www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

17 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.group-ib.com/resources/research-hub/ransomware-2022/ Page URL
2. https://www.group-ib.com/resources/research-hub/ransomware-2022/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1697507068180%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fresources%252Fresearch-hub%252Fransomware-2022%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJqigK_N7HIbwAAAYs7Tkt8gOdALBcHV6r309nsrxP84ibqDc_3lqJ6kJUQpFaUgl-LM9d3YSvU

Request Chain 75

• https://mc.yandex.com/sync_cookie_image_check HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10158.vM4a_QapKtEUecMX1ZDQEi0MMF3iKaa-sX0_uEB6xfrMPrZgQA3YfA0pzceAk1WP.jcMWNcqw-iXkPg1VEawEwoBpers%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide?token=10158.JaYTsJLjkCzV9d6ujJGCb2-X_5UKZ5Fchvvz5lma2jZ7LxW2eNmdUabk33fvPbA8R3076nvA-u3jpxnmD1GD3v8YsI-LgeKwUwgkBqT-HmY%2C.UYuatO60V-s6sPGx5HD_Bg0DCHQ%2C

Request Chain 100

• https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A468%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A1217222266971%3Ahid%3A1022854372%3Az%3A120%3Ai%3A20231017034428%3Aet%3A1697507068%3Ac%3A1%3Arn%3A172740416%3Arqn%3A1%3Au%3A1697507068683850871%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C21%2C8%2C0%2C0%2C%2C696%2C38%2C%2C%2C%2C791%3Aco%3A0%3Acpf%3A1%3Ans%3A1697507067033%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697507069%3At%3ARansomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
• https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A468%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A1217222266971%3Ahid%3A1022854372%3Az%3A120%3Ai%3A20231017034428%3Aet%3A1697507068%3Ac%3A1%3Arn%3A172740416%3Arqn%3A1%3Au%3A1697507068683850871%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C21%2C8%2C0%2C0%2C%2C696%2C38%2C%2C%2C%2C791%3Aco%3A0%3Acpf%3A1%3Ans%3A1697507067033%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697507069%3At%3ARansomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1

Request Chain 104

• https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10158.n_r_CBKEVTuOYZ7b7K2ECjy_6Us7V5VP2N4joNWnOpWUDN69GxXwkAvUpYh6CKW_.ps1-RAYAvC0psu_z5ltnGtfNi98%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10158.CcUV064BjOmMNLOMs43yg7z_XXenKXMEXjFXQPmBgtzlYZ-T9Wozf1jGbA92S7ajahgU3b0z2R6jxgYJw1ovRdzwt92yvEQ6g9UwYUMEiLY%2C.55jwuAEoqrYhXxWYKBi4hk_Wsis%2C

114 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	/ Show response www.group-ib.com/resources/research-hub/ransomware-2022/	7 KB 7 KB	65ms 7ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software / Resource Hash e867f60dec0f2d2f127b172f9fb3b1de1f3a2443c604317b2b2b08e9b2d4d3ea Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, no-store, must-revalidate content-type text/html date Tue, 17 Oct 2023 01:44:25 GMT
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	341 KB 135 KB	77ms 27ms	Script text/javascript	188.40.44.175 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.40.44.175 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.175.44.40.188.clients.your-server.de Software nginx / Resource Hash 448590036ca62527a1625293806e2948def86f9e3b33d00fcbcf25ae355a700c Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:25 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET DATA	200 OK	truncated /	487 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 21962022cdfc33171a60e970722aa7c8549152201435dfbe4651f517615be6b6 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 32a3a315470c03a750370a2e7b085540c8608aec28a6107c7221811ddd7ff52a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	205 B 652 B	15ms 15ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ad8a7b7a83145e5e86ea850f9e9c130248554673cee7c1898551fa8de73ba052 Request headers Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 x-cfids - Response headers date Tue, 17 Oct 2023 01:44:25 GMT content-encoding gzip server nginx etag W/"5qzWcWIhc5uKtoXOoXWedoiA5gtvVgCntm2mpMS0SpzvVJFEOQyxzVHws2hGEI9D8XtysHOFYvQNXLrK+Ous8Coi9eVtzRo7BPqMsup38t05Y8eQESpitgQL7cVQV/hS/MWM0zSsyb/yl0vAJ+p33wde" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 1
POST H2	200	fl Show response www.group-ib.com/api/	665 B 985 B	29ms 28ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=7ede8390-6c41-11ee-aa79-da1bd8a916dd&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=5qzWcWIhc5uKtoXOoXWedoiA5gtvVgCntm2mpMS0SpzvVJFEOQyxzVHws2hGEI9D8XtysHOFYvQNXLrK%2BOus8Coi9eVtzRo7BPqMsup38t05Y8eQESpitgQL7cVQV%2FhS%2FMWM0zSsyb%2Fyl0vAJ%2Bp33wde Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 2232f29175d7b65cb58a1819036dc40bd4214989d679be82c5e7870d6db06652 Request headers Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 17 Oct 2023 01:44:26 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 2 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	Primary Request / Show response www.group-ib.com/resources/research-hub/ransomware-2022/	68 KB 13 KB	22ms 21ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/resources/research-hub/ransomware-2022/ Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 2cd49392ad1827a4d91536065a5f6d49bce85b2f500f58749e5a4d54af2cf13a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin https://www.group-ib.com cache-control private, max-age=3600 content-encoding gzip content-length 12991 content-security-policy frame-ancestors 'self'; content-type text/html; charset=UTF-8 date Tue, 17 Oct 2023 01:44:27 GMT etag "3230-607da0127c4bd" last-modified Mon, 16 Oct 2023 18:59:23 GMT permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security max-age=31536000; includeSubDomains vary X-Forwarded-Proto,Accept-Encoding,Cookie x-content-type-options nosniff x-frame-options sameorigin x-xss-protection 1; mode=block
POST H2	200	fl www.group-ib.com/api/	665 B 775 B	15ms 15ms	Ping application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=7ede8390-6c41-11ee-aa79-da1bd8a916dd&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=8nG3iaK%2FzPWS9zb7ZbaVgPtob3nZK98WPNtRzdSNd4z0GqEbQ3VAqaaLkGGcwCCjWU5Zoe2y67aKBlxH3vAkLHSnz08Udn5lpoUjlYK%2BPt5XcB7qsIDSLqzK72Pqg0bjguoTDMkt8MYMtlDdCw2jTOKGygMPEwN36J8b Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	341 KB 135 KB	27ms 25ms	Script text/javascript	188.40.44.175 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.40.44.175 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.175.44.40.188.clients.your-server.de Software nginx / Resource Hash 448590036ca62527a1625293806e2948def86f9e3b33d00fcbcf25ae355a700c Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:27 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	lazyload.min.js Show response www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/	6 KB 2 KB	20ms 17ms	Script application/x-javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 2356 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 29 Jun 2023 07:01:06 GMT server nginx etag "1883-5ff3f43abc651-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	swiper-bundle.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	140 KB 39 KB	109ms 35ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 39504 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:41:14 GMT server nginx etag "22ede-5e7e9344df9f2-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 7WDx9eqIHdZA79nswN-9so6J3nrooXVwYgxbKeQK674-w2KA76LSQw== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	classic-themes.min.css website.cdn.group-ib.com/wp-includes/css/	217 B 1010 B	117ms 43ms	Stylesheet text/css	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/classic-themes.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 189 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "d9-5ed309cf15c82-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 2jcxle2IsS_hA5qYJFEKj7JhEnetg7mQH0boBablJYzUnBctabGUmg== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	dashicons.min.css website.cdn.group-ib.com/wp-includes/css/	58 KB 36 KB	102ms 28ms	Stylesheet text/css	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/dashicons.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 35730 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 10 Jun 2022 07:03:36 GMT server nginx etag "e688-5e112897ec200-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 5sMt5a9N6-1NKSraFiCV8UIKvToNAeIxh4XZ5v_TiuATXcgqSb7o8g== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	frontend.min.css www.group-ib.com/wp-content/plugins/post-views-counter/css/	215 B 310 B	18ms 17ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ed70c2cf61d0f24d03299ffc5896c7abd86bb858501987dc10e3afec086c01df Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 160 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 26 Apr 2023 07:26:40 GMT server nginx etag "d7-5fa38293ec798-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	jquery.min.js Show response website.cdn.group-ib.com/wp-includes/js/jquery/	88 KB 31 KB	122ms 49ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/js/jquery/jquery.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 30995 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "15e54-5ed309cf21802-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 8CrTlaLmICFf6doDtHfGvEH7FzdPDzrbwtuGo_vERs5f1F7fh0wYHA== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	single-report.css website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/	216 KB 33 KB	115ms 41ms	Stylesheet text/css	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash ab6826f5036ffbf945a636c6bdd6ac18495acc4291ecf8767284db60f68fc439 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 33200 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 17 Oct 2023 01:42:52 GMT server nginx etag "35fd0-607dfa41c2f36-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id rNLjAnG12iJbpXuu4YquB0c7iLS70YGlywnZt4Tv-eM_UAzjW561MQ== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	v2.js Show response js-eu1.hsforms.net/forms/	563 KB 179 KB	71ms 18ms	Script application/javascript	172.65.255.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsforms.net/forms/v2.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 279817a125934c4629aa278564e64fca0dcb0fdc45f38739e38c9cab297d2a92 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-encoding br age 506 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3938/bundles/project-v2.js&cfRay=8174cee7e564373f-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"df4d197f9648d27915af7ec01a018b73" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3938/bundles/project-v2.js date Tue, 17 Oct 2023 01:44:27 GMT x-amz-version-id pLPYW3H2ND7V2jGLhGJ4mCejj6Xammwx via 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 6062b925-a67f-4101-9b0a-9a9242dd074a x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 6062b925-a67f-4101-9b0a-9a9242dd074a last-modified Thu, 12 Oct 2023 03:05:49 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHLBWuwrQQe28rD3oOpzlu4NDZFw8Cogg8AeXESy86x7UuzpBqaGRb93Srzsj5fJweMye7TLd70RZkyk8aNt2GtMbBH52ZK3cO22S5VgtpyQqDwY97ui69NNAHFLfXUpqgqeQQ%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 cf-ray 8174db418dd437ea-FRA x-amz-cf-id K-5pF39U-YAhzRInErO2LdwYoixK2kLS7j9jZOqFGNC9pBZgmG8AOw==
GET H2	200	jquery-ui.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/	517 KB 125 KB	45ms 45ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/jquery-ui.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e97315234cc1f1c4737d98ea29c0f4d4f06c032dc5943012ae50bc4b10a92276 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx etag "812a6-5e7e8f85cb376-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Ndh55hpUE0cp3uDP4KwPX6a4EdR_CRWPGqCs-wD5jz6dzIj5PyIfvg== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	fancybox.umd.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/	103 KB 30 KB	119ms 46ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 29634 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx etag "19ca6-5e7e8f85cb376-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id VKkKkgiWKHDin2kd1EGwRTtUoz2S5VfP6l0guORHTL9S1BF7AyJIRQ== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	main.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	212 KB 46 KB	29ms 29ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 620418e15bd4302ca68fe0c806a6a6e74a11a7cbc56004a3e052529b73092e9b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 45892 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 06 Oct 2023 11:14:14 GMT server nginx etag W/"34e47-6070a5733757d-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id FBZ3DAfce9NBSRW-N5ImIaJoa1fosXtqmPMXhiTTqQl44e3Ej49r9Q== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 1 KB	111ms 35ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c87c2fe4e712892d6795c456381f8cfd0aa5e0359567fac8d8027be775590299 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id deb2f28a-b304-4ddf-b99a-d33739d705b8 x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id deb2f28a-b304-4ddf-b99a-d33739d705b8 last-modified Tue, 17 Oct 2023 01:32:18 GMT server cloudflare x-trace 2B728A440CA9325AD2DF9176FB3453966F8941F5A2000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control public, max-age=30 access-control-allow-credentials true x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-86f46d6c7b-xhmmh cf-ray 8174db432d3018bd-FRA
GET DATA	200 OK	truncated /	486 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 68d70b4ce825218e13fcd0954c24b5058f4ce75806204a7e08aaba72904651cb Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6bbdf0c9a64d94a039c37ba004324b79d74a9c81b815914aea2dbccf9ef69722 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	217 B 668 B	39ms 39ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c040633566134d64227eb64012b550f4d8b07839d982267d973ea088591dce85 Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 uQHc2qMe0f15emuYgQ+Tfkj11iwP1BeZw75j+X0boEni5Dyt0Mzdxr0uGYH5jzCt3+0OOp4cXmodVKr3YG8GTBRWc+IwDSt1ozUXDd1wFhAQNMS5H+sGBxDnxq6xvgCXbeGGV2sWeHaNHM09SvI+qC9d+E6FpNZAy8TZc9CPH0nvFEg56JgoAuocnrzwNDhvV2iTAwH+l+qyU3SNe6bSasnPD8xXxns8QBesakr5nRJZDOG93h0l5aHh1UkVPQ== Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 zHtz1eead885cb46aad50b0678116d9a56fbd636 x-cfids 8nG3iaK/zPWS9zb7ZbaVgPtob3nZK98WPNtRzdSNd4z0GqEbQ3VAqaaLkGGcwCCjWU5Zoe2y67aKBlxH3vAkLHSnz08Udn5lpoUjlYK+Pt5XcB7qsIDSLqzK72Pqg0bjguoTDMkt8MYMtlDdCw2jTOKGygMPEwN36J8b Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding gzip server nginx etag W/"wkgavJdcPQS/iKcv7gDloInmdIpmUleJwSOA1RWENVpbpiy/VpjbobHtDNzSwXxTK1OZJJk+IKJEj/5gbXyMR8sMJFF4o0H+xfOlNZ/DG6wjla5c10u8Ko08muACUjh8GNV95AJvzCNlAZrgs/9lE9AVhNN2YjI/c5gk" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 0
GET H2	200	G-font-Medium.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	60 KB 35 KB	58ms 39ms	Font application/x-font-otf	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 35382 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "eed4-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Z6RLpl1ddD4rEp2ppKQ7ynI3v0NG6gPskhZhIOrmRz75XTG1LXMVGQ== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	G-font-Regular.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	47 KB 31 KB	51ms 33ms	Font application/x-font-otf	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 30798 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "bbf8-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 9plVrPK9b0LIbjTBudQ4Fblly0goB_O9jeIRV3nRBl0h9o7rvlfE4Q== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/	9 KB 3 KB	96ms 38ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e3c34136a32aabb6a790fdaea2c982bb73ac7bacc013e6cbb3516fd21c6c854 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 55c163ae-d310-427a-965d-f86d8770abd3 Transfer-Encoding chunked x-envoy-upstream-service-time 8 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 55c163ae-d310-427a-965d-f86d8770abd3 Server cloudflare X-Trace 2B39D16A8018F70FC1DA50A339380CEC1E0FA63516000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db437fa1373f-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	cross.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	342 B 1 KB	31ms 30ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 207 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "156-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id fXOoxyf-5uUQmI5UATBjfFjRKvFl_mpdepgaHOYTmku5yhmHuuMGOQ== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/	112 KB 30 KB	90ms 50ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4618f60ae67a76abd53d6cf237e66c7f4336b24175e9f43a9f451e2e617fcbe7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id e9fd30e5-736d-4361-95c2-2cd1bc9f2898 Transfer-Encoding chunked x-envoy-upstream-service-time 18 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e9fd30e5-736d-4361-95c2-2cd1bc9f2898 Server cloudflare X-Trace 2BF1E9AB0003070CAC47D873D8CB0BE3A3E5B04824000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db437cb51e59-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-hn9qf
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/	104 KB 29 KB	89ms 54ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9c41a810851bc323f30d3866388364a11139713a8bacd3e9ef4c6c6911eac6c5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 67cf236e-e046-4935-a9d5-b9511fa27622 Transfer-Encoding chunked x-envoy-upstream-service-time 18 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 67cf236e-e046-4935-a9d5-b9511fa27622 Server cloudflare X-Trace 2B0EC47139BEC997EEB728EBCB3F351608FD314B5E000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db437cd068fe-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4af9a2e261fb48aca31900045f77d2a6d7dbd55df0c5967c40743f94dd8de0c6 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	dropdown_before.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	154 B 1 KB	29ms 28ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software cloudflare / Resource Hash 574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-security-policy frame-ancestors 'self'; x-content-type-options nosniff cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} date Tue, 17 Oct 2023 01:44:27 GMT content-encoding br x-amz-cf-pop FRA50-C1 via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-cache RefreshHit from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server cloudflare etag W/"9a-5e27d5c025780-gzip" x-frame-options sameorigin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7esrJ2dayLci2vDjReVtd9UC3LBPGsWWxleawzzfNnIyLpec4Pku4PfkS8to07A0Ag8HMd0NHzR%2BtcbKGdP5ZCN341NGcS5inSJtnvZbVR5BSTjtnmb2kF%2FwsUki47A0ENA%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() vary Accept-Encoding cf-ray 8145918baa261d84-FRA x-amz-cf-id qp_8W7EfCLih-ArbQAXROefNZmuvXAEpU_oW7-ZSkvhYAyXi1SbbhQ== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	link-arrow.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	409 B 1 KB	38ms 38ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 267 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "199-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Q2_scAhX-VYEUuqHk-zrqBHoJ2xtoFdevtKxAbjX3cv5UtZHaKYClA== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	ransomware-uncovered-2021-2022-90deg-min.jpg website.cdn.group-ib.com/wp-content/uploads/	77 KB 78 KB	23ms 22ms	Image image/jpeg	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/ransomware-uncovered-2021-2022-90deg-min.jpg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash ee7a1b7d5caf901a06fbaa31ecf02b55f2fadfaf5b8e96de39d357232d7db5c9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Tue, 17 Oct 2023 01:44:27 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 78494 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 08 Nov 2022 11:39:22 GMT server nginx etag "1329e-5ecf3fdcd003d" x-frame-options sameorigin content-type image/jpeg access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id q4jjCZloqjPITlVBvHuvin0Cl3hNUbEATvHb9Os26N8AA4jckHl9ug== expires Tue, 17 Oct 2023 01:44:26 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/fec8ebd7-2fbb-428e-adb1-2ed1cfb1849c/	107 KB 29 KB	77ms 58ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/fec8ebd7-2fbb-428e-adb1-2ed1cfb1849c/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 11587d8d63bd69c431817632e2118ad7d11718bd0c2cbdedbfc739fdedbd231c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 7b9b791f-205b-4996-b02f-0a47c3d6c042 Transfer-Encoding chunked x-envoy-upstream-service-time 24 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7b9b791f-205b-4996-b02f-0a47c3d6c042 Server cloudflare X-Trace 2BAB9991FC5C610A26F3C8E94FF66CCCC0A37BECF2000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db438c9d1cbd-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1ad2b58740aa573f73d8c39807c8719a94a3a13a5c54341a86288ec977ce045e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	zoom_in.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	856 B 1 KB	41ms 38ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/zoom_in.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7536078746b273c4b20be2857139fc9928cddfdefa17a6edf65b047fcd9bd684 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 419 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 03 Nov 2022 09:49:09 GMT server nginx etag "358-5ec8dde67bf5b-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Pc8r0VmRckRrU165vbrv5WcE6PfmU9dFCBP-0pnv_odbGA8JnA6QKw== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	download.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	539 B 397 B	20ms 17ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/download.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash a11a7c20296ea4db39dcf16b9274cbed4823ad74e6021ca2243f0b35ec604472 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 300 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 03 Nov 2022 09:49:09 GMT server nginx etag "21b-5ec8dde67bf5b-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	expand-more.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	218 B 281 B	20ms 18ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/expand-more.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash d42c765adcc7c2f4d4268496d5218f27d7f7abff4d780b8ed176206849daeb3a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 177 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 17 Nov 2022 12:51:52 GMT server nginx etag "da-5edaa0da74d28-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	Chevron_right.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	212 B 997 B	53ms 51ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/Chevron_right.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 172b55b70bf8fed0cc2a10314bf69e33b687cc91642cb439b3cc0d8be26ff233 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:27 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 175 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 07 Nov 2022 08:50:31 GMT server nginx etag "d4-5ecdd84108868-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id kZgTqC04tSYUbmph5gzEqorjkwpWep4-takhigb2cnUU7og82jm4XA== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H2	200	download.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	539 B 1 KB	34ms 33ms	Image image/svg+xml	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/download.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash a11a7c20296ea4db39dcf16b9274cbed4823ad74e6021ca2243f0b35ec604472 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-report.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 300 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 03 Nov 2022 09:49:09 GMT server nginx etag "21b-5ec8dde67bf5b-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id UjR41mhOs5xOnZfCtYsZMuH9ND_7ub0ztMXcjrdCmzmvSBm2x53lMA== expires Tue, 17 Oct 2023 02:14:27 GMT
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f96af169fc5a41df78318cb0ebb1b8afbcfc142f84d3ba21c83efe244d3cf980 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/	8 KB 3 KB	36ms 35ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b89bec1c633d59b34d65f6d8115a37bd97a8e209926d3614483d85e655d86ddc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 4e439744-396d-4b56-8596-d94280b02486 Transfer-Encoding chunked x-envoy-upstream-service-time 7 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 4e439744-396d-4b56-8596-d94280b02486 Server cloudflare X-Trace 2B77A926BB4E56DF0F31FC15E279B53C43B6E74A05000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db440cd31cbd-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-hn9qf
GET H2	200	gtm.js Show response www.googletagmanager.com/	281 KB 89 KB	79ms 40ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 90b812e6438bf4d3fc48907dd21e38f0f28988467305f4059faad702da71064b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 90739 x-xss-protection 0 last-modified Tue, 17 Oct 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	insight.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	8 KB 4 KB	32ms 32ms	Script application/x-javascript	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) date Tue, 17 Oct 2023 01:44:27 GMT x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 3085 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 15 Jul 2022 14:12:57 GMT server nginx etag W/"1e5a-5e3d89d6a8c40-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id rKF9frZ_yhJx7QkNpvz8dhC-kQ0bnrW2Ofv1JrlmGiTgPTOw0KwW9w== expires Tue, 17 Oct 2023 02:14:27 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/	7 KB 3 KB	38ms 38ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cde86bf101aa21120f0799487a8df38c92d6cbb6d70479f4da342975504ffdab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id cc615c38-1d28-41ab-b9f4-2aeb8c17f613 Transfer-Encoding chunked x-envoy-upstream-service-time 7 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id cc615c38-1d28-41ab-b9f4-2aeb8c17f613 Server cloudflare X-Trace 2B093A6366AD47073B048BF1FEF1E356B068C1CEA9000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 8174db449d221cbd-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1697506800000/	66 KB 21 KB	127ms 73ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1697506800000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 92361eb5c51c83c5575a6704ee3734c26cd7713fb564e503d3a7800a0e284638 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding br cf-cache-status MISS x-amz-request-id R3Y6C46AS0Q0AD56 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id dcda9785-f930-49f0-a138-cc8106b0ad38 x-envoy-upstream-service-time 44 x-amz-id-2 km5Cn6yql4zTkCogGVexiD2pvk2osHJ4fbkSXnoLIs+fUyMc6bE0DHCEtz8CIx0AXzpxytUVJoo= x-evy-trace-listener listener_https x-request-id dcda9785-f930-49f0-a138-cc8106b0ad38 x-evy-trace-route-configuration listener_https/all last-modified Thu, 12 Oct 2023 15:15:37 GMT server cloudflare etag W/"181d06e20d9f2d1a1320c23d29224409" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-6bfd96c9d5-v5rkj cache-control max-age=300,public access-control-allow-credentials false cf-ray 8174db45d8330368-FRA expires Tue, 17 Oct 2023 01:49:27 GMT
GET H2	200	collectedforms.js Show response js-eu1.hscollectedforms.net/	69 KB 25 KB	92ms 27ms	Script application/javascript	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hscollectedforms.net/collectedforms.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1b5aca028dd8447199f3c06601e38f5b8aba3b29be5ccd2de504a561fed2558 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.425/bundles/project.js&cfRay=8174db45ebcc9968-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"526bb173ed1384afadfc2b0eb6b0846e" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset collected-forms-embed-js/static-1.425/bundles/project.js date Tue, 17 Oct 2023 01:44:27 GMT x-amz-version-id 99Y.E0UsJAdqqpubte3vKq3r2MOVQh4K via 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 2e659f96-24af-4b9d-af94-f5719941d895 x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-request-id 2e659f96-24af-4b9d-af94-f5719941d895 last-modified Fri, 22 Sep 2023 08:42:59 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 cf-ray 8174db45ebcc9968-FRA x-amz-cf-id xPXltRc9917B6vF7qxgKnZFL7owmoFymahhpXb_jwJe8VH2hWcih_A==
GET H2	200	web-interactives-embed.js Show response js-eu1.hubspot.com/	75 KB 23 KB	82ms 29ms	Script application/javascript	172.65.236.181 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hubspot.com/web-interactives-embed.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash acabd35f2b1e9987602b0dd006d22beaaf59d64d55aa0b1182953f605b4aedca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.603/bundles/project.js&cfRay=8174db45d9bf30c4-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"05df44f442894aeff6db4cae78774575" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.603/bundles/project.js date Tue, 17 Oct 2023 01:44:27 GMT x-amz-version-id CUHT59SEc6aYYLtp23JCKXXA_T1K86mL via 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 9653854a-7c08-48b4-b4c3-44fb6c3f78f0 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-request-id 9653854a-7c08-48b4-b4c3-44fb6c3f78f0 last-modified Thu, 12 Oct 2023 02:04:49 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmXvJKhZ4Q7Qi1xRyUQbOacAjydBL2%2FaCVBZkUBBofEnygwz7uyuB3VYKHtMvojoSzq2U2bt6blEJDhUvISKrn7rTunA7fTmz1%2Bx1xksNO4mpUWEtGF%2FqHNvprr%2B4VfD4Xx42w%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-49p9l cf-ray 8174db45d9bf30c4-FRA x-amz-cf-id NOZ5T1FvxlM-sPOXedAPIAZYtBt01HJV0eSMaldga7RVGKfoDdbh4w==
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	6 KB 4 KB	66ms 13ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 413237d22e25097e3cee2595c2cedccc0d680158bd638a421aecaa1a7237321f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT x-amz-version-id 6Rl00Bao8JSR9sjVJgKGfhCjk_eTdRhI via 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop FRA56-P2 age 140 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.490/bundles/pixels-release.js&cfRay=8174d7d8fd941e57-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 1aa08930-a9d0-47ee-b506-0d20f64a37bd cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 0 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 1aa08930-a9d0-47ee-b506-0d20f64a37bd last-modified Mon, 16 Oct 2023 16:51:04 UTC server cloudflare etag W/"7e8c6b3c97842ae7b4b13d1465637fd9" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-49p9l cf-ray 8174db45d8179042-FRA x-amz-cf-id 5S9ga7oIu2IO8yD9_MQeEPAVLCAEC6Qpt9LATrTByaWs9yGSg_5DfQ== x-hs-target-asset adsscriptloaderstatic/static-1.490/bundles/pixels-release.js
GET H2	200	banner.js Show response js-eu1.hs-banner.com/v2/25755956/	66 KB 20 KB	84ms 39ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/v2/25755956/banner.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c8b6e88e89d0fc9b71504a53a33bf69617ede9a9cd91bf04525d79aff01cbfe Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT x-amz-version-id CQwoOhSt2urxB0aJ.DfTh_RkrgGWOAsX content-encoding br cf-cache-status REVALIDATED x-amz-request-id 1WHFQZMNANY78CAN x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id e073b3be-1ad3-4810-a023-eaf6c82c80cd x-envoy-upstream-service-time 21 x-amz-id-2 mUAR9RwtPYtFHbKi+sJJKODaljVYjaP6aZdG7EQ+cweaKpdcsWqgJbrQJWEN41OugTbFZzrKPUg= x-evy-trace-listener listener_https x-request-id e073b3be-1ad3-4810-a023-eaf6c82c80cd x-evy-trace-route-configuration listener_https/all last-modified Tue, 26 Sep 2023 20:22:59 GMT server cloudflare etag W/"5937aa4e9e159cd166607b689fc7762f" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.facct.ru x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-55f7b4ccdf-4kqp8 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 8174db45ce1f2c3e-FRA expires Tue, 17 Oct 2023 01:49:27 GMT
GET H2	200	tag.js Show response mc.yandex.ru/metrika/	202 KB 70 KB	260ms 117ms	Script application/javascript	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.ru/metrika/tag.js Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash e9597987b6f5f6a1e2c0a9bb76f9728ad3bda5548c3b1341dac1e7708c18ee7e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT content-encoding br strict-transport-security max-age=31536000 last-modified Fri, 06 Oct 2023 14:28:02 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "651fef42-11470" content-type application/javascript access-control-allow-origin * cache-control max-age=3600 timing-allow-origin * content-length 70768 expires Tue, 17 Oct 2023 02:44:27 GMT
GET H/1.1	200 OK	counters.gif forms.hsforms.com/embed/v3/	35 B 1015 B	140ms 121ms	Image image/gif	2606:4700::6811:eff9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:27 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id b428da99-1ae5-40a5-8705-f516719226fa x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b428da99-1ae5-40a5-8705-f516719226fa Server cloudflare X-Trace 2B7C90A2A21CEBF88A017EEFD62571F0C8AD9F36C8000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-79986f96f-r4cs8 Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 8174db462b465b98-FRA
GET H2	200	main-logo.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	3 KB 2 KB	20ms 18ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 1527 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 30 Jan 2023 11:16:06 GMT server nginx etag "d82-5f379576be685-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:28 GMT
GET H2	200	ti.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	61ms 58ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 5919 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "171f-5e27d5c025780" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ExLiiMLArkTwTzodEPn1xAWpfBmgc4a5xIEirYF1HFqoWIqbkxnFZQ== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	asm.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	43ms 41ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 5941 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1735-5e27d5c025780" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id pAR_yNtEuPh4w3M5mInBIU-VADzBzjltEuWlEi6Ou16sGJDqw5n0vw== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	fp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	8 KB 8 KB	36ms 34ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 7844 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1ea4-5e27d5c025780" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id KfkPmJGgDyFsVOOS0OejAo_JtpZbyQ1xT4TvRCZLZ2-9RXJAIwR_pQ== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	drp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	5 KB 6 KB	52ms 50ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software cloudflare / Resource Hash a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-security-policy frame-ancestors 'self'; x-content-type-options nosniff cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 5398 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server cloudflare etag "1516-5e27d5c025780" x-frame-options sameorigin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsUJdnIkDxAOWGpHksoXVH71v7T6HHIQUTnn6kXnY2r%2F2lheyBA5hgvu0rvlGk36y5C3tHzKZZ%2BjSt2OiL1llrNHOqY5gfzllbLpsOBm7%2BUsgEY0Cg%2FUqUK5H4a5kCDtuH4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() vary Accept-Encoding accept-ranges bytes cf-ray 8144bbcdbaa0693d-FRA x-amz-cf-id M5OePa2vfOi41hFKjO0-OQ-UJ1pJRLi7ciZnuL9yfeZpMnvE-axN2Q== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	mxdr.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	43ms 41ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 6506 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "196a-5e27d5c025780" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id fDCXD4azrAf8yZ6pVMXS1U6cDK-gZae8LtPdyTXK4encyGsp_0a3mA== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	bep.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	37ms 35ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 6362 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "18da-5e27d5c025780" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id wZo_iwUcPOdVQH5FPbjJkcQe0iS9sWzQJwhWnAU37HrhxJWo4Na1AQ== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	ransomware-uncovered-2021-2022-min.png website.cdn.group-ib.com/wp-content/uploads/	300 KB 301 KB	46ms 45ms	Image image/png	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/ransomware-uncovered-2021-2022-min.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 97c6278026ce74aaa83a3863c3123957c11fa7e257540145ccdf2989265fad2f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront content-length 307541 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 08 Nov 2022 11:39:36 GMT server nginx etag "4b155-5ecf3fe97d2f8" x-frame-options sameorigin vary Accept-Encoding content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id HncsuIVqPcjcYiixEjQ9ogj1_el4lSAxO1iKEj888vO1O-2t4RbqxA== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	armada-conti-map-en.jpg website.cdn.group-ib.com/wp-content/uploads/	300 KB 301 KB	40ms 39ms	Image image/jpeg	2600:9000:2156:6000:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/armada-conti-map-en.jpg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:6000:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5421bfd0e5b725ab3a5baac1ad9c125e562d7bf9a0dbfe2a82080263eaa54b6e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Tue, 17 Oct 2023 01:44:28 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 307380 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 01 Nov 2022 08:04:42 GMT server nginx etag "4b0b4-5ec642d2fd21b" x-frame-options sameorigin content-type image/jpeg access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id NNQe8_0_tbxTfiz53Y358imxvZRJzp6YhTTMM6WQkQJxiRridXmcRw== expires Tue, 17 Oct 2023 01:44:27 GMT
GET H2	200	check-icon--lbg.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	772 B 468 B	20ms 19ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 44338445c0ea67505f36e42a481bc4625633b613b50bdb57c073993b596c3328 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 382 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 25 Nov 2022 14:17:28 GMT server nginx etag "304-5ee4c2e7788b2-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Tue, 17 Oct 2023 02:14:28 GMT
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	59ms 42ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id d3de1105-cd44-4908-88d5-1f0c70cafb83 x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d3de1105-cd44-4908-88d5-1f0c70cafb83 Server cloudflare X-Trace 2BFA1B3FC0D1CFFB9DB64FD118392402B87F4042F1000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-hn9qf Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 8174db479b269bdd-FRA
GET H2	200	collect px.ads.linkedin.com/	0 532 B	214ms 178ms	Image application/javascript	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1697507068091&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:27 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: EABC6CEDAE2241538A96B12E0D2E4B45 Ref B: FRAEDGE2015 Ref C: 2023-10-17T01:44:28Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYH36nN++p5gJxaUIWBmw==
GET H2	200	6si.min.js Show response j.6sc.co/	60 KB 16 KB	60ms 13ms	Script application/javascript	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash a09fe9b9f8deb402e85425e864ed0d7bd28a382f8e4b5e5ad1a6bb3ad3030ce3 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 09 Oct 2023 17:32:21 GMT server nginx/1.14.0 (Ubuntu) etag "65243925-f02a" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 16343 expires Tue, 17 Oct 2023 01:44:28 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/	3 KB 2 KB	73ms 29ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/?random=1697507068174&cv=11&fst=1697507068174&bg=ffffff&guid=ON&async=1&gtm=45He3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&hn=www.googleadservices.com&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&auid=1203480837.1697507068&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0f7681b933a7ebe3071eb448d46e1029c0b0b9429542a8c0bc456d6770faabe4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1355 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	NeverBounce.js Show response cdn.neverbounce.com/widget/dist/	96 KB 29 KB	81ms 9ms	Script application/javascript	13.32.27.88 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.neverbounce.com/widget/dist/NeverBounce.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-88.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Mon, 16 Oct 2023 05:37:00 GMT content-encoding gzip via 1.1 dca6db3c8f31f3cd48bb06d78a8be624.cloudfront.net (CloudFront) last-modified Mon, 02 Mar 2020 18:37:33 GMT server AmazonS3 x-amz-cf-pop FRA56-C2 age 72642 etag W/"c1e06621030dfcba15b88abbcaa546eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id 67uN0H-Z_Orqoe93jj2o9cMlDu-n-s3onjElSKa_utCAoHbP-oUnpg==
GET H2	200	63e267f61a03d71ea3df5fe7 Show response ws.zoominfo.com/pixel/	3 KB 2 KB	354ms 318ms	Script text/javascript	2606:4700::6810:880f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 33106fd2b968b834e4168d44901901eeb2832422eee2c8909813f866cd83aab8 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-allow-credentials true cf-ray 8174db4859a9912b-FRA access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok alt-svc h3=":443"; ma=86400
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	198 KB 53 KB	32ms 8ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 564a53ce84ae022b30816d44aa48589ebfe170c226b098d0245c47fe13341c67 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 17 Oct 2023 01:44:28 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 53498 x-xss-protection 0 pragma public x-fb-debug NI97q55pVx7t4J5iKmyf24E2GWZYdVhR9LwJQlR5QUKMMnn8ktmr/VPBfACCSaCCaz87ekkb7rSvCbVTy0KQKA== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	287 KB 93 KB	33ms 32ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bee493d228f71ce30a36eab2dab1f62a92e5b8900bc09addb13a459c6ddf6595 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 95441 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 17 Oct 2023 01:44:28 GMT
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1697507068180%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fr... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=tr...	0 265 B	223ms 158ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJqigK_N7HIbwAAAYs7Tkt8gOdALBcHV6r309nsrxP84ibqDc_3lqJ6kJUQpFaUgl-LM9d3YSvU Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 9113674F54C64EE589D8B0E401F30F69 Ref B: FRAEDGE2010 Ref C: 2023-10-17T01:44:28Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYH36naELalXdgOQhOXpw== Redirect headers date Tue, 17 Oct 2023 01:44:28 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 46F5662562E94725BAE0B98FA8449691 Ref B: FRAEDGE2015 Ref C: 2023-10-17T01:44:28Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1697507068180&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJqigK_N7HIbwAAAYs7Tkt8gOdALBcHV6r309nsrxP84ibqDc_3lqJ6kJUQpFaUgl-LM9d3YSvU x-li-proto http/2 content-length 0 x-li-uuid AAYH36nWwRAfpXTAzEWfEQ==
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	250 B 1 KB	66ms 32ms	XHR application/json	2a06:98c1:3200::90:3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 239a4fdb-7fdb-4a4b-bc2f-5e48995146a8 content-encoding br x-envoy-upstream-service-time 10 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 239a4fdb-7fdb-4a4b-bc2f-5e48995146a8 server cloudflare x-trace 2B2E5E0AD188B0BB0E8D1F85275CFC67AEF8784B6F000000000000000000 vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-86f46d6c7b-7s7kj report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4ZlEKTmO%2Beu%2FX5etfoDHJmvuHDZQ8JqunnYaFcP0nz%2BdKdn8iw7W8szWi3Ce1f%2FGOV3uIwDA8WRuQNpAJxdfY0O81pfPViNKKletLUbDmhilHBHeFzvfjnFpZ720%2FJ7qYBNrzAyecyVFcUJq7nTRw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8174db487be13735-FRA access-control-allow-headers *
GET H2	200	combinedConfigs Show response cta-eu1.hubspot.com/web-interactives/public/v1/embed/	207 B 1 KB	91ms 36ms	Fetch application/json	172.65.198.159 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e1f5dae1f231a3e6c42993418f2c2b7670e62db5b3ffee9afe0afa6657504f5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 35e7c115-3a63-41db-90b1-1538feaac2c5 content-encoding br x-envoy-upstream-service-time 11 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 35e7c115-3a63-41db-90b1-1538feaac2c5 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBg%2FcjBoSkXJrP6zI4E9id%2BXQC1UrZt%2Fskq7elH8jOq%2FAXsUq8xyGKRRiPf20U2F%2B1xHRhYAGmoCmFIFx7utGPNNfnf9gBFwpcd8ZqNyLGGDKRLktJO%2FQIV7oKbsf%2FfebRT5Awo%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 8174db48dbb01c17-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	json Show response forms-eu1.hscollectedforms.net/collected-forms/v1/config/	116 B 433 B	47ms 37ms	XHR application/json	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=25755956&utk= Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c1f12dcb-004f-4028-bda0-2562e757e7ca x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c1f12dcb-004f-4028-bda0-2562e757e7ca server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-49p9l access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 8174db48bcf29968-FRA
GET H2	200	sync_cookie_image_decide mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10158.vM4a_QapKtEUecMX1ZDQEi0MMF3iKaa-sX0_uEB6xfrMPrZgQA3YfA0pzceAk1WP.jcMWNcqw-iXkPg1VEawEwoBpers%2C https://mc.yandex.com/sync_cookie_image_decide?token=10158.JaYTsJLjkCzV9d6ujJGCb2-X_5UKZ5Fchvvz5lma2jZ7LxW2eNmdUabk33fvPbA8R3076nvA-u3jpxnmD1GD3v8YsI-LgeKwUwgkBqT-HmY%2C.UYuatO60V-s6sPGx5HD_Bg0DCHQ%2C	43 B 67 B	66ms 66ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide?token=10158.JaYTsJLjkCzV9d6ujJGCb2-X_5UKZ5Fchvvz5lma2jZ7LxW2eNmdUabk33fvPbA8R3076nvA-u3jpxnmD1GD3v8YsI-LgeKwUwgkBqT-HmY%2C.UYuatO60V-s6sPGx5HD_Bg0DCHQ%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide?token=10158.JaYTsJLjkCzV9d6ujJGCb2-X_5UKZ5Fchvvz5lma2jZ7LxW2eNmdUabk33fvPbA8R3076nvA-u3jpxnmD1GD3v8YsI-LgeKwUwgkBqT-HmY%2C.UYuatO60V-s6sPGx5HD_Bg0DCHQ%2C date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H3	200	js Show response www.googletagmanager.com/gtag/	225 KB 78 KB	45ms 45ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 23187f7fa263fb735880354c80ce7485bb14ea732215e8f80c64c9294e5483e3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 79862 x-xss-protection 0 last-modified Tue, 17 Oct 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 17 Oct 2023 01:44:28 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	225 KB 78 KB	35ms 35ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 79f84e1bbba366098b29094018d082552b68cd3f010ddfd86cc3545c7addc2e7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 79855 x-xss-protection 0 last-modified Tue, 17 Oct 2023 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 17 Oct 2023 01:44:28 GMT
GET H2	200	advert.gif mc.yandex.com/metrika/	43 B 185 B	60ms 59ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/metrika/advert.gif Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 last-modified Fri, 06 Oct 2023 14:26:04 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "651feecc-2b" content-type image/gif access-control-allow-origin * cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 43 expires Tue, 17 Oct 2023 02:44:28 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	18ms 17ms	XHR text/html	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.group-ib.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	23 B 317 B	78ms 8ms	XHR text/html	2a02:26f0:480:23::1726:629c AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:23::1726:629c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 0c9124ad911c859421e2b689e41b0057bae19a568e34161cd253fa8258e86228 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT vary Origin content-type text/html access-control-allow-origin https://www.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a00:c98:2030:a004:1::9 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1697507068359_388391900_375370786_23_1299_7_15_219";dur=1 content-length 23 expires Tue, 17 Oct 2023 01:44:28 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	209ms 208ms	Image image/gif	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=1666b6dc-2880-41c7-8151-04a192070cdd&session=5be163a9-e352-4879-8071-a2b6542f7705&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2017%20Oct%202023%2001%3A44%3A28%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20well-known%20complete%20guide%20to%20the%20latest%20tactics%2C%20techniques%2C%20and%20procedures%20of%20ransomware%20operators%20based%20on%20MITRE%20ATT%26CK%C2%AE%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pageViewId=f75d3593-663a-4643-8a27-1cf98ca5300b&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	209ms 209ms	Image image/gif	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=1666b6dc-2880-41c7-8151-04a192070cdd&session=5be163a9-e352-4879-8071-a2b6542f7705&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2017%20Oct%202023%2001%3A44%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2017%20Oct%202023%2001%3A44%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2017%20Oct%202023%2001%3A44%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20well-known%20complete%20guide%20to%20the%20latest%20tactics%2C%20techniques%2C%20and%20procedures%20of%20ransomware%20operators%20based%20on%20MITRE%20ATT%26CK%C2%AE%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pageViewId=f75d3593-663a-4643-8a27-1cf98ca5300b&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/10897073384/	42 B 455 B	62ms 25ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10897073384/?random=1697507068174&cv=11&fst=1697504400000&bg=ffffff&guid=ON&async=1&gtm=45He3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&fmt=3&is_vtc=1&random=1789462262&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/10897073384/	42 B 455 B	64ms 27ms	Image image/gif	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10897073384/?random=1697507068174&cv=11&fst=1697504400000&bg=ffffff&guid=ON&async=1&gtm=45He3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&fmt=3&is_vtc=1&random=1789462262&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	62 B 282 B	389ms 112ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_321104 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash a2db38a31d7a5158ab26a7f1c055b7201512959472bf089f9f012251987ae7fe Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	476ms 200ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_342874 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash 2c42017e968ab3b67938fc83fde92649c0552cd3b6a715ef4b38794c690943c8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	61 B 280 B	391ms 116ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_85801 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash 4d1f53e4a9b1678dcf1d40b9a1d115f9429ecae78ef2d3da0ba624877d62ffcf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	62 B 281 B	389ms 115ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_882827 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash cecb4841e5be6e8454ddca972920df24f55945f81fd8024b6c3fa66f2b0390dd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	473ms 198ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_168898 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash 15fb1a0741d58f065f6df4bb4a54b6e20659f10cb9e4691d58987e3ba6a6b3cf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	61 B 280 B	387ms 114ms	Script application/javascript	34.198.22.223 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_99461 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.198.22.223 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-198-22-223.compute-1.amazonaws.com Software nginx / Resource Hash 8b157876321290d4b5425f37112612eaf3951611ce0e582a515071e9aa18a816 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	327ms 26ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=6 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 7058165b-8647-40e1-ba2c-36f9114dcde3 x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7058165b-8647-40e1-ba2c-36f9114dcde3 Server cloudflare X-Trace 2BEEED78E10E8C601FA7DE6A7D85CF0F4C01A58EC5000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-hn9qf Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 8174db4b9d799bdd-FRA
GET H2	200	649324202964935 Show response connect.facebook.net/signals/config/	141 KB 36 KB	78ms 78ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.134&r=stable&domain=www.group-ib.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 159950096492a963e1d167bf53b49aaa3d33db34d629c51d34dd233d01ea1ae5 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 17 Oct 2023 01:44:28 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug Lh/P4a5KUs8A5WC2MZ3ESEJhnpLRx/kcTyDTa8zSr/YiZZwgHwl85fykC1+1rkNIiiBfORaBF7BnD9eCoR58Mg== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	215ms 215ms	Image image/gif	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=1666b6dc-2880-41c7-8151-04a192070cdd&session=5be163a9-e352-4879-8071-a2b6542f7705&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2030%3Aa004%3A1%3A%3A9%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20well-known%20complete%20guide%20to%20the%20latest%20tactics%2C%20techniques%2C%20and%20procedures%20of%20ransomware%20operators%20based%20on%20MITRE%20ATT%26CK%C2%AE%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pageViewId=f75d3593-663a-4643-8a27-1cf98ca5300b&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 944 B	32ms 31ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=7ede8390-6c41-11ee-aa79-da1bd8a916dd&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=wkgavJdcPQS%2FiKcv7gDloInmdIpmUleJwSOA1RWENVpbpiy%2FVpjbobHtDNzSwXxTK1OZJJk%2BIKJEj%2F5gbXyMR8sMJFF4o0H%2BxfOlNZ%2FDG6wjla5c10u8Ko08muACUjh8GNV95AJvzCNlAZrgs%2F9lE9AVhNN2YjI%2Fc5gk Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 92100898aca60c094a0c591c60d52e49ef77a0bab39969064a1e69a4e8c87ecf Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 uQHc2qMe0f15emuYgQ+Tfkj11iwP1BeZw75j+X0boEni5Dyt0Mzdxr0uGYH5jzCt3+0OOp4cXmodVKr3YG8GTBRWc+IwDSt1ozUXDd1wFhAQNMS5H+sGBxDnxq6xvgCXbeGGV2sWeHaNHM09SvI+qC9d+E6FpNZAy8TZc9CPH0nvFEg56JgoAuocnrzwNDhvV2iTAwH+l+qyU3SNe6bSasnPD8xXxns8QBesakr5nRJZDOG93h0l5aHh1UkVPQ== Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 j8vS97024e5c6ddf64a39a822ef7a6f65efa7515 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 17 Oct 2023 01:44:28 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 3 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
POST H2	204	collect region1.analytics.google.com/g/	0 255 B	60ms 17ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je3ab0&_p=1621427832&_gaz=1&cid=1086865314.1697507069&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&sid=1697507068&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&dt=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 255 B	61ms 21ms	Ping text/plain	2a00:1450:400c:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=1086865314.1697507069&gtm=45je3ab0&aip=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	26ms 25ms	Image image/gif	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=1086865314.1697507069&gtm=45je3ab0&aip=1&z=1111791556 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	counters.gif perf-eu1.hsforms.com/embed/v3/	35 B 1 KB	60ms 30ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Date Tue, 17 Oct 2023 01:44:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id ad7d555e-ea62-43d1-9428-c820cb7dd545 x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ad7d555e-ea62-43d1-9428-c820cb7dd545 Last-Modified Tue, 17 Oct 2023 01:44:28 GMT Server cloudflare X-Trace 2BA5D43659990F558B6621D22AD587FDF638FA5442000000000000000000 Vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-hn9qf Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false Accept-Ranges bytes X-Robots-Tag none CF-RAY 8174db4aafd73731-FRA
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	3 KB 2 KB	32ms 31ms	Script text/javascript	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1697507068566&cv=11&fst=1697507068566&bg=ffffff&guid=ON&async=1&gtm=45be3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&hn=www.googleadservices.com&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1203480837.1697507068&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef91bb20de31e42ad3bea739da05a8eeebd565bcf7b1b0d871599aa559dec3ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1372 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	1 Show response mc.yandex.com/watch/26812653/ Redirect Chain https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%... https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strateg...	435 B 769 B	65ms 65ms	XHR application/json	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A468%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A1217222266971%3Ahid%3A1022854372%3Az%3A120%3Ai%3A20231017034428%3Aet%3A1697507068%3Ac%3A1%3Arn%3A172740416%3Arqn%3A1%3Au%3A1697507068683850871%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C21%2C8%2C0%2C0%2C%2C696%2C38%2C%2C%2C%2C791%3Aco%3A0%3Acpf%3A1%3Ans%3A1697507067033%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697507069%3At%3ARansomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 4a0a6a375167c32a3322873f2701667d12a63cc721e118f5ff4dada933be2df1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff last-modified Tue, 17-Oct-2023 01:44:28 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 435 x-xss-protection 1; mode=block expires Tue, 17-Oct-2023 01:44:28 GMT Redirect headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 last-modified Tue, 17-Oct-2023 01:44:28 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA location /watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A468%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A1217222266971%3Ahid%3A1022854372%3Az%3A120%3Ai%3A20231017034428%3Aet%3A1697507068%3Ac%3A1%3Arn%3A172740416%3Arqn%3A1%3Au%3A1697507068683850871%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C21%2C8%2C0%2C0%2C%2C696%2C38%2C%2C%2C%2C791%3Aco%3A0%3Acpf%3A1%3Ans%3A1697507067033%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1697507069%3At%3ARansomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true x-xss-protection 1; mode=block expires Tue, 17-Oct-2023 01:44:28 GMT
GET H2	200	/ www.facebook.com/tr/	0 185 B	38ms 7ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&if=false&ts=1697507068606&sw=1600&sh=1200&v=2.9.134&r=stable&ec=0&o=30&fbp=fb.1.1697507068603.383125542&cs_est=true&it=1697507068442&coo=false&rqm=GET Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Tue, 17 Oct 2023 01:44:28 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 108 B	27ms 26ms	Image image/gif	2a00:1450:4001:806::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1697507068566&cv=11&fst=1697504400000&bg=ffffff&guid=ON&async=1&gtm=45be3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1396726657&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 64 B	27ms 27ms	Image image/gif	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1697507068566&cv=11&fst=1697504400000&bg=ffffff&guid=ON&async=1&gtm=45be3ab0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&frm=0&tiba=Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1396726657&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers pragma no-cache date Tue, 17 Oct 2023 01:44:28 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	sync_cookie_image_decide_secondary mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check_secondary https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10158.n_r_CBKEVTuOYZ7b7K2ECjy_6Us7V5VP2N4joNWnOpWUDN69GxXwkAvUpYh6CKW_.ps1-RAYAvC0psu_z5ltnGtfNi98%2C https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10158.CcUV064BjOmMNLOMs43yg7z_XXenKXMEXjFXQPmBgtzlYZ-T9Wozf1jGbA92S7ajahgU3b0z2R6jxgYJw1ovRdzwt92yvEQ6g9UwYUMEiLY%2C.55jwuAEoqrYhXxWYK...	43 B 79 B	63ms 62ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10158.CcUV064BjOmMNLOMs43yg7z_XXenKXMEXjFXQPmBgtzlYZ-T9Wozf1jGbA92S7ajahgU3b0z2R6jxgYJw1ovRdzwt92yvEQ6g9UwYUMEiLY%2C.55jwuAEoqrYhXxWYKBi4hk_Wsis%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/resources/research-hub/ransomware-2022/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10158.CcUV064BjOmMNLOMs43yg7z_XXenKXMEXjFXQPmBgtzlYZ-T9Wozf1jGbA92S7ajahgU3b0z2R6jxgYJw1ovRdzwt92yvEQ6g9UwYUMEiLY%2C.55jwuAEoqrYhXxWYKBi4hk_Wsis%2C date Tue, 17 Oct 2023 01:44:28 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H3	200	709834390277869 Show response connect.facebook.net/signals/config/	138 KB 36 KB	98ms 97ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/709834390277869?v=2.9.134&r=stable&domain=www.group-ib.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 76631339cbb636125ff94e2d21652dbf0f83343cb2afa962f14840f80525de9a Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 17 Oct 2023 01:44:29 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug qZpVZwnQRoo2WKN34yBxjIgUw9+Gz070Oh5fx8zTxXje4fy3es9GeDX884OdKwWTACBdlVHoNvAJYcRRvYJTsg== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	91ms 36ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069113&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3a55fdce-9cb1-47d3-851a-72757c0e67bb p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3a55fdce-9cb1-47d3-851a-72757c0e67bb last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=keAN4CoNWGSDcjyBzoUEaAFlodN4yZVkxb7x2dn3tglE%2FYm5ZlfdGHJdZ3pdwu1BPd2iwshyLdkGiu4onhSytGvNdAvCW32oyusYShptU2ZEF5%2Bsf3A6ut%2BFThdjOddb9I5efDjG1Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-6dqn6 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4e9bba2c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 627 B	42ms 39ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=38fd9d51-0ed6-49b9-b709-adbd40a35d53&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069118&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id fd3f8ed0-e330-40fe-ac0b-8769e052d108 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id fd3f8ed0-e330-40fe-ac0b-8769e052d108 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmCCg8JKnCX7iDL5R5xNaIQpvNKUFQ1MA30mAZeUiZElDDVWI8WpRC1tfKoJEXydjW7LP2EttmI%2BCC%2FAQTtRszG3Udl6Jbk6EFkcUG63Fu5rdg8NuUTeZYXdCWU3qCrC6uQdqMRT0A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-gjpms x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc12c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 632 B	42ms 40ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=49fccd2c-7068-40c5-9379-18175042cf56&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069121&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 5a388dac-fa2e-4aec-adc3-71e890396964 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5a388dac-fa2e-4aec-adc3-71e890396964 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1b52E%2BCT4Ah%2Fu6VmQ8HbsOys%2BJG8PNrikG0h89kehVC9JKyoAe9caYtxlqb1nIW9HIY9%2F1BD57mioY%2BSDMy%2Bjz0JOhdsSyCejj5EdbRTrnFXTTgavUwkEzegN6TY32gvparC4eUrg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-nzf8k x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc32c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 633 B	36ms 34ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=737a6037-bb1b-492e-ad3e-7d782ef35d6a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069124&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id ffc232af-93c9-4dbe-bce7-016390da461d p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ffc232af-93c9-4dbe-bce7-016390da461d last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OK03KKHs4kpO5No%2FezXADnfd24t5AlTD7STf2DmcXoyH2GgaRWbMqnczIPerarNOvMLxBowUmPKDisLv2AO1%2Bio4NrB5opSfFS%2Fclf2oa4nzGXzdDl5fNCRoL6Hq1fuQfrmmLd0nQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-f8bzw x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc42c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 635 B	40ms 38ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=fec8ebd7-2fbb-428e-adb1-2ed1cfb1849c&fci=fe136c1a-62a4-4f9b-8686-c65167fb7f29&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069126&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 80cd8a70-fd49-43f6-b7ab-651bb956d4b1 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 80cd8a70-fd49-43f6-b7ab-651bb956d4b1 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=adsGmiWeE5TIcte%2F6wtvNyRxEL1uyJ14Vss9lgQLZeStvqi%2Bh53So%2FzvMBDhzDpvvHJjCaNxcbeDfJVsAut51%2FVqMfoFYnTL25OAZmM0wkGPrqT6t6TO3jDBlbO32xQbxayp%2BwdKRA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-f4fv2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc62c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	48ms 46ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=06855862-7e25-41e7-8788-08c217e573ca&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069129&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 50d70781-d248-476c-b2d7-4f2a206fa286 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 13 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 50d70781-d248-476c-b2d7-4f2a206fa286 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oIM87hppKRbz3iuKOceSvGuYOoGNnwbghzZBAtY%2BjaPIA8OWwqmhWqkFc9emW4k7JhOrWt%2FIe3UU2EA25hF14XJ89F5nwiScwU9j4pGQQH%2FmYed3FMwbc2ZhalNPtzOfSWyCCDjXWA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-6dqn6 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc72c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 635 B	37ms 35ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=eb903dab-0ef3-43b5-bdeb-71372e6ad0f0&fci=10b7f378-d84b-4a5d-a581-9af9ec94a9d2&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069132&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b378118d-8fd5-41e1-b30d-dee798e5723a p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 1 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b378118d-8fd5-41e1-b30d-dee798e5723a last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58eyKJfYdUwOdTaCPMmZoCNAJHq57U1GhNFh%2Fq6PRhoaTYgz5blSRmyha5eOXFV11UG%2BLV4Zdc%2F77PKBDA%2BljqYy%2BstxVh33YTkpsqEvgwjnd3n1qN6qCsb7aut2NCmXEiIBWfVVWw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-nh8kq x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc82c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	42ms 40ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=737a6037-bb1b-492e-ad3e-7d782ef35d6a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069137&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8cb59c74-17b5-473a-94e5-75d4dd607363 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8cb59c74-17b5-473a-94e5-75d4dd607363 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jd0T00PCpBVcGetESmr5%2BFj%2FHmuxsvC6Bc9UOE5P%2Bsml7VEQ%2BtIGxUbGV7NLtIpiS9tfYbrQQIYWLRkCdA4BNcYQzCClSTfOKVayVQMp0ok%2BqZ4WCxBjpVykJlRjh2gV%2F786sXPpPA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-2ffwm x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabc92c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 635 B	45ms 43ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=38fd9d51-0ed6-49b9-b709-adbd40a35d53&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069141&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id e9753f82-fb12-49cd-b5db-939af40a29cb p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id e9753f82-fb12-49cd-b5db-939af40a29cb last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UzxKo%2Fb3jpmkqERogUM8jajX4hgdOfufcjgzraj5OE14%2Bu3iXJFfuuLwo4Cj%2FvSXPHnkoaGyuqEQIejhlceYOtfZxS6AhPpX03j%2FSUEnivT02xemVbhbQSnVmbM1GUXgYTl7iqUr3Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-7vcxx x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabca2c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 644 B	46ms 45ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=49fccd2c-7068-40c5-9379-18175042cf56&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069144&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b241bb28-dd35-47c4-8404-606ad32ad58c p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b241bb28-dd35-47c4-8404-606ad32ad58c last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yy069QgE04%2FnIslzs3dVd0tCTJ6LYa%2Bv%2B92ZIPZwOW6i2su8U0P%2BygiRYU%2BSipNaw%2Bq1c3JUFnFPXuEpsSjF3NCc%2FE%2B%2BbKWt6b4CL8%2B4ZEk1OlLe0di4AcFd2%2FWaDJnvsN9AA8rkJA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-7pz7j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabcb2c3e-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	39ms 37ms	Image image/gif	172.65.240.166 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=fec8ebd7-2fbb-428e-adb1-2ed1cfb1849c&fci=fe136c1a-62a4-4f9b-8686-c65167fb7f29&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&t=Ransomware+Uncovered+2021%2F2022+%7C+Group-IB+Research&cts=1697507069147&vi=88b23508a2c4e7e35a975ce44d138227&nc=true&u=84897990.88b23508a2c4e7e35a975ce44d138227.1697507069105.1697507069105.1697507069105.1&b=84897990.1.1697507069106&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 264d8dab-6edc-4b27-86a2-82485390a164 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 264d8dab-6edc-4b27-86a2-82485390a164 last-modified Tue, 17 Oct 2023 01:44:29 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S55%2FA3hlycFkh8D6yWph3a1xeFkIScE1RNPQV%2F7yuCKIkAZG0GV9Ak1ShBXlAmKnxyiaUctivv1huH0XVREH04W911kgdphsIpI83fJralZCASVtgJDSdMcgfi%2B9PyHJBRCwnLLcAA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-74554d9fd-f8bzw x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 8174db4eabcc2c3e-FRA x-robots-tag none
GET H2	200	/ www.facebook.com/tr/	0 54 B	8ms 8ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&if=false&ts=1697507069264&sw=1600&sh=1200&ud[external_id]=88b23508a2c4e7e35a975ce44d138227&v=2.9.134&r=stable&ec=0&o=30&fbp=fb.1.1697507068603.383125542&cs_est=true&it=1697507068442&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Tue, 17 Oct 2023 01:44:29 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	198ms 198ms	Image image/gif	104.115.82.25 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=1666b6dc-2880-41c7-8151-04a192070cdd&session=5be163a9-e352-4879-8071-a2b6542f7705&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20Oct%202023%2001%3A44%3A29%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20Oct%202023%2001%3A44%3A28%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20well-known%20complete%20guide%20to%20the%20latest%20tactics%2C%20techniques%2C%20and%20procedures%20of%20ransomware%20operators%20based%20on%20MITRE%20ATT%26CK%C2%AE%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pageViewId=f75d3593-663a-4643-8a27-1cf98ca5300b&v=1.1.7 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.115.82.25 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-115-82-25.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Tue, 17 Oct 2023 01:44:29 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 775 B	16ms 15ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=7ede8390-6c41-11ee-aa79-da1bd8a916dd&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=D9Qkf%2FgEQ9WqC%2BNwuwJ7DpZDyqpZ9YQuA%2FXxbldOH4yCmlpphci8qGPBfMCXvSoswiKe0cbSBbcDTUp8vp%2BjuVwQLJyzBqseeVYez92XrWXfX3DDZH%2BLeBksTOZRSAWflI3fGP3ZkaexKyQfD1bcl0TJ56ZIN1UcTydx Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 95c5470893e01c9012d24c5d73763a332e36d9e95209d399c37c1a7db8fee952 Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 fCGC0FJq667NoVfrP2cgA0FbjFKHgYE5ChbFDQ+H0sGS9KnyEGP6cYuo+HGZzAX2KoSVc+oVp+4vbx9nuWuGlIklVJMH5zX6Hxl26PnWxt29oScQitI1C1KlvMMjw4vz4JsADjroafqh5K6wci9bikESvldSWcYMfEAs0yPCNrH8TW8l6NGpMLmHgcBJmRigWKhT5/BJSPnLXKagBuoEhAcZ3SuUBtfIyy2bmy05/uVww1CsBJe/7nKHyrh6VA== Referer https://www.group-ib.com/resources/research-hub/ransomware-2022/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 ZfJf09a7e4cdd063a14e25de337b9b7d10e6f8ed Content-Type text/plain;charset=UTF-8 Response headers date Tue, 17 Oct 2023 01:44:29 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET		img.gif b.6sc.co/v1/beacon/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

b.6sc.co

URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=1666b6dc-2880-41c7-8151-04a192070cdd&session=5be163a9-e352-4879-8071-a2b6542f7705&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20Oct%202023%2001%3A44%3A30%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20Oct%202023%2001%3A44%3A29%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20well-known%20complete%20guide%20to%20the%20latest%20tactics%2C%20techniques%2C%20and%20procedures%20of%20ransomware%20operators%20based%20on%20MITRE%20ATT%26CK%C2%AE%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Ransomware%20Uncovered%202021%2F2022%20%7C%20Group-IB%20Research%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fresources%2Fresearch-hub%2Fransomware-2022%2F&pageViewId=f75d3593-663a-4643-8a27-1cf98ca5300b&v=1.1.7