etag "66d9de63-10fec" vary Accept-Encoding content-type application/javascript cache-control private, proxy-revalidate, max-age=10800 accept-ranges bytes content-length 18709 expires Fri, 06 Sep 2024 15:24:50 GMT
GET H2	200	NeverBounce.js Show response cdn.neverbounce.com/widget/dist/	96 KB 29 KB	168ms 45ms	Script application/javascript	18.66.192.19 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.neverbounce.com/widget/dist/NeverBounce.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.192.19 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-19.muc50.r.cloudfront.net Software AmazonS3 / Resource Hash c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip via 1.1 eec5ede1fdb15ceb2352a4ebfb155362.cloudfront.net (CloudFront) date Fri, 06 Sep 2024 05:50:36 GMT last-modified Mon, 02 Mar 2020 18:37:33 GMT server AmazonS3 x-amz-cf-pop MUC50-P1 age 23699 etag W/"c1e06621030dfcba15b88abbcaa546eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id -34BBFMOHGRhTw8txYUZ2yIGltCoSgLrD4LuiVbUI0Ai6tJio7rBeA==
GET H3	200	63e267f61a03d71ea3df5fe7 Show response ws.zoominfo.com/pixel/	3 KB 2 KB	310ms 251ms	Script text/javascript	104.16.118.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 63350118091265f803e8414653232bd05a48ab58be83ca43b82cf63a2e712e04 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url alt-svc h3=":443"; ma=86400 cf-ray 8bee70301ddc62d8-HAM
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/	225 KB 58 KB	97ms 43ms	Script application/x-javascript	157.240.251.9 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-fra5.fbcdn.net Software / Resource Hash 0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 06 Sep 2024 12:24:49 GMT document-policy force-load-at-top x-fb-server-load 48 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58953 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4309, tp=9, tpl=0, uplat=2, ullat=-1 pragma public x-fb-debug pAoQG5oooOgXzRJCwOs9QaC/+86HyQFZpSzi2vAzVYG06ZZy1uikK78zTK7ZYhET1acHI+Kj0q0XugLvViMH6w== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	1010045.js Show response tracking.g2crowd.com/attribution_tracking/conversions/	2 KB 1 KB	411ms 322ms	Script text/javascript	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/1010045.js?p=https://www.group-ib.com/blog/cve---winrar-zero-day&e= Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash de8cf14ac6fe79a56face1694a20ef3baf1c6cce9c64c98ddef8548183ad978a Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-encoding br x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy cross-origin content-disposition inline x-xss-protection 0 referrer-policy no-referrer server cloudflare cross-origin-opener-policy same-origin x-download-options noopen vary Origin, Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript;charset=UTF-8 access-control-allow-origin * origin-agent-cluster ?1 cf-ray 8bee70304b7ed371-FRA
GET H2	200	1010056.js Show response tracking.g2crowd.com/attribution_tracking/conversions/	2 KB 1 KB	400ms 329ms	Script text/javascript	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/1010056.js?p=https://www.group-ib.com/blog/cve---winrar-zero-day&e= Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 783dae3309157ed5bd78ca69c0a182cf664295245fdb70aa6f1482277bd69793 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-encoding br x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy cross-origin content-disposition inline x-xss-protection 0 referrer-policy no-referrer server cloudflare cross-origin-opener-policy same-origin x-download-options noopen vary Origin, Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript;charset=UTF-8 access-control-allow-origin * origin-agent-cluster ?1 cf-ray 8bee70304b80d371-FRA
GET H2	200	1010057.js Show response tracking.g2crowd.com/attribution_tracking/conversions/	2 KB 2 KB	349ms 313ms	Script text/javascript	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/1010057.js?p=https://www.group-ib.com/blog/cve---winrar-zero-day&e= Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a6275519a7d1d92019cfe9ce0e3ce780e04b6eb7629f087d277fac99f61a6b34 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-encoding br x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy cross-origin content-disposition inline x-xss-protection 0 referrer-policy no-referrer server cloudflare cross-origin-opener-policy same-origin x-download-options noopen vary Origin, Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript;charset=UTF-8 access-control-allow-origin * origin-agent-cluster ?1 cf-ray 8bee70304b83d371-FRA
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2 https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2&e_ipv6=AQKsYGXDaHyPCQAAAZHHS1onEEiw9t1wzLbr...	0 267 B	342ms 189ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2&e_ipv6=AQKsYGXDaHyPCQAAAZHHS1onEEiw9t1wzLbr2IwiVW9XGboRBnq77-X9lQLCp2gWqcyqxnU Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:49 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: B30AF8A094384BFD8B485E4093B3199C Ref B: DUS30EDGE0810 Ref C: 2024-09-06T12:24:50Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYhcn5dVVDY28QNra9L+Q== Redirect headers date Fri, 06 Sep 2024 12:24:49 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 4AA43BBDB41F418CB19C0D78C1844FBA Ref B: FRAEDGE1205 Ref C: 2024-09-06T12:24:49Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1725625489852&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&tm=gtmv2&e_ipv6=AQKsYGXDaHyPCQAAAZHHS1onEEiw9t1wzLbr2IwiVW9XGboRBnq77-X9lQLCp2gWqcyqxnU x-li-proto http/2 content-length 0 x-li-uuid AAYhcn5YCaknt5znYgmO5w==
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	250 B 1 KB	161ms 66ms	XHR application/json	2a06:98c1:3200::90:2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id f377e3a2-769a-47a6-9bf3-fad4a456808b content-encoding br x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f377e3a2-769a-47a6-9bf3-fad4a456808b server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-576d445cf9-r5bn8 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vr8NdvEHuwF4tqpoPcd07mdOsjEXl4icsMdoI3n327CgyShIVbKRBFlUpMFvqR9nI8J7Jzewf5v%2BixB739mwoc9V5kFI0o1LuL998RHo%2FYqCvwl5dxfnknXZAL4yr1YdxsnUpeBQdZ5kpoFwDlnI%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8bee70306ac11c05-FRA access-control-allow-headers *
GET H2	200	combinedConfigs Show response cta-eu1.hubspot.com/web-interactives/public/v1/embed/	95 B 1 KB	176ms 81ms	Fetch application/json	172.65.198.159 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&referrer=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id f851d434-b8d7-4cd9-85bc-fbd5d39ea973 content-encoding br x-envoy-upstream-service-time 12 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f851d434-b8d7-4cd9-85bc-fbd5d39ea973 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJI2Yz4HaU%2B5VwvQIL9WVZYeo3E%2Fv%2BjLjaHeogLT4xN9nlqQ%2BSjC3qoFF4Y12PzBKopL62WusiauXNqrXj9J%2BgP%2Fn6mqHm4EvvONjAQNpHTf4XRl0MuLQ%2F%2Fb7sOGUB5ypCDVrZk%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 8bee70307c33aca7-TXL x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-ljsg5
POST H2	204	collect region1.analytics.google.com/g/	0 0	159ms 47ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je4940v9101996448z872040694za200zb72040694&_p=1725625489523&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=51829850.1725625490&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&sid=1725625489&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&dt=Page%20not%20found%20%7C%20Group-IB&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1343 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 255 B	177ms 52ms	Ping text/plain	2a00:1450:400c:c1d::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=51829850.1725625490&gtm=45je4940v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=0 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c1d::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	170ms 80ms	Image image/gif	142.250.185.195 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=51829850.1725625490&gtm=45je4940v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=1905445464 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	649324202964935 Show response connect.facebook.net/signals/config/	76 KB 15 KB	44ms 43ms	Script application/x-javascript	157.240.251.9 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.167&r=stable&domain=www.group-ib.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-fra5.fbcdn.net Software / Resource Hash 9c2b4e907eae95a80f90e2a5e56a10ce4f79ba3c5b184a4c6850443e64e5bad2 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 06 Sep 2024 12:24:50 GMT document-policy force-load-at-top x-fb-server-load 42 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 15373 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=38, rtx=0, c=74, mss=1232, tbw=66981, tp=62, tpl=0, uplat=1, ullat=-1 pragma public x-fb-debug WmrOdCLm/6YWWHJUBcZhUMSDyrCEVUgPUDTMEohQBZ21QBrqMYEQHbmkyTZpjD8aExTmsVum6Ip/ygi8wS+vaA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	265 KB 91 KB	59ms 59ms	Script application/javascript	142.250.185.136 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.136 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f8.1e100.net Software Google Tag Manager / Resource Hash ce7eac31e3aa115787f4ea971aa4f38d9a7e2d5c77076535f8e5c020cb573569 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 93625 x-xss-protection 0 last-modified Fri, 06 Sep 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 06 Sep 2024 12:24:50 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	265 KB 92 KB	64ms 63ms	Script application/javascript	142.250.185.136 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.136 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f8.1e100.net Software Google Tag Manager / Resource Hash f09b49ae64d4bbad80644aa0d0d5064182fb527365acde5664247d134d8f6bb5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 93737 x-xss-protection 0 last-modified Fri, 06 Sep 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 06 Sep 2024 12:24:50 GMT
GET H2	200	config Show response pixel-config.reddit.com/pixels/a2_du2owjr6f67j/	3 B 124 B	138ms 42ms	XHR application/json	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/a2_du2owjr6f67j/config Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip via 1.1 varnish content-type application/json access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes content-length 27
GET H2	200	a2_du2owjr6f67j_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 699 B	157ms 57ms	XHR application/json	2a04:4e42::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_du2owjr6f67j_telemetry Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 97
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	139ms 41ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1725625490040&id=a2_du2owjr6f67j&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=7e27011b-4dde-40e7-8a85-3426b139ad66&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc= Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	420ms 144ms	Script application/javascript	54.161.167.239 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_804874 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.161.167.239 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-167-239.compute-1.amazonaws.com Software nginx / Resource Hash e76af0db0591b7929946788f8bb7024a62b4581bb5d1044b042cca8e4bc3e1bc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	403ms 142ms	Script application/javascript	54.161.167.239 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_680337 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.161.167.239 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-167-239.compute-1.amazonaws.com Software nginx / Resource Hash c2946db99943cfcbd7e69507273a53d8ddfc82fb2c6c6821f26711747be6d0d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 283 B	358ms 141ms	Script application/javascript	54.161.167.239 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_166566 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.161.167.239 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-167-239.compute-1.amazonaws.com Software nginx / Resource Hash fbc4eafc509993912541b9b234655e6f36a00c8fbb4478a5d4a23b85a720950d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	291ms 142ms	Script application/javascript	54.161.167.239 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_635018 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.161.167.239 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-167-239.compute-1.amazonaws.com Software nginx / Resource Hash c757586698dc4be2147f101c53a94ec00a9435a3b1e356aa448d7231fadb3e7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	58ms 42ms	XHR text/html	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.group-ib.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	19 B 310 B	147ms 41ms	XHR text/html	2a02:26f0:480:22::1726:62ee AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:22::1726:62ee Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a0ae602e4b19bb4491ccba1bab200ae243fa876b70cefdd8894ae0111a788306 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT vary Origin content-type text/html access-control-allow-origin https://www.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:1338:92::9 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725625490149_389993774_116526853_21_953_39_46_219";dur=1 content-length 19 expires Fri, 06 Sep 2024 12:24:50 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	151ms 133ms	Image image/gif	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=288d4168-2bc9-4955-8501-8fda4cde1c83&session=a6daf8a3-f300-4f00-89be-60dd8b02803c&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2006%20Sep%202024%2012%3A24%3A50%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pageViewId=3e3a83e7-0c42-4d2b-83cb-62a937e6ecdb&v=1.1.24 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Fri, 06 Sep 2024 12:24:50 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	160ms 145ms	Image image/gif	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=288d4168-2bc9-4955-8501-8fda4cde1c83&session=a6daf8a3-f300-4f00-89be-60dd8b02803c&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2006%20Sep%202024%2012%3A24%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2006%20Sep%202024%2012%3A24%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2006%20Sep%202024%2012%3A24%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pageViewId=3e3a83e7-0c42-4d2b-83cb-62a937e6ecdb&v=1.1.24 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Fri, 06 Sep 2024 12:24:50 GMT
GET H/1.1	200 OK	counters.gif perf-eu1.hsforms.com/embed/v3/	35 B 1 KB	156ms 72ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 12:24:50 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 73d21b34-ba26-415b-9540-efb8224b5269 x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 73d21b34-ba26-415b-9540-efb8224b5269 Last-Modified Fri, 06 Sep 2024 12:24:50 GMT Server cloudflare vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-5plsl access-control-expose-headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store access-control-allow-credentials false Accept-Ranges bytes x-robots-tag none CF-RAY 8bee703238734510-TXL
GET H2	200	/ www.facebook.com/tr/	0 274 B	142ms 43ms	Image text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&if=false&ts=1725625490099&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1725625490095.579206883396996801&cs_est=true&cdl=API_unavailable&it=1725625490031&coo=false&rqm=GET Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1297, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Fri, 06 Sep 2024 12:24:50 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 3 KB	296ms 206ms	Image image/png	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&if=false&ts=1725625490099&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1725625490095.579206883396996801&cs_est=true&cdl=API_unavailable&it=1725625490031&coo=false&rqm=FGET Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Fri, 06 Sep 2024 12:24:50 GMT document-policy force-load-at-top x-fb-server-load 43 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411505044709962789", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=40, rtx=0, c=10, mss=1297, tbw=3088, tp=-1, tpl=-1, uplat=159, ullat=0 pragma no-cache x-fb-debug dtVSwl5DLg7f8MVt+1m4HWxVE6vh9lDU2nAQNGInGSwNNJnouXZYCBEPKZK8EtzaJzNUjrmIqKmATd42ytLVCw== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411505044709962789"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	343106030.js Show response bat.bing.com/p/action/	335 B 402 B	63ms 62ms	Script application/javascript	2620:1ec:33::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/343106030.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e6eae0251ff9d9602e618bd779c3c7234b243fb71da5afa4e502443e9c007bd4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Fri, 06 Sep 2024 12:24:49 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: C003B8034A2E40D9A08AD2A77EEE4C54 Ref B: FRA31EDGE0210 Ref C: 2024-09-06T12:24:50Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=1800
GET H2	204	0 bat.bing.com/action/	0 177 B	66ms 65ms	Image text/plain	2620:1ec:33::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=343106030&tm=gtm002&Ver=2&mid=0d95399f-1c94-455d-9ba0-fe0f986a76b9&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Page%20not%20found%20%7C%20Group-IB&p=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&lt=918&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=896367 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 06 Sep 2024 12:24:49 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 2A270AA651994CA88E41C04304386295 Ref B: FRA31EDGE0210 Ref C: 2024-09-06T12:24:50Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	140ms 140ms	Image image/gif	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=288d4168-2bc9-4955-8501-8fda4cde1c83&session=a6daf8a3-f300-4f00-89be-60dd8b02803c&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A9%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pageViewId=3e3a83e7-0c42-4d2b-83cb-62a937e6ecdb&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A9&v=1.1.24 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/cve---winrar-zero-day Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:50 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Fri, 06 Sep 2024 12:24:50 GMT
POST H2	200	assign tracking.g2crowd.com/attribution_tracking/conversions/	0 0	150ms 148ms	Ping text/html	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/assign Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundarymAC8eZvf6OrU7Eis Response headers
POST H2	200	assign tracking.g2crowd.com/attribution_tracking/conversions/	0 0	144ms 143ms	Ping text/html	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/assign Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundarynuoNra75q1YE4N4Y Response headers
POST H2	200	assign tracking.g2crowd.com/attribution_tracking/conversions/	0 0	149ms 148ms	Ping text/html	2606:4700::6812:1fb0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/assign Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryVS84b2wru9vhpYAJ Response headers
POST H2	200	fl Show response www.group-ib.com/api/	685 B 1 KB	202ms 187ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=T4HOByosF3A5o7I9EOFmVUBJAcSSsucknaKDcZtsECNRm3X%2B8L7yW6oNwBlXhpdBVa69Nx4dzEUWL%2B%2FAzQtEtyGau4b2YDDKe0xIzZaeL%2Ffor8Cpnmsc15h5VSdbaDTWzANTEUUtoqvoDR7ApOjwXOeVBxMzlW6pIzXE Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 8e90f5af0d8503c6db8e439c105092d93649cc7358a13149f0997a667de38f78 Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 pfTyhYRy4v4euGN9x3k/Kc0N9AUiyBvt95iihTC/Ie1DOynwOioaX4LRBkSObEoYhLx69P2wBpKr6gPJ7XvOsRlfkkaEi39KILMGadqd9G6l8PUfmLYexdqikGjlIqyVNff/0gO+WpHrcAv4Qvo8o7wKJnGTriW0rUkoeBcpJ4Ht939tAGjZpdC2wdhOEd5OQpnwv2v7uS6wzqVMGmv7P+NFr2iwiLboXGc26jDnwcSHRVFS7LqakbrQJhbtz/+/c3DWXQem8tMxlSoNzw== Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Si0X435259265190933c6f3db4d061e6c188dfe6 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 06 Sep 2024 12:24:50 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 47 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H3	200	709834390277869 Show response connect.facebook.net/signals/config/	27 KB 3 KB	48ms 46ms	Script application/x-javascript	157.240.251.9 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/709834390277869?v=2.9.167&r=stable&domain=www.group-ib.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C130%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C123%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS xx-fbcdn-shv-01-fra5.fbcdn.net Software / Resource Hash 0ebd5162f049fadb8a98e6a5fca9e8ca7ce8bc628893071febbba180cd52bce9 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 06 Sep 2024 12:24:50 GMT document-policy force-load-at-top x-fb-server-load 41 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 3256 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=40, rtx=0, c=87, mss=1232, tbw=83891, tp=79, tpl=0, uplat=1, ullat=-1 pragma public x-fb-debug nbVix6sbAlKjmjEhNT+YUX/Nx1gj+I+JhNPg4M+lN3FtgvSym+FneVrMF3tN+W4GVmUB8ElQXARlSI5MGfSfcg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 639 B	189ms 98ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490578&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3190eeeb-6192-46f3-ae52-1f8ffcae7f13 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3190eeeb-6192-46f3-ae52-1f8ffcae7f13 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obwBZMPlpANDkmtdLRSgZ%2BdW%2B%2Fr7lkiVBZ52BGjMaWmmiaSz5OFztps7IGtH8RgwQI8t0ZfQDDu%2BBM1wuLZ3eCMK%2B7%2F4Snp%2BCoQs99f8auYZgB4QJhJDHfWFbTnVFJ91D1IkD4UL8w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-xmnpw x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dceb44f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 747 B	179ms 99ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=52c16ca3-613a-412f-adf2-5c636c2627e1&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490579&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d3e2c0c2-ba82-4e07-90f3-b69aaaa55d28 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d3e2c0c2-ba82-4e07-90f3-b69aaaa55d28 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuDMWZuAFO6EnshqcLxc8DBG5XC5zy56RfwWDpd%2BRHiD9ystcmYZGvz7A9lcGT%2BopelEhLqBqaKAgNZ4Rt%2BeESDWfP%2BpW6AEZ3mq%2BfB52jeQFcGX6rfguO4hS23Od%2FqyHoiNH4tz8Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-hprsq x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dcee44f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 744 B	220ms 139ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=52c16ca3-613a-412f-adf2-5c636c2627e1&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490579&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 10ec7f8a-bff8-4013-aef3-ccb7a061cfa8 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 10ec7f8a-bff8-4013-aef3-ccb7a061cfa8 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ci9GpQbeVH0krCQOgKCdO0GXBuELW2RC9SVjFR%2FJEjTcifmGXmIvx8FKChY%2FTOeLH2YP431IKtpz%2BLiW3%2BzPksRitIajv08xO2ipIpu%2BeNht0dBXer7rdveMsMDxTaKKKFCDoMuOw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-wgz98 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dcf044f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	135ms 103ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=eff3c57a-00a3-4b6f-9242-5a0ac1316dbf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490579&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e17a210f-d496-4000-8f7a-a3342d6f4da3 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e17a210f-d496-4000-8f7a-a3342d6f4da3 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSumhqEStlHd7kspTogPCm6vxIPNdZZ2%2F4UVcegp483%2Fi%2BbN%2FYwL5pyS1te91opWJ2mx1YIa9PX2E1NYygUrF1JIt8W5n0BJ50IoHwpYzWZPd0whp9MPpV4p94%2Fjtk0sVrnYOj5YUQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-cg54d x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dcf244f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 739 B	136ms 104ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=8d629f8c-6df2-4293-b23e-04ec75da27cf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490580&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 846b9612-2247-4015-9182-ae5742481123 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 846b9612-2247-4015-9182-ae5742481123 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSnCMSg3yurttkuKFB2nfChsvuLWJxMJ08KxVZWYSMtLpQh3g6aqMkunbJU1KqVlPm6L5JHcBbiy%2BmY0alwdllk5ncoirw7knmFbgAOPSgDyeeRor2rHsoTnasFw%2BD31WTMq30us6g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-gtn6n x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dcf544f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	131ms 98ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=b0e027cd-00ae-4ae0-95b6-0953343fbbb7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490580&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8615329c-9ab1-41ec-aa79-c059a4e9846a p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8615329c-9ab1-41ec-aa79-c059a4e9846a last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2F9R%2FU5w2BKtrvmAIALtJHbAOUWCq5CA26Z2GoCerMbIj7zoT2aLKmqOgKV3yp5vAcKFHombVbtwiXXmENOyCtFIRhZK7%2B41prECfRceSiO8ll0QHeRYh858rAinBw2UBuCQN5rA%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-9wnj5 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee7034dcf444f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 751 B	87ms 86ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=eff3c57a-00a3-4b6f-9242-5a0ac1316dbf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490580&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 119e7db9-a133-4f4c-837c-9180eb1ee845 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 119e7db9-a133-4f4c-837c-9180eb1ee845 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsI3Taak9IdTzpx2BtFZ%2F%2BR6FuNp4Xg3JPVyxkO9CSGhWIKOQR%2FozZNcf3tzgBfIgZm%2Bppw%2Bxq%2Bxol7zAHizIucar8erbHZgz%2BjNrtdpbhFO5f9FoesxSnQt2W7lF5xAZfTxxUbquA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-jcd8r x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee70352d6444f8-TXL x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	87ms 86ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=8d629f8c-6df2-4293-b23e-04ec75da27cf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490580&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id dd70e19c-6315-46bf-b507-616bf4474f76 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id dd70e19c-6315-46bf-b507-616bf4474f76 last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toA1naZ4MKVs5%2B35ZBVbjQgn3UdnznLPDHmwQgObraVW3oRFJEC5m0pCirpJHj%2BT%2BCpmjAP8b0baBRmR%2Ff516C1VhdUX%2Bjj76DhUd3y7xVsRdf6iJ2D1ZOxm1uMukoYXTnj7Zbec0w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-gtn6n x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee70352d6744f8-TXL x-robots-tag none
GET H2	200	__ptbe.gif track-eu1.hubspot.com/	45 B 743 B	145ms 144ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptbe.gif?n=form_abandonment&_formId=%7B%7B+event.properties.formId+%7D%7D&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=25755956&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&t=Page+not+found+%7C+Group-IB&cts=1725625490581&vi=b64dd17a19ce43f39d3edbb1286f39c8&nc=true&u=84897990.b64dd17a19ce43f39d3edbb1286f39c8.1725625490574.1725625490574.1725625490574.1&b=84897990.1.1725625490574&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 5bce87ac-b0ea-43c2-800e-7e3eb5b0bd7a p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5bce87ac-b0ea-43c2-800e-7e3eb5b0bd7a last-modified Fri, 06 Sep 2024 12:24:50 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyFYnapiAXm%2FDnZ4gEQqTh1D2Xkmy5giHYNWcuqfnrdBMy6fuM0h744ODCdNCYAOgN0lyRZrpBdWOSwxocef8cwN0yUHXZsv9G2uyHhxug1N5e9a755sOyVo3%2B8GNnqdzrIp8HVDLQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-6c6cdbccc5-dr9dh x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8bee70352d6944f8-TXL x-robots-tag none
GET H2	200	96x96.png www.group-ib.com/wp-content/uploads/	2 KB 2 KB	56ms 56ms	Other image/png	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/uploads/96x96.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 06 Sep 2024 12:24:50 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 2164 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 27 Jul 2023 07:36:53 GMT server nginx vary Accept-Encoding x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 06 Sep 2024 12:24:49 GMT
OPTIONS H2	200	044e7558-8073-478a-ad3c-5807dd76840f forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	214ms 88ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578d46a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eLQwCC6tTQtskjem%2B1ap3rbWrZUaLjBE4R5zSFPD96yt845vZgrtW3wY5rblVRJm21NVqXn9UJfZtlAaAkdob4HPK6%2BPEFGNUtyvExmed4QW8GcXYyrgtaSoiThRWDfF0A75fXQVLw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 2 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-ljsg5 x-evy-trace-virtual-host all x-hubspot-correlation-id c0a5e0a1-30d2-42df-89ec-3a57dac88626 x-request-id c0a5e0a1-30d2-42df-89ec-3a57dac88626
POST		044e7558-8073-478a-ad3c-5807dd76840f forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
GET H2	200	/ www.facebook.com/tr/	0 102 B	54ms 52ms	Image text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&if=false&ts=1725625490666&sw=1600&sh=1200&ud[external_id]=b64dd17a19ce43f39d3edbb1286f39c8&v=2.9.167&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1725625490095.579206883396996801&cs_est=true&cdl=API_unavailable&it=1725625490031&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=40, rtx=0, c=10, mss=1297, tbw=6400, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Fri, 06 Sep 2024 12:24:50 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 860 B	84ms 83ms	Image image/png	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&if=false&ts=1725625490666&sw=1600&sh=1200&ud[external_id]=b64dd17a19ce43f39d3edbb1286f39c8&v=2.9.167&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1725625490095.579206883396996801&cs_est=true&cdl=API_unavailable&it=1725625490031&coo=false&rqm=FGET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload date Fri, 06 Sep 2024 12:24:50 GMT document-policy force-load-at-top x-fb-server-load 33 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411505044980281686", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1297, tbw=6546, tp=-1, tpl=-1, uplat=42, ullat=0 pragma no-cache x-fb-debug jrhp5O5iwPfpSOqxSLZqSgBxoxcUzpKFd0/lZmplh9KzDqfGOuFPY0VcCrO6ng0b5Wpy/91xgdv+WiBlLobO8A== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411505044980281686"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
POST		5a995f05-701c-48e3-b25a-d1548ba3c0b3 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
POST		5a995f05-701c-48e3-b25a-d1548ba3c0b3 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
OPTIONS H2	200	5a995f05-701c-48e3-b25a-d1548ba3c0b3 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	144ms 84ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578dc6a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mftFaYTLEOWLYTxFLQ8uy3EUS6HKxvVb5Tbcdmtft2WAu073nTeMAYR7xQNbsnX%2BgAzi586hx4lFFLyQk2feVKurAK9VvPWGuOK7Jm1eXA8DGYlKEyqieJ0K0b9OctsPvKMdqfuuFQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 2 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-xd9lb x-evy-trace-virtual-host all x-hubspot-correlation-id 255365ab-fe17-47f5-bfc7-6c80f48b140b x-request-id 255365ab-fe17-47f5-bfc7-6c80f48b140b
OPTIONS H2	200	5a995f05-701c-48e3-b25a-d1548ba3c0b3 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	142ms 82ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578e36a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hu3jmRm59ZyEvfmzRN559y79LrToqfVY5pmiDT%2FdSj8BBJLY1ID6fmVda968kUsVNYlu7R%2FxotU7zy4lBsq7xuiE8xcMK0mIfWNw1UXlfYu5uDK1ZxVrtjf0IyHuFn%2FmKRHDjcZk6g%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 3 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-2mzwq x-evy-trace-virtual-host all x-hubspot-correlation-id ba24632d-ec42-4e27-87fa-0a259305089b x-request-id ba24632d-ec42-4e27-87fa-0a259305089b
POST		4dbceae1-75ae-423a-9c12-dee8f1ca3345 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
POST		4dbceae1-75ae-423a-9c12-dee8f1ca3345 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
OPTIONS H2	200	4dbceae1-75ae-423a-9c12-dee8f1ca3345 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	127ms 91ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578df6a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xR8orcDlaZKnZLfie%2BjtBnZ4m3UK5UUY%2FjzjY2sW3cdAYLJGaVNIZEwdq8j7qkXkNTrugyU7Q%2BeOcO9dkx7ZtAtPUuZ6iUMZABZwHue%2FVvhnove5Y%2BhZCsj1k72noF8iMJhUvORh%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 6 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-5plsl x-evy-trace-virtual-host all x-hubspot-correlation-id cd139d69-3d2d-4fa3-8f0f-f61b754bc7b8 x-request-id cd139d69-3d2d-4fa3-8f0f-f61b754bc7b8
OPTIONS H2	200	4dbceae1-75ae-423a-9c12-dee8f1ca3345 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	124ms 89ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578e26a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWKD1uY2YMaSb26GMO2E1CzbJ3eYkqJICdaSMXby5oOumZYgU%2BzfBppNaUhsajF82AuQZJEPb2WksPi8bN%2BuB6THktMxVGRdHja9e7o%2BgWhIPnoy1Nsn6OTtfU%2FIoXQQBYAzwNiO9Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 3 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-5plsl x-evy-trace-virtual-host all x-hubspot-correlation-id f2868f0b-d4ad-4f25-9935-429084d0da72 x-request-id f2868f0b-d4ad-4f25-9935-429084d0da72
POST		55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
OPTIONS H2	200	55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	103ms 79ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703578e66a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2BpVeTLhuembf3Pt4ZN6kE57%2B4i02nHrgGVPg9v%2FAAdZrlnBxbAtd1OptzgOYTDGJ5x7uMvck9Jp8mlPq%2F7xous%2BFZS9H2bYNLzlci66WqLvOD28646PnD%2FAo4XeN4Sd8%2BlnnupGeQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 3 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-ljsg5 x-evy-trace-virtual-host all x-hubspot-correlation-id e095f549-5b49-4024-90e4-2ed6ae3fa37f x-request-id e095f549-5b49-4024-90e4-2ed6ae3fa37f
POST		55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0
OPTIONS H2	200	55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/	0 0	78ms 77ms	Preflight text/plain	172.65.193.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.group-ib.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers content-type access-control-allow-methods OPTIONS, POST access-control-allow-origin https://www.group-ib.com access-control-max-age 300 allow POST,OPTIONS cache-control max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 8bee703589016a78-TXL content-encoding gzip content-type text/plain; charset=utf-8 date Fri, 06 Sep 2024 12:24:50 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jsMAAorQV5%2BRiflgZO6P%2FRD%2FQTo3hX54d3Xi%2BWCqlBCFOKXOm901w%2Fkupz6sfqb7C1a6OMu8YMfhQMH5ASuexiSxe8k6leDm1hKlB3RDvDcWM%2FQ%2Ftcjf0fDamfFmeeoahbfPnmmL%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin x-content-type-options nosniff x-envoy-upstream-service-time 3 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-6f6ff6474c-2mzwq x-evy-trace-virtual-host all x-hubspot-correlation-id 5d799371-7692-45ca-ad6e-ac6d9b859707 x-request-id 5d799371-7692-45ca-ad6e-ac6d9b859707
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	389ms 388ms	Image image/gif	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=288d4168-2bc9-4955-8501-8fda4cde1c83&session=a6daf8a3-f300-4f00-89be-60dd8b02803c&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2006%20Sep%202024%2012%3A24%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2006%20Sep%202024%2012%3A24%3A50%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%221005%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pageViewId=3e3a83e7-0c42-4d2b-83cb-62a937e6ecdb&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A9&v=1.1.24 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:51 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Fri, 06 Sep 2024 12:24:51 GMT
POST H2	200	fl Show response www.group-ib.com/api/	685 B 1 KB	87ms 85ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=F5Zqq3AkMIobVmyeb%2BAaspIuZmpaVl2%2Fu2oaUXuwS3M1130nzO%2FgKoAZ2CRjP18zYKb5FU%2BsYtv9Y7q9sUQtvFX6tQOIIYCHp2ygF1aoYkq4g%2BKIECXFX7TS1PQuBtExqFFQj%2Fi%2F4e3qUehOqGVnjHJD2nSrA0%2BIzkNl Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash b247966ad6b2a55b822811d08b6cf5dc0796d185730ab6da1b554c6eca10174c Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 b5E3gR4uwXCgGsZJmE7WCKQ0jEOlPGagcuJHWhmGbVoFjcvaDWcLqYRwH3tGhn8AnKRVJMsxH7WV6SkC2EW7mxjVzC/tMaJ4TH9zqSxoV3OwBZmVyfA8r+kf+N9CXJtUqXi596Zds81MrptVIln/7hlvYRbpOn862coe6a5V7iRAB0JIIZdtip7gD6e/IRDsw5mv6G2xdHBFy/YTRdbREDxiq3SnlZo8VpKQRLtDMhiqj1SFHgpDBEcpi3GbNmj2BRYk2kH99U0KslOdqw== Referer https://www.group-ib.com/blog/cve---winrar-zero-day User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 pfNEf956465433057d0a48bf0eed5f9b3349a46a Content-Type text/plain;charset=UTF-8 Response headers date Fri, 06 Sep 2024 12:24:51 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 34 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	158ms 158ms	Image image/gif	95.101.111.170 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=288d4168-2bc9-4955-8501-8fda4cde1c83&session=a6daf8a3-f300-4f00-89be-60dd8b02803c&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2006%20Sep%202024%2012%3A24%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2006%20Sep%202024%2012%3A24%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fcve---winrar-zero-day&pageViewId=3e3a83e7-0c42-4d2b-83cb-62a937e6ecdb&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A9&v=1.1.24 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-101-111-170.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Fri, 06 Sep 2024 12:24:52 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Fri, 06 Sep 2024 12:24:52 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Domain

forms-eu1.hubspot.com

URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349