www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://group-ib.com/cert.html
Effective URL:
https://www.group-ib.com/cert.html
Submission: On March 02 via api (March 2nd 2023, 1:28:02 pm UTC) from TR — Scanned from DE

Summary HTTP 99 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 32 IPs in 7 countries across 23 domains to perform 99 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com. The Cisco Umbrella rank of the primary domain is 787660.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 28th 2022. Valid for: a year.

This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 36	3.72.181.255 3.72.181.255	16509 (AMAZON-02) (AMAZON-02)
2	3.72.191.153 3.72.191.153	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	172.65.255.172 172.65.255.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
6	104.64.113.114 104.64.113.114	16625 (AKAMAI-AS) (AKAMAI-AS)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.32.99.57 13.32.99.57	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.17.9.184 185.17.9.184	49505 (SELECTEL) (SELECTEL)
1	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
2	142.251.208.98 142.251.208.98	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:225e:bc00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	() ()
1	13.107.42.14 13.107.42.14	() ()
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	52.3.31.211 52.3.31.211	() ()
1	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:11a... 2a02:26f0:11a:3a2::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:402... 2a00:1450:4025:402::9d	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2 7	2a00:1450:400... 2a00:1450:4001:808::2004	() ()
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	() ()
3	2a00:1450:400... 2a00:1450:400d:802::200e	() ()
99	32

36 3.72.181.255 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.72.191.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-191-153.eu-central-1.compute.amazonaws.com

fhp-aws-antibot-back.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.92.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-lon09.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.64.113.114 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-113-114.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-57.fra60.r.cloudfront.net

cdn.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.17.9.184 (St Petersburg, Russian Federation)

ASN49505 (SELECTEL, RU)

ru.id.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.208.98 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s41-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:bc00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (None, ) 3 redirects

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (None, )

ASN- ()

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.31.211 (None, )

ASN- ()

api.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a:3a2::1c91 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4025:402::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2004 (None, ) 2 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (None, )

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:802::200e (None, )

ASN- ()

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	group-ib.com 2 redirects group-ib.com — Cisco Umbrella Rank: 98203 fhp-aws-antibot-back.group-ib.com www.group-ib.com — Cisco Umbrella Rank: 787660 ru.id.group-ib.com — Cisco Umbrella Rank: 188954	9 MB
11	google.com 2 redirects region1.analytics.google.com — Cisco Umbrella Rank: 4370 www.google.com google.com	2 KB
8	google.de www.google.de — Cisco Umbrella Rank: 6149	1 KB
8	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 77	8 KB
7	6sc.co j.6sc.co — Cisco Umbrella Rank: 6488 c.6sc.co — Cisco Umbrella Rank: 9745 ipv6.6sc.co — Cisco Umbrella Rank: 6917 b.6sc.co	13 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	338 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
3	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 31541 forms.hsforms.com — Cisco Umbrella Rank: 3883	27 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	222 KB
2	facebook.com www.facebook.com	235 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 163	4 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	20 KB
2	neverbounce.com cdn.neverbounce.com — Cisco Umbrella Rank: 101049 api.neverbounce.com	29 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	1 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 377	822 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 628	396 B
1	t.co t.co — Cisco Umbrella Rank: 536	375 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 813	377 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4464	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 704	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 633	15 KB
1	marketo.com app-lon09.marketo.com — Cisco Umbrella Rank: 352159	69 KB
1	hsforms.net js-eu1.hsforms.net — Cisco Umbrella Rank: 73795	159 KB
99	23

	Domain	Requested by
30	www.group-ib.com	group-ib.com www.group-ib.com fhp-aws-antibot-back.group-ib.com
8	www.google.de	www.group-ib.com
7	www.google.com	2 redirects www.group-ib.com
6	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com
6	group-ib.com	2 redirects fhp-aws-antibot-back.group-ib.com
5	www.googletagmanager.com	www.group-ib.com www.googletagmanager.com
4	b.6sc.co	www.group-ib.com
3	google.com	fhp-aws-antibot-back.group-ib.com
3	connect.facebook.net	www.group-ib.com group-ib.com connect.facebook.net
2	www.facebook.com	www.group-ib.com
2	stats.g.doubleclick.net	fhp-aws-antibot-back.group-ib.com
2	px.ads.linkedin.com	2 redirects
2	www.googleadservices.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.group-ib.com
2	forms-eu1.hsforms.com	fhp-aws-antibot-back.group-ib.com www.group-ib.com
2	fonts.googleapis.com	www.group-ib.com
2	fhp-aws-antibot-back.group-ib.com	group-ib.com www.group-ib.com
1	region1.analytics.google.com	fhp-aws-antibot-back.group-ib.com
1	ipv6.6sc.co	fhp-aws-antibot-back.group-ib.com
1	c.6sc.co	fhp-aws-antibot-back.group-ib.com
1	secure.adnxs.com	fhp-aws-antibot-back.group-ib.com
1	api.neverbounce.com	cdn.neverbounce.com
1	analytics.twitter.com	www.group-ib.com
1	t.co	www.group-ib.com
1	px4.ads.linkedin.com	www.group-ib.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	fhp-aws-antibot-back.group-ib.com
1	forms.hsforms.com	www.group-ib.com
1	ru.id.group-ib.com	www.group-ib.com
1	ws.zoominfo.com	group-ib.com
1	cdn.neverbounce.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	group-ib.com
1	app-lon09.marketo.com	www.group-ib.com
1	js-eu1.hsforms.net	www.group-ib.com
99	36

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
www.first.org
www.trusted-introducer.org
www.oic-cert.org
apwg.org
www.ngnintl.com
tf-csirt.org
t.me
instagram.com

Subject Issuer	Validity	Valid
www.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-28` - `2023-06-28`	a year	crt.sh
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-29` - `2023-07-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-09`	2 months	crt.sh
app-lon09.marketo.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
neverbounce.com Amazon RSA 2048 M02	`2023-02-13` - `2024-03-12`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2022-04-21` - `2023-04-21`	a year	crt.sh
*.id.group-ib.com R3	`2022-12-29` - `2023-03-29`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.group-ib.com/cert.html
Frame ID: 6B486CAA103FCC01A220F2A25B638FBA
Requests: 111 HTTP requests in this frame

Frame: https://ru.id.group-ib.com/id.html
Frame ID: 4DC78A41119EE73CB779551B9D1550BB
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A9A89E9C235932DC0D3A8899ED0B3A1B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Response to information security incidents - CERT-GIB

Page URL History Show full URLs

http://group-ib.com/cert.html HTTP 301
https://group-ib.com/cert.html Page URL
https://group-ib.com/cert.html HTTP 301
https://www.group-ib.com/cert.html Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

99
Requests

96 %
HTTPS

53 %
IPv6

23
Domains

36
Subdomains

32
IPs

7
Countries

10484 kB
Transfer

12812 kB
Size

38
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/groupibHQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/organization/1382013/

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB_GIB

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/GroupIBGlobal

Search URL Search Domain Scan URL

URL: https://www.first.org/members/teams/cert-gib
Title: A member of the Forum of Incident Response and Security Teams (FIRST)

Search URL Search Domain Scan URL

URL: https://www.trusted-introducer.org/directory/teams/cert-gib.html
Title: An accredited member of Trusted Introducer (Services for Security and Incident Response Teams)

Search URL Search Domain Scan URL

URL: https://www.oic-cert.org/en/commercialmembers.html#.X8dG3WgzY2w
Title: A member of OIC-CERT (Organisation of The Islamic Cooperation — Computer Emergency Response Teams)

Search URL Search Domain Scan URL

URL: https://apwg.org/group-ib-enhances-data-exchange-operations-by-joining-anti-phishing-working-group/
Title: A member of APWG international coalition (Anti-Phishing Working Group)

Search URL Search Domain Scan URL

URL: https://www.ngnintl.com/news/ngn-group-ib-launch-security-operation-centre
Title: first 24/7 Security Operations Center (SOC) in Bahrain

Search URL Search Domain Scan URL

URL: https://tf-csirt.org/tf-csirt/meetings/62nd/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB_GIB/status/1319192245250236416
Title: Learn more

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB_GIB/status/1327204447114715139
Title: Learn more

Search URL Search Domain Scan URL

URL: https://t.me/groupibhq

Search URL Search Domain Scan URL

URL: https://instagram.com/groupibhq

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://group-ib.com/cert.html HTTP 301
https://group-ib.com/cert.html Page URL
https://group-ib.com/cert.html HTTP 301
https://www.group-ib.com/cert.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://group-ib.com/cert.html HTTP 301
https://group-ib.com/cert.html

Request Chain 70

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1677763680680%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fcert.html%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQKqx2n54hlJngAAAYaighy211ktY2k0mwTIUgv-XMOffbUOYRuZliTitE80DfQKkXTY63fK

Request Chain 93

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=YKQAZL20L-Xamwee2rKIDQ&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDU3FvMDdXSVhvZzY3RzdtdUxUdEpKRDNiblVJeHNMM09odWR2bmRQVVVrcEFNb2YxV2RjNm9EUQ HTTP 302
https://www.google.com/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDU3FvMDdXSVhvZzY3RzdtdUxUdEpKRDNiblVJeHNMM09odWR2bmRQVVVrcEFNb2YxV2RjNm9EUQ&is_vtc=1&ocp_id=YKQAZL20L-Xamwee2rKIDQ&cid=CAQSKQDUE5ymUWjBp7_5E7SRvC3UA_liER3ali9qGjRBiupn8gHpWyeeffnZ&random=1836161660 HTTP 302
https://www.google.de/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDU3FvMDdXSVhvZzY3RzdtdUxUdEpKRDNiblVJeHNMM09odWR2bmRQVVVrcEFNb2YxV2RjNm9EUQ&is_vtc=1&ocp_id=YKQAZL20L-Xamwee2rKIDQ&cid=CAQSKQDUE5ymUWjBp7_5E7SRvC3UA_liER3ali9qGjRBiupn8gHpWyeeffnZ&random=1836161660&ipr=y&prhg=0

Request Chain 97

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=YaQAZJO6BYmfmLAP-OSmIA&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDM2h5eDhPUTczUVhUckZ5RGdmemtkdDc1RHhOQTl0YWJEXzFzSThncDVPUWd2VG9TTXJCaVo5Zw HTTP 302
https://www.google.com/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDM2h5eDhPUTczUVhUckZ5RGdmemtkdDc1RHhOQTl0YWJEXzFzSThncDVPUWd2VG9TTXJCaVo5Zw&is_vtc=1&ocp_id=YaQAZJO6BYmfmLAP-OSmIA&cid=CAQSKQDUE5ym2RTVvg2XBnsi2n1jGoCXuyeD1ygkZA8U4yD4GDArbRlaCvgZ&random=374817000 HTTP 302
https://www.google.de/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDM2h5eDhPUTczUVhUckZ5RGdmemtkdDc1RHhOQTl0YWJEXzFzSThncDVPUWd2VG9TTXJCaVo5Zw&is_vtc=1&ocp_id=YaQAZJO6BYmfmLAP-OSmIA&cid=CAQSKQDUE5ym2RTVvg2XBnsi2n1jGoCXuyeD1ygkZA8U4yD4GDArbRlaCvgZ&random=374817000&ipr=y&prhg=0

99 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

cert.html Show response
group-ib.com/
Redirect Chain

http://group-ib.com/cert.html
https://group-ib.com/cert.html

7 KB
7 KB

55ms
8ms

Document
text/html

3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://group-ib.com/cert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-type: text/html
date: Thu, 02 Mar 2023 13:27:57 GMT

Redirect headers

Content-Length: 66
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Mar 2023 13:27:57 GMT
Location: https://group-ib.com:/cert.html

GET
H2 200 bt-autoinject.js Show response
fhp-aws-antibot-back.group-ib.com/d/ 348 KB
146 KB 136ms
38ms Script
text/javascript 3.72.191.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by: Host: group-ib.com
URL: https://group-ib.com/cert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.191.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-191-153.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:27:57 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 1
server: istio-envoy
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8

GET
DATA 200
OK truncated
/ 487 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf3d79c7385b8b507296a3f373581e76f91e4f892ac3fb373fa8034e98ccf0fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b07df66d7e2b543b049f418d3425d91f216f904b641e9aa1e3e5be6fcb2a002b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
group-ib.com/api/fl/ 205 B
671 B 12ms
12ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 14bc794b93844df0e9a47adecd1f252e7cb59d0a1efdc5f90938784962cf73dc

Request headers

Referer: https://group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-cfids: -

Response headers

date: Thu, 02 Mar 2023 13:27:57 GMT
content-encoding: gzip
server: istio-envoy
etag: W/"zpjZqla15gIVKv4DTOg7v8BLyZnWsgDCqCjDW5meFT5g6jAachSuPDn69A65AIY98hVxSXdY709Ypgm4SFYiTHDLJjLdAWl5zgZfTCDZT3UwNQeNWPncSw25KKohU2/x2xIRew+tmXO2VPt2fnegXQU7"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache
x-envoy-upstream-service-time: 1

POST
H2 200 fl Show response
group-ib.com/api/ 665 B
834 B 27ms
26ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=zpjZqla15gIVKv4DTOg7v8BLyZnWsgDCqCjDW5meFT5g6jAachSuPDn69A65AIY98hVxSXdY709Ypgm4SFYiTHDLJjLdAWl5zgZfTCDZT3UwNQeNWPncSw25KKohU2%2Fx2xIRew%2BtmXO2VPt2fnegXQU7
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 4dd0928e0ce5527d34bf69c0d1488cce35e4465553c838847e631afa854ec834

Request headers

Referer: https://group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 6

POST
H2 200 fl
group-ib.com/api/ 665 B
698 B 15ms
15ms Ping
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=Z6uV3zNpPbfV1Niwe3NyEp2Q%2Fzf2dGRhrJkg0DVWWCn8ulk3Xhxws3RJko0giJRO9tqiF%2B4cEUrZ%2BcZi378%2FIC0q3TjA1OGVNVHwYpFX4R2hbCDv8R3r65UjmSSpSHMK%2FLjAyHRc%2F2xlYmqO2aOdKwXIY56JxpR4evuq
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3

GET
H2

200

Primary Request cert.html Show response
www.group-ib.com/
Redirect Chain

https://group-ib.com/cert.html
https://www.group-ib.com/cert.html

45 KB
11 KB

68ms
49ms

Document
text/html

3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/cert.html

Requested by

Host: group-ib.com
URL: https://group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

77d394a1dd590551f25748c1daceb7b5ebcb49d55ef7ec69dce4c4b33a5b4161

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://group-ib.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://www.group-ib.com
cache-control: private, max-age=3600
content-encoding: gzip
content-length: 10830
content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Thu, 02 Mar 2023 13:27:59 GMT
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(), accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy: no-referrer strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

access-control-allow-origin: https://www.group-ib.com
cache-control: private, max-age=3600
content-length: 402
content-security-policy: frame-ancestors 'self';
content-type: text/html
date: Thu, 02 Mar 2023 13:27:59 GMT
location: https://www.group-ib.com/cert.html
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

GET
H2 200 bt-autoinject.js Show response
fhp-aws-antibot-back.group-ib.com/d/ 348 KB
146 KB 53ms
47ms Script
text/javascript 3.72.191.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.191.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-191-153.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 6
server: istio-envoy
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8

GET
H2 200 hubspot-form-0d3ea2cd.css
www.group-ib.com/hubspot-form/ 4 KB
4 KB 45ms
38ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/hubspot-form/hubspot-form-0d3ea2cd.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 3831
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Sun, 22 May 2022 18:42:44 GMT
server: nginx
etag: "628a8424-ef7"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: text/css
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 main_26755_2be51925_563_1764.js Show response
www.group-ib.com/build/ 297 KB
298 KB 209ms
203ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/build/main_26755_2be51925_563_1764.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 304595
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 25 May 2022 09:25:21 GMT
server: nginx
etag: "628df601-4a5d3"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
access-control-allow-origin: https://www.group-ib.com
cache-control: private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 130 KB
51 KB 135ms
52ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-392399615

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4dd90918a89ad1d7c33d2bd92deb0168640409971818254530c2c7c993b4fd42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51371
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Mar 2023 13:27:59 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
894 B 139ms
47ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@400;500&display=swap

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1a76ecbcbefc0b357ce381eba61f68a4d2c8c5297ec27ec3380ed03edbe5744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 12:20:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Mar 2023 13:27:59 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
535 B 147ms
55ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Prata&display=swap

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96c4e58e8a03bbdefeb244e74873ce152349cdb30b308628dd7c3e2d7c7e118a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 13:27:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Mar 2023 13:27:59 GMT

GET
H2 200 types-new-38330f89.css
www.group-ib.com/stylesheets/ 462 KB
462 KB 49ms
45ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/stylesheets/types-new-38330f89.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 472773
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 06 May 2021 06:58:10 GMT
server: nginx
etag: "60939382-736c5"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: text/css
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 all-508e897e.css
www.group-ib.com/stylesheets/ 1 MB
1 MB 56ms
52ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/stylesheets/all-508e897e.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 1516216
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Mon, 17 Oct 2022 07:53:19 GMT
server: nginx
etag: "634d09ef-1722b8"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: text/css
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 jquery-96f076a3.js Show response
www.group-ib.com/javascripts/ 85 KB
85 KB 63ms
60ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/javascripts/jquery-96f076a3.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 87307
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 18 Mar 2021 09:02:08 GMT
server: nginx
etag: "60531710-1550b"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: application/javascript
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 all-2bd8fcd3.js Show response
www.group-ib.com/javascripts/ 199 KB
199 KB 43ms
42ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/javascripts/all-2bd8fcd3.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 203894
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 04 Aug 2021 14:28:19 GMT
server: nginx
etag: "610aa403-31c76"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: application/javascript
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 first@2x.png
www.group-ib.com/images/cert-partners/ 5 KB
6 KB 60ms
58ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/first@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 5432
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-1538"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 ti@2x.png
www.group-ib.com/images/cert-partners/ 5 KB
5 KB 66ms
64ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/ti@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 5019
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-139b"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 impact@2x.png
www.group-ib.com/images/cert-partners/ 4 KB
4 KB 61ms
59ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/impact@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 3867
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-f1b"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 oic@2x.png
www.group-ib.com/images/cert-partners/ 12 KB
13 KB 60ms
59ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/oic@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 12648
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-3168"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 azb-w@2x.png
www.group-ib.com/images/cert-partners/ 18 KB
18 KB 63ms
62ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/azb-w@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 18668
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-48ec"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 onc@2x.png
www.group-ib.com/images/cert-partners/ 39 KB
39 KB 72ms
72ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/onc@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 40133
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-9cc5"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 apwg@2x.png
www.group-ib.com/images/cert-partners/ 11 KB
11 KB 62ms
60ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/cert-partners/apwg@2x.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 11163
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-2b9b"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 award-2021_gold.png
www.group-ib.com/images/certificates/ 11 KB
11 KB 57ms
56ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/certificates/award-2021_gold.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 10858
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 12 May 2021 18:13:10 GMT
server: nginx
etag: "609c1ab6-2a6a"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 v2.js Show response
js-eu1.hsforms.net/forms/ 509 KB
159 KB 118ms
36ms Script
application/javascript 172.65.255.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsforms.net/forms/v2.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0123eded788d31af982c69073accde95512f79937578813e722c1bf4abbed27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-encoding: br
age: 529
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=forms-embed/static-1.2759/bundles/project-v2.js&cfRay=7a19ee0b6aed360b-FRA, 7a19ee0b6aed360b-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"869bc78fe9fd236cb063fe2745027fbe"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.2759/bundles/project-v2.js
date: Thu, 02 Mar 2023 13:27:59 GMT
x-amz-version-id: fHf4ZmN_s8uqGdt86M.bqjroQdn5TwKN
via: 1.1 e44e0b24e706487eaec6b9e01f2166dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: a88ef88e-e979-4aca-81a2-4edeb8935973
last-modified: Wed, 01 Mar 2023 12:15:21 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBbqcOkafZSpDwq0M5LO%2FKyJXbCm%2FRnwK0QRooeeFETuesYJaCp1XmX4j%2BlXUea9bdbHQSbdwUfY7JlE2Gaqu4wrusTvXfc1%2Bk6jf2Vta9gj4jB1NB%2BAKIKwh%2BmmqaRq5h8J%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-7cb8fdd96d-l2khs
cf-ray: 7a19faf55baf372e-FRA
x-amz-cf-id: L4uNAc4Q-jUx-v1y4uqW9II4YWb2FS5zGL4lvvaDzF8LjUAOU7Gluw==

GET
DATA 200
OK truncated
/ 487 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eca2de0a1fe2feb1bc1acf2d647bca1c90b7583b1c273c061adae5af917b4175

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d86dea9a74767347deb9574da31e8976b921dd94104b527a5b83a070c17855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 217 B
712 B 13ms
12ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: fe2eccc7e6d3b8befa552b02ffb5289dcedb62317619e78e7e461b9d38032561

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: Yxgx2999d23b4805753050136f45861a58da1f35
x-cfids: Z6uV3zNpPbfV1Niwe3NyEp2Q/zf2dGRhrJkg0DVWWCn8ulk3Xhxws3RJko0giJRO9tqiF+4cEUrZ+cZi378/IC0q3TjA1OGVNVHwYpFX4R2hbCDv8R3r65UjmSSpSHMK/LjAyHRc/2xlYmqO2aOdKwXIY56JxpR4evuq

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: gzip
server: istio-envoy
etag: W/"FzD7DKR8kv6e9UXpcvvzmmaluGCA/edmuNqlWdLpe1IHmBpX4mlf8ZGipguZVm2JdBWUdO8NANEZlrXs8/ErioTEUVN5jK2xCqxEAR1cWRQUBIaaLAAdvEvXeAQzhhtb6rfdy2HSBZOnz+VvQLIcGQpY3Vu6W+PKzpen"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache
x-envoy-upstream-service-time: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 261 KB
85 KB 105ms
104ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

62caa3fd7290535a51c28be4fe200d1b8afa8130beeb84a6c788638261c67155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:27:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86527
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Mar 2023 13:27:59 GMT

GET
H2 200 sdk.js Show response
www.group-ib.com/javascripts/ 3 KB
3 KB 56ms
56ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/javascripts/sdk.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

28aabea3885481e4a5fe0c4031bbea2e9ab1d4cca1adeac5ccde868d49ec0019

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 3093
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 01 Mar 2023 22:10:01 GMT
server: nginx
etag: "63ffcd39-c15"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: application/javascript
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
H2 200 icons.svg
www.group-ib.com/images/ 440 KB
440 KB 59ms
59ms Other
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/images/icons.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 450279
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Mon, 06 Feb 2023 09:02:09 GMT
server: nginx
etag: "63e0c211-6dee7"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 logo-new.svg
www.group-ib.com/images/ 2 KB
2 KB 56ms
56ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/logo-new.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 2432
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 02 Dec 2021 07:15:15 GMT
server: nginx
etag: "61a87283-980"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
DATA 200
OK truncated
/ 75 KB
75 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc

Request headers

Referer
Origin: https://www.group-ib.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 75 KB
75 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547

Request headers

Referer
Origin: https://www.group-ib.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 485 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd4c5b3ba4abfc7fe4ffdc1399b7cb4fc632be7dd50d344d710ff7273f35134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed4599278417c21848d395b9f8a0db89313c120b87a90706d5c4e7f424c338da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main-cover67.jpg
www.group-ib.com/images/covers/ 58 KB
58 KB 42ms
41ms Image
image/jpeg 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/covers/main-cover67.jpg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:27:59 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 59118
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:53 GMT
server: nginx
etag: "6051a12d-e6ee"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/jpeg
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:27:59 GMT

GET
DATA 200
OK truncated
/ 75 KB
75 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1

Request headers

Referer
Origin: https://www.group-ib.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 217 B
724 B 20ms
20ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 14c215f713ee81fce0116a60512864fdfdb71a954f1280a0ff45930b8d80cd54

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==, ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: I9jw0113715ea9cec5180356fdce69b65bd59a56, D9Sb8ec151f1416e4396abdd440dd329520f384f
x-cfids: FzD7DKR8kv6e9UXpcvvzmmaluGCA/edmuNqlWdLpe1IHmBpX4mlf8ZGipguZVm2JdBWUdO8NANEZlrXs8/ErioTEUVN5jK2xCqxEAR1cWRQUBIaaLAAdvEvXeAQzhhtb6rfdy2HSBZOnz+VvQLIcGQpY3Vu6W+PKzpen

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
server: istio-envoy
etag: W/"h11typfO9ryQsdJPXnpiJV7pdGrJM3CQuExBu8DabU6mjIyahpHAgI9DglDLRIpKLBFFBWQiXJf+GjbLBXcvmCBKNlfYFyprJ/O0fOZlQNOI6xHGn6lNeOyf93Vz3gYTUWwL1fFedemkQvkWN8Mo6kPmtq46+StyLzak"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache
x-envoy-upstream-service-time: 0

GET
H2 404 idgib-w-group-ib Show response
www.group-ib.com/api/fl/ 0
18 B 12ms
12ms XHR
text/plain 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-group-ib
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==, ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 0Aza91d8fc92bccf68ae75ed2599f9134cfa0c42, u9yZ184c592c80ca7d899566bf81fb816eb8639e
x-cfids: -

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
content-length: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/ru_RU/ 302 KB
86 KB 40ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ru_RU/sdk.js?hash=118d9dcb5e21ba0d88956e18eb06fc69&ua=modern_es6

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7061e8c6ca7c7b9eb635d5bc9154ade9f524ed694c9b4834f3404b2af189c610

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.group-ib.com/
Origin: https://www.group-ib.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 02 Mar 2023 13:28:00 GMT
content-md5: Bw3o7i0N0y8HGR91HbZy9w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87309
x-fb-rlafr: 0
x-fb-debug: irBk/0vLyQPICd2nvONQIPTdVjKBIoCa7UEn8wyHwP9sC/D/aDxgcDOeoeQypACAir2Jc0fthnGv+gNODai0cw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: cd356d1520e034e0f361b4dfe5b72e6a
cross-origin-opener-policy: same-origin-allow-popups
etag: "7235fa370c560a64ee596ad1807c65a8"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 01 Mar 2024 09:35:21 GMT

GET
H2 200 forms2.min.js Show response
app-lon09.marketo.com/js/forms2/js/ 208 KB
69 KB 163ms
20ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
age: 5097
etag: "d20ea5-33e51-5f217594de500"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7a19faf9882d691b-FRA
expires: Thu, 02 Mar 2023 17:28:00 GMT

GET
DATA 200
OK truncated
/ 412 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 206 cert-video.mp4
www.group-ib.com/video/ 6 MB
6 MB 43ms
43ms Media
video/mp4 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/video/cert-video.mp4

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.group-ib.com/cert.html
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Range: bytes=0-

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:28:00 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
Content-Range: bytes 0-6019493/6019494
Content-Length: 6019494
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:56 GMT
server: nginx
etag: "6051a130-5bd9a6"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: video/mp4
access-control-allow-origin: https://www.group-ib.com
cache-control: private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/ 68 KB
26 KB 158ms
60ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.2759&X-HubSpot-Static-App-Info=forms-embed-1.2759

Requested by

Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc969b746c92fcc512af98020d7a4ab80b866675702b048eb3bb65a1131c25b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Origin-Hublet: eu1
Date: Thu, 02 Mar 2023 13:28:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: br
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 28644d47-e7b8-4799-a9e6-7aaaa4b913d4
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Server: cloudflare
X-Trace: 2BA7A57ECDACC0285FDEFCC15D8A2CFBD2E2F57B85000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.group-ib.com
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 7a19faf9e95e39ca-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/ 3 KB
2 KB 392ms
60ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/?random=1677763680222&cv=11&fst=1677763680222&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34acb52523542361b9a954f7a3ff392e7995229c74c7e240f9aeb59f664c0aa2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1239
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 131 KB
51 KB 51ms
50ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

acac29336d6f4876003739fc85c9a89f41042b1d162eeb726254899ea4e12a01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51695
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Mar 2023 13:28:00 GMT

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
10 KB 103ms
31ms Script
application/javascript 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: group-ib.com
URL: https://group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-113-114.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Feb 2023 18:18:39 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63e538ff-820b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10438
expires: Thu, 02 Mar 2023 13:28:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 71ms
6ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230123-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 41ms
7ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=16079
accept-ranges: bytes
content-length: 4777

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
27 KB 19ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: group-ib.com
URL: https://group-ib.com/cert.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 02 Mar 2023 13:28:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 7jkg/F7tVdqrMmg+VtGdEWdvzzFtXJLBGeYAvPkrzx6ovy0aQifLAF3LHcLg9/NBurikuFcKfT9R9BuTD+LJIQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 NeverBounce.js Show response
cdn.neverbounce.com/widget/dist/ 96 KB
29 KB 61ms
7ms Script
application/javascript 13.32.99.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-57.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 03:09:56 GMT
content-encoding: gzip
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
last-modified: Mon, 02 Mar 2020 18:37:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 37089
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: h3gOlR-0JtCz1zPFFPPq9vS3OQukdDPXbgZJQJvLtQM_4mhzL8DHuQ==

GET
H2 200 63e267f61a03d71ea3df5fe7 Show response
ws.zoominfo.com/pixel/ 2 KB
2 KB 200ms
147ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7

Requested by

Host: group-ib.com
URL: https://group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

41415cb6a79f3b7919cae909040d71437f47845bd5c0f260519b817b37c77f0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/cert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7a19fafaba1b2c5b-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
83 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b8ebf6420bc19a4e916761eff41be78ee38efd82fb18a51fd83f9ac0c6ae788e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85158
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Mar 2023 13:28:00 GMT

GET
H2 403 admin-ajax.php Show response
www.group-ib.com/media/wp-admin/ 796 B
381 B 53ms
53ms XHR
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert

Requested by

Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==, ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 4knkd505e26ecb8999581a7800263ebccd5dd8cc, IN4N6e11e5bc64777b291a85448a1b6abbdb5354

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-content-type-options: nosniff
x-frame-options: sameorigin
content-type: text/html
access-control-allow-origin: https://www.group-ib.com
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
content-length: 334
x-xss-protection: 1; mode=block

POST
H2 200 fl Show response
www.group-ib.com/api/ 45 B
141 B 41ms
40ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=d5fb122505&mv=2&cfidsgib-w-group-ib=
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==, ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 0e4h78bb86418861c046e068af5b04359a2a4926, VeQOc794c5f34fae31493bd0f0fb65c88dcef92e
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

GET
H/1.1 200
OK id.html Show response
ru.id.group-ib.com/ Frame 4DC7 524 B
1 KB 147ms
39ms Document
text/html 185.17.9.184
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://ru.id.group-ib.com/id.html
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/build/main_26755_2be51925_563_1764.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.17.9.184 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software: nginx /
Resource Hash: ad7387a232876a2aef693100f211bffb0a6e8458a763421fce605d0260ffb0b3

Request headers

Referer: https://www.group-ib.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Mar 2023 13:28:00 GMT
Server: nginx
Transfer-Encoding: chunked
cache-control: no-cache
content-encoding: gzip
etag: W/"PY5q6YUTVR-usWjb27Q0lOWCIUBagzH7DysIT72VSa3HC4Mnq7ZRvQT6P1iaGZFuVKW3rGa36aRZZDICI7dejfhc+s-73ZQk9ejA+ZOn45-nWSy0QcvbuWusOz2c"
vary: Accept-Encoding
x-envoy-upstream-service-time: 0

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
667 B 146ms
128ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 02 Mar 2023 13:28:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 474ebee0-65ef-4b11-b3b6-b985a82b6761
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
Server: cloudflare
X-Trace: 2BECDE36B5BE43942444CBAB05F481317C793A81BA000000000000000000
Vary: origin
Content-Type: image/gif
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7a19fafb3ab737ce-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 49ms
14ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 02 Mar 2023 12:43:15 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2685
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 02 Mar 2023 14:43:15 GMT

GET
H2 200 arrow_white-right.png
www.group-ib.com/images/arrows/ 1 KB
1 KB 37ms
36ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/images/arrows/arrow_white-right.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date: Thu, 02 Mar 2023 13:28:00 GMT
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-dns-prefetch-control: off
content-length: 1113
x-xss-protection: 1; mode=block, 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 17 Mar 2021 06:26:52 GMT
server: nginx
etag: "6051a12c-459"
x-download-options: noopen
x-frame-options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=604800, private, max-age=3600
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 09 Mar 2023 13:28:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/ 3 KB
1 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=1677763680597&cv=11&fst=1677763680597&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84c9d99a554d86940bd8d70fc13d696dc014f5305672d6a87332b887c7378c30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/863262324/ 3 KB
2 KB 211ms
73ms Script
text/javascript 142.251.208.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/863262324/?random=1677763680609&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s41-in-f2.1e100.net

Software

cafe /

Resource Hash

ddc405fa970f9643a6c551b827bc595190f3fc089f2839f2b4b30b1792b4f96a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1580
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
667 B 348ms
32ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 02 Mar 2023 13:28:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 7f9dfe43-d876-448f-bdc3-34e41f0da6f8
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
Server: cloudflare
X-Trace: 2B07C204E586733DE8577BE26CC98BB2BE4F7085B0000000000000000000
Vary: origin
Content-Type: image/gif
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7a19fafdeda23814-FRA

GET
H3 200 649324202964935 Show response
connect.facebook.net/signals/config/ 380 KB
108 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649324202964935?v=2.9.97&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5c383c66beae35484e29311a9e17e2be6dc409c6fcf365e5cf9b11df2e6fe336

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 02 Mar 2023 13:28:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110789
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: s5TqUdBy2D7laXUexosMtrmCh0Np6CgJEQdNAgIsrYyQ0Z0nBbfEpdr5DIZdUB22r8rax4rGkKqyF1eSCvqq8w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/ 36 B
377 B 32ms
12ms XHR
application/json 2600:9000:225e:bc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/token
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:bc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.group-ib.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 12:07:24 GMT
content-encoding: gzip
via: 1.1 21369bf2bfeb79adaa5bef1cb96f8540.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 4836
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=15857
x-amz-cf-id: 8XsHPBBhzBs-4YieTguT4r3PDXLdQoOT6w83RR50ZseyWJ5Tvk7PtA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1677763680680%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fc...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQKqx2n54hlJngAAAYaighy211ktY2k0mwTIUgv-XMO...

0
480 B

184ms
150ms

Image
application/javascript

13.107.42.14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQKqx2n54hlJngAAAYaighy211ktY2k0mwTIUgv-XMOffbUOYRuZliTitE80DfQKkXTY63fK
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol: H2
Server: 13.107.42.14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 8F71F06CCDCB4356B38D449F27941DAE Ref B: FRAEDGE1317 Ref C: 2023-03-02T13:28:01Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-ltx1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX16sxC2NhS501tvB14Dw==

Redirect headers

date: Thu, 02 Mar 2023 13:28:01 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 22489D65314543F2A5E4072372D6A798 Ref B: FRAEDGE1511 Ref C: 2023-03-02T13:28:01Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677763680680&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQKqx2n54hlJngAAAYaighy211ktY2k0mwTIUgv-XMOffbUOYRuZliTitE80DfQKkXTY63fK
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX16sxACmk99vM7vecj5g==

GET
H2 200 adsct
t.co/i/ 43 B
375 B 155ms
124ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=625a27ea-1da3-4772-a7af-3d6c41706b99&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d10b3970-69b6-4ca9-9604-a56bda5441e3&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-response-time: 117
date: Thu, 02 Mar 2023 13:28:00 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 1b64e0dd26ccaa0d
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 71f0881dda16616f4140b1efd06828f3c2c9f31cb63abbca42f07cb9e686d4cf
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
396 B 147ms
117ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=625a27ea-1da3-4772-a7af-3d6c41706b99&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d10b3970-69b6-4ca9-9604-a56bda5441e3&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-response-time: 110
date: Thu, 02 Mar 2023 13:28:00 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 95bf4bd3ae7cb483
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: bf79edf6259bb2f72fa851822b36fbc66badd96deee225bb99cb8fd3359fb133
content-length: 43

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
283 B 469ms
130ms Script
application/javascript 52.3.31.211

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_169577

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.3.31.211 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

723598c084fa197bd62fefa574250fd5b43b02fead89fa18171ba6fdce1a6299

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private
x-ua-compatible: IE=Edge

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
822 B 85ms
16ms XHR
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Mar 2023 13:28:00 GMT
AN-X-Request-Uuid: 7da4e6dc-7fb4-498e-ba0e-44630dcd4034
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.group-ib.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.187; 185.213.155.187; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
203 B 93ms
29ms XHR
text/html 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-113-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.group-ib.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
313 B 91ms
20ms XHR
text/html 2a02:26f0:11a:3a2::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:3a2::1c91 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 50188cba606965d44a4ee00eeb1e29a5b582c06a3e065dffbd0b29391d5a7497

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:6:f011::6e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466045_1600460636_1563309339_13_631_16_0";dur=1
content-length: 20
expires: Thu, 02 Mar 2023 13:28:00 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bd7a28fc82ef1a7f18153f908af5d1da9171b90d1b642e1877afa0b9145060a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70298
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Mar 2023 13:28:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
246 B 82ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je32r0&_p=1092664085&_gaz=1&cid=466556684.1677763681&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1677763680&sct=1&seg=0&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dr=https%3A%2F%2Fgroup-ib.com%2F&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 61ms
18ms Ping
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=466556684.1677763681&gtm=45je32r0&aip=1
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 160ms
60ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=466556684.1677763681&gtm=45je32r0&aip=1&z=1891035988

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 fl Show response
www.group-ib.com/api/ 665 B
759 B 23ms
21ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=FzD7DKR8kv6e9UXpcvvzmmaluGCA%2FedmuNqlWdLpe1IHmBpX4mlf8ZGipguZVm2JdBWUdO8NANEZlrXs8%2FErioTEUVN5jK2xCqxEAR1cWRQUBIaaLAAdvEvXeAQzhhtb6rfdy2HSBZOnz%2BVvQLIcGQpY3Vu6W%2BPKzpen
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: c2e2289c49374b1a78591504a2469ae24573929991012904ec165ecbc5d82c7e

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==, ztAv8EBl9/wBLDgCg/4qd7e6W/7kbPFIw5I3IdNHLj+aFqLKiyQ6BpGCup6vn/XbDfuArL7dnMFiULfI7Y+qaJ83r05J/uDf7NqesVgQfIiNS+ZeWWN4CNioZJAvK7ibzK3PqRyqm1ascqyx2LE+MCCW+1Nt8BGaNSyyXv/5ekXCvhpjFojIfmgy3blv/HSdIez/WOvgQZdVFW+kp1vFtUkVOh5c+53n+JTb1sdFUwEyi/ghxc+hWmSMF314WA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: eFAu0eb7a0c606ccc701da4d44397f08b2fa2813, pu8i10140750d74adcd59474532a0538daf19e7e
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:28:00 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 20ms
18ms XHR
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-25492706-2&cid=466556684.1677763681&jid=1584414683&gjid=1374705809&_gid=1332600464.1677763681&_u=YCDAgEABAAAAAEAEK~&z=1063421281

Requested by

Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 02 Mar 2023 13:28:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 16ms
12ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1092664085&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dr=https%3A%2F%2Fgroup-ib.com%2F&ul=en-us&de=UTF-8&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgEABAAAAAAAEK~&jid=1584414683&gjid=1374705809&cid=466556684.1677763681&tid=UA-25492706-2&_gid=1332600464.1677763681&gtm=45He32r0n71PW7265&cg1=COM%3A%20CERT&cd1=466556684.1677763681&z=1987468123

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 00:20:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 47236
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 256ms
248ms Image
image/gif 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=e00f3292-637e-4d5b-88fc-d3d98522840f&session=9e836d6e-afe4-4ed8-8261-9a512d3da72d&event=play&q=%7B%22event_id%22%3A%22%22%2C%22event_value%22%3A%22https%3A%2F%2Fwww.group-ib.com%2Fvideo%2Fcert-video.mp4%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fgroup-ib.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=01c57685-5121-474f-8a18-c5a4aab6641a

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-113-114.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/392399615/ 42 B
108 B 186ms
83ms Image
image/gif 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/392399615/?random=1677763680222&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1127037072&rmt_tld=0&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/392399615/ 42 B
154 B 50ms
49ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/392399615/?random=1677763680222&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1127037072&rmt_tld=1&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 240ms
240ms Image
image/gif 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=e00f3292-637e-4d5b-88fc-d3d98522840f&session=9e836d6e-afe4-4ed8-8261-9a512d3da72d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2002%20Mar%202023%2013%3A28%3A00%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2013%3A28%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2013%3A28%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2013%3A28%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fgroup-ib.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=01c57685-5121-474f-8a18-c5a4aab6641a&an_uid=0

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-113-114.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 236ms
235ms Image
image/gif 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=e00f3292-637e-4d5b-88fc-d3d98522840f&session=9e836d6e-afe4-4ed8-8261-9a512d3da72d&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A6e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fgroup-ib.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=01c57685-5121-474f-8a18-c5a4aab6641a&an_uid=0

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-113-114.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 178ms
83ms Image
image/gif 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-25492706-2&cid=466556684.1677763681&jid=1584414683&_u=YCDAgEABAAAAAEAEK~&z=1297030471

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 63ms
62ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-25492706-2&cid=466556684.1677763681&jid=1584414683&_u=YCDAgEABAAAAAEAEK~&z=1297030471

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/863262324/ 42 B
455 B 167ms
82ms Image
image/gif 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/863262324/?random=1677763680597&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3554160931&rmt_tld=0&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/863262324/ 42 B
108 B 64ms
59ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/863262324/?random=1677763680597&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3554160931&rmt_tld=1&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/863262324/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPS...
https://www.google.com/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googlead...
https://www.google.de/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleads...

42 B
108 B

151ms
150ms

Image
image/gif

2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDU3FvMDdXSVhvZzY3RzdtdUxUdEpKRDNiblVJeHNMM09odWR2bmRQVVVrcEFNb2YxV2RjNm9EUQ&is_vtc=1&ocp_id=YKQAZL20L-Xamwee2rKIDQ&cid=CAQSKQDUE5ymUWjBp7_5E7SRvC3UA_liER3ali9qGjRBiupn8gHpWyeeffnZ&random=1836161660&ipr=y&prhg=0

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/863262324/?random=945929535&cv=11&fst=1677763680609&bg=ffffff&guid=ON&async=1&gtm=45be3310h2&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDU3FvMDdXSVhvZzY3RzdtdUxUdEpKRDNiblVJeHNMM09odWR2bmRQVVVrcEFNb2YxV2RjNm9EUQ&is_vtc=1&ocp_id=YKQAZL20L-Xamwee2rKIDQ&cid=CAQSKQDUE5ymUWjBp7_5E7SRvC3UA_liER3ali9qGjRBiupn8gHpWyeeffnZ&random=1836161660&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/10865976765/ 3 KB
2 KB 74ms
73ms Script
text/javascript 142.251.208.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10865976765/?random=1677763681050&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s41-in-f2.1e100.net

Software

cafe /

Resource Hash

cc3993a2a0eb28a3b871c5f607c5b02cb0f14f255246bc074b06870fb4938e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1578
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 26ms
7ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&rl=https%3A%2F%2Fgroup-ib.com%2F&if=false&ts=1677763681103&sw=1600&sh=1200&v=2.9.97&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1677763681102.633824670&it=1677763680676&coo=false&exp=c0&rqm=GET

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 02 Mar 2023 13:28:01 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 fl Show response
www.group-ib.com/api/ 665 B
817 B 27ms
27ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=h11typfO9ryQsdJPXnpiJV7pdGrJM3CQuExBu8DabU6mjIyahpHAgI9DglDLRIpKLBFFBWQiXJf%2BGjbLBXcvmCBKNlfYFyprJ%2FO0fOZlQNOI6xHGn6lNeOyf93Vz3gYTUWwL1fFedemkQvkWN8Mo6kPmtq46%2BStyLzak
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 9021b098136adfe3b0c516eb7858c250e42d36bf5bed355934f021a5d181e937

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: XQRpavNqEJkHab5c3gsnIjLoc2fWB5df8SpMe6IkSzTE0XnVCXzyMxVc451Ql+fYr9SXwdBZx3crc9+Su2CGGBqS+JTQg66zfatkALOWuQ4VqvrqOSx55zQGLNRS2g11wpJ/sDzvImFAqu1qdcgy9TGTKBhluDh2jJq3dklnCuF2+kjj7EDEnztphIvo/EBYZn9YnpFdpAwG/dTiCKGb+jzTceznTRny8Z8XYvGpLtOMSDma18QUPSNDSpfq0Q==, XQRpavNqEJkHab5c3gsnIjLoc2fWB5df8SpMe6IkSzTE0XnVCXzyMxVc451Ql+fYr9SXwdBZx3crc9+Su2CGGBqS+JTQg66zfatkALOWuQ4VqvrqOSx55zQGLNRS2g11wpJ/sDzvImFAqu1qdcgy9TGTKBhluDh2jJq3dklnCuF2+kjj7EDEnztphIvo/EBYZn9YnpFdpAwG/dTiCKGb+jzTceznTRny8Z8XYvGpLtOMSDma18QUPSNDSpfq0Q==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: oYR77adfb8dfc627e91d66724b882529e66d2f8a, REVx1e142946032674772bd9d9f237a1464323e9
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2

GET
H2

200

/
www.google.de/pagead/1p-conversion/10865976765/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3...
https://www.google.com/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googlead...
https://www.google.de/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleads...

42 B
108 B

90ms
90ms

Image
image/gif

2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDM2h5eDhPUTczUVhUckZ5RGdmemtkdDc1RHhOQTl0YWJEXzFzSThncDVPUWd2VG9TTXJCaVo5Zw&is_vtc=1&ocp_id=YaQAZJO6BYmfmLAP-OSmIA&cid=CAQSKQDUE5ym2RTVvg2XBnsi2n1jGoCXuyeD1ygkZA8U4yD4GDArbRlaCvgZ&random=374817000&ipr=y&prhg=0

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10865976765/?random=159650967&cv=11&fst=1677763681050&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVlBcVZVdjhhOGFZNkhiUTItU0ZSV1g2eXBLdHVBdVQ1cVZOeHdxTWc3RW5WaWtieHhKZncaWkNoRUlnSy1Cb0FZUW4tVHd4Sl8tNTlfN0FSSXVBQTFJTlZDM2h5eDhPUTczUVhUckZ5RGdmemtkdDc1RHhOQTl0YWJEXzFzSThncDVPUWd2VG9TTXJCaVo5Zw&is_vtc=1&ocp_id=YaQAZJO6BYmfmLAP-OSmIA&cid=CAQSKQDUE5ym2RTVvg2XBnsi2n1jGoCXuyeD1ygkZA8U4yD4GDArbRlaCvgZ&random=374817000&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/ 3 KB
1 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1677763681641&cv=11&fst=1677763681641&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dform_start&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6190c20f2fc85a775d635809b2cd1440327c157e4278c0f3e1bdd4e1011aedf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1241
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/ 3 KB
1 KB 117ms
116ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1677763681653&cv=11&fst=1677763681653&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=1246256694.1677763680&uamb=0&uaw=0&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daff0dc5c932f4cadd71ce425f756ea920c17dafc45e9df03574101df5c70341

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1243
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame A9A8 0
50 B 7ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.group-ib.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 02 Mar 2023 13:28:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 204 10865976765
google.com/ccm/form-data/ 0
255 B 237ms
67ms Ping
text/plain 2a00:1450:400d:802::200e

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=1246256694.1677763680&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk&ecsid=933208944.1677763682
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::200e -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 10865976765
google.com/pagead/form-data/ 0
0 237ms
69ms Ping
text/html 2a00:1450:400d:802::200e

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/pagead/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=1246256694.1677763680&ec_mode=a&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

POST
H2 204 10865976765
google.com/ccm/form-data/ 0
54 B 254ms
88ms Ping
text/plain 2a00:1450:400d:802::200e

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=1246256694.1677763680&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk&ecsid=933208944.1677763682
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:802::200e -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 211ms
211ms Image
image/gif 104.64.113.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-113-114.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10865976765/ 42 B
64 B 48ms
47ms Image
image/gif 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10865976765/?random=1677763681641&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_start&fmt=3&is_vtc=1&random=1569500831&rmt_tld=0&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10865976765/ 42 B
64 B 46ms
46ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10865976765/?random=1677763681641&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_start&fmt=3&is_vtc=1&random=1569500831&rmt_tld=1&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10865976765/ 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:4001:808::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10865976765/?random=1677763681653&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_submit&fmt=3&is_vtc=1&random=874398607&rmt_tld=0&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/10865976765/ 42 B
64 B 47ms
46ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10865976765/?random=1677763681653&cv=11&fst=1677762000000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fgroup-ib.com%2F&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_submit&fmt=3&is_vtc=1&random=874398607&rmt_tld=1&ipr=y

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Mar 2023 13:28:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 fl Show response
www.group-ib.com/api/ 665 B
703 B 16ms
15ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=lQ9jKy68GuHj3hBLq9x4LCMVIsmJKL7d8u7eEA6ysp8UhjaIFkiLEkABA9BqD3pC0NIcIgdpirD4tN8lLji0laRPygdZhLZeQ8UHWf2s8SBvC0KlGjTFshqkoCWMLsforhnjG8EztHaOwK7I%2Bcc3dWPJWENiGQb8fZgC
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 55e788d197effcb353fae13408d650de8906b9ed03ebf5fa4f75f44197099f8e

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: n5O3D4nB6bFVd9X7R8koQEUdOJdWGe0hUipC95sY5L/146mC2udiG34MqfJmY+RLLPZnpWnCkX3z8yq/Jpjf3dB8f8GIgAwfyzdERHTLgPWeJ7GdfYASTgDRDRt+zGIkcBXLzuu04fFP+KmcKGjRQV9xj4yczEI4AlVhMZY5YGxixOdZt9yYgKsFGxsLmE37nhr8ZlDtO/b+ravty1bQ6NN133ldT9Cad8XzfdeW3Xqche4fNP8H4HxYQDrY9g==, n5O3D4nB6bFVd9X7R8koQEUdOJdWGe0hUipC95sY5L/146mC2udiG34MqfJmY+RLLPZnpWnCkX3z8yq/Jpjf3dB8f8GIgAwfyzdERHTLgPWeJ7GdfYASTgDRDRt+zGIkcBXLzuu04fFP+KmcKGjRQV9xj4yczEI4AlVhMZY5YGxixOdZt9yYgKsFGxsLmE37nhr8ZlDtO/b+ravty1bQ6NN133ldT9Cad8XzfdeW3Xqche4fNP8H4HxYQDrY9g==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 1ZPS5391017f519a773c8aa0f1506b9b86a91c07, nWhE909bc5dc550376d36aefc824e17682a2d196
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:28:01 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3

POST
H2 200 fl Show response
www.group-ib.com/api/ 665 B
798 B 15ms
15ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=SY2M07MCV2O4%2FNKgcxfOlVOtswglcusZjtcIl0mx6ZYnHlENO2ONuEbgl62WrBla2TcDLLY7bRAtFuIznbP0YvPdghUv2b7dT%2F8byCUsT%2FpDhjf8HPoCb3gub0SyzP2RjGyEOiJW6%2BM0Kf5KKbpaCSu4hj1i3Qiy9voG
Requested by: Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: ffafce1286e2eff44803b54b0ec27a839b70c8626547d6740d4663eddf356409

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: uRn2UH+yimOVif1DuhVpyjnZN7eQ0uatvmb6e8mXt44Zp5LZ49UC0/VOMXUQLwy0UnCtK7fJfIyVfs6OGOQsRyCG+rypUq4tZWHph4+gSIl3hn0WSUq0ys2RxjsvB1lGbeLr52MzYVbXAmWT9VUEPJltGgLjfkqLIqgeiyMMV1FWq40gru8QnrDYOgEp4Wn0QF/qm4kDIeSe2MYgpjqm5IzdbqGcF5T8FbF7S4zJ/wVUf/Jn54UcyctJEmYrhA==, uRn2UH+yimOVif1DuhVpyjnZN7eQ0uatvmb6e8mXt44Zp5LZ49UC0/VOMXUQLwy0UnCtK7fJfIyVfs6OGOQsRyCG+rypUq4tZWHph4+gSIl3hn0WSUq0ys2RxjsvB1lGbeLr52MzYVbXAmWT9VUEPJltGgLjfkqLIqgeiyMMV1FWq40gru8QnrDYOgEp4Wn0QF/qm4kDIeSe2MYgpjqm5IzdbqGcF5T8FbF7S4zJ/wVUf/Jn54UcyctJEmYrhA==
Referer: https://www.group-ib.com/cert.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: y89m8c6c776b2e1b9cc5c655990dbe78b4fee3f7, 8wj806ea5f7b2dabc0349fd6515a77c627cfade7
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Mar 2023 13:28:02 GMT
content-encoding: gzip
server: istio-envoy
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=e00f3292-637e-4d5b-88fc-d3d98522840f&session=9e836d6e-afe4-4ed8-8261-9a512d3da72d&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2002%20Mar%202023%2013%3A28%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2002%20Mar%202023%2013%3A28%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fgroup-ib.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=01c57685-5121-474f-8a18-c5a4aab6641a&an_uid=0

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
group-ib.com/	1970-01-20 10:02:43	Name: gssc213174 Value:
.group-ib.com/	1970-01-20 18:48:19	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
group-ib.com/	1970-01-20 18:48:19	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Ip/VNHe4MURzE8idrXCerHmXdvSWLeW8Gc8gpFumKuWDljffcxX60ukmbFokkQPT5zgvVvEBImZM4gbUKVFCQJbymRd/Z2GW33V9P0O2s3FZeWuHNeyYvl3ap/3DO5SCYwzydSv0gD3HQ/VviPZl5AYR2DjSd36UQViL
.app-lon09.marketo.com/	1970-01-20 10:02:45	Name: __cf_bm Value: 3Im6gSPXatDhcZZt2lukB.dJgg.dhnwldm_4z9A6uOE-1677763680-0-AYdWvyd+dB9buG9tOI2VEl/8lxCPME7Ib97BEVdqGkhJVAl/HwVKheyYj2A862hov2SFikqzJ29/g++7s7m/CUs=
.www.group-ib.com/	1970-01-20 18:48:19	Name: __zzatgib-w-group-ib Value: MDA0dBA=Fz2+aQ==
.group-ib.com/	1970-01-20 18:48:19	Name: __zzatgib-w-group-ib Value: MDA0dBA=Fz2+aQ==
.ws.zoominfo.com/	1970-01-20 18:48:19	Name: visitorId Value: c294777f5bae355a57e380c410e4fc4f63b731ac5138e6de37f3aa853e98aa3c
.zoominfo.com/	1970-01-20 10:02:45	Name: __cf_bm Value: hgQ67Y1FNwXvBtPhSX3xwAzaAUYb4dqQBKFfM7S3VJ0-1677763680-0-AcZSvPP0qdSZPmT90hmePzkeY86FDvLUep66lxnZIZc6QrvJozEiv/uE++ncfUIgSIK/wGwg8CXawrFjstzFWR4=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: meAJKuYamr2If3fvapqE4SYjdP0dBTIVA.b19MIbdUk-1677763680570-0-604800000
.id.group-ib.com/	1970-01-20 18:48:19	Name: gcfids Value: PY5q6YUTVR-usWjb27Q0lOWCIUBagzH7DysIT72VSa3HC4Mnq7ZRvQT6P1iaGZFuVKW3rGa36aRZZDICI7dejfhc+s-73ZQk9ejA+ZOn45-nWSy0QcvbuWusOz2c
.twitter.com/	1970-01-20 19:38:43	Name: personalization_id Value: "v1_9B9vKyZhw6DVEZW1pDqAkQ=="
.t.co/	1970-01-20 19:38:43	Name: muc_ads Value: 7abf169f-ecd3-41e4-8fcb-771f62674c2b
www.group-ib.com/	1970-01-20 10:02:43	Name: gssc213174 Value:
.group-ib.com/	1970-01-20 19:38:43	Name: _ga Value: GA1.2.466556684.1677763681
.group-ib.com/	1970-01-20 10:04:10	Name: _gid Value: GA1.2.1332600464.1677763681
.group-ib.com/	1970-01-20 10:02:43	Name: _dc_gtm_UA-25492706-2 Value: 1
www.group-ib.com/	1970-01-20 19:38:43	Name: _gd_visitor Value: e00f3292-637e-4d5b-88fc-d3d98522840f
www.group-ib.com/	1970-01-20 10:02:58	Name: _gd_session Value: 9e836d6e-afe4-4ed8-8261-9a512d3da72d
www.group-ib.com/	1970-01-20 10:04:10	Name: ln_or Value: eyI0NDk2NjAxIjoiZCJ9
www.group-ib.com/	1970-01-20 10:12:48	Name: _an_uid Value: 0
.group-ib.com/	1970-01-20 12:12:19	Name: _fbp Value: fb.1.1677763681102.633824670
.doubleclick.net/	1970-01-20 19:24:19	Name: IDE Value: AHWqTUlhYdVyyfBnz0orzjbba1gKGdaD0oMgXfeG2Xeycy6SWCmj1z_OoiebE66G
.6sc.co/	1970-01-20 19:38:43	Name: 6suuid Value: 6d6ed417d817000061a40064a0000000cc4a0a00
www.group-ib.com/	1970-01-20 18:48:19	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: SY2M07MCV2O4/NKgcxfOlVOtswglcusZjtcIl0mx6ZYnHlENO2ONuEbgl62WrBla2TcDLLY7bRAtFuIznbP0YvPdghUv2b7dT/8byCUsT/pDhjf8HPoCb3gub0SyzP2RjGyEOiJW6+M0Kf5KKbpaCSu4hj1i3Qiy9voG
.www.group-ib.com/	1970-01-20 18:48:19	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: SY2M07MCV2O4/NKgcxfOlVOtswglcusZjtcIl0mx6ZYnHlENO2ONuEbgl62WrBla2TcDLLY7bRAtFuIznbP0YvPdghUv2b7dT/8byCUsT/pDhjf8HPoCb3gub0SyzP2RjGyEOiJW6+M0Kf5KKbpaCSu4hj1i3Qiy9voG
.group-ib.com/	1970-01-20 18:48:19	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: SY2M07MCV2O4/NKgcxfOlVOtswglcusZjtcIl0mx6ZYnHlENO2ONuEbgl62WrBla2TcDLLY7bRAtFuIznbP0YvPdghUv2b7dT/8byCUsT/pDhjf8HPoCb3gub0SyzP2RjGyEOiJW6+M0Kf5KKbpaCSu4hj1i3Qiy9voG
.www.group-ib.com/	1970-01-20 18:48:19	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: n5O3D4nB6bFVd9X7R8koQEUdOJdWGe0hUipC95sY5L/146mC2udiG34MqfJmY+RLLPZnpWnCkX3z8yq/Jpjf3dB8f8GIgAwfyzdERHTLgPWeJ7GdfYASTgDRDRt+zGIkcBXLzuu04fFP+KmcKGjRQV9xj4yczEI4AlVhMZY5YGxixOdZt9yYgKsFGxsLmE37nhr8ZlDtO/b+ravty1bQ6NN133ldT9Cad8XzfdeW3Xqche4fNP8H4HxYQDrY9g==
.group-ib.com/	1970-01-20 18:48:19	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: n5O3D4nB6bFVd9X7R8koQEUdOJdWGe0hUipC95sY5L/146mC2udiG34MqfJmY+RLLPZnpWnCkX3z8yq/Jpjf3dB8f8GIgAwfyzdERHTLgPWeJ7GdfYASTgDRDRt+zGIkcBXLzuu04fFP+KmcKGjRQV9xj4yczEI4AlVhMZY5YGxixOdZt9yYgKsFGxsLmE37nhr8ZlDtO/b+ravty1bQ6NN133ldT9Cad8XzfdeW3Xqche4fNP8H4HxYQDrY9g==
.www.group-ib.com/	1970-01-20 18:48:19	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: bnla40358cc85a5ed98b4a6c1db41e89fee5c8f7
.group-ib.com/	1970-01-20 18:48:19	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: bnla40358cc85a5ed98b4a6c1db41e89fee5c8f7
.linkedin.com/	1970-01-20 10:45:55	Name: UserMatchHistory Value: AQIUQBX469763wAAAYaighuCtdH0vK0CG57nXv5dflx__1RDETRJaK6MYL78GyNGulnUYAB3RN1pag
.linkedin.com/	1970-01-20 10:45:55	Name: AnalyticsSyncHistory Value: AQJHMICrYw4uCwAAAYaighuC64PoHHYpXzuzOimTbs4DrMnQfNb5Jh3d-evKyMe9wAloso5vCcFzvDd1A6hqrQ
.linkedin.com/	1970-01-20 18:48:19	Name: bcookie Value: "v=2&43db54be-1fbd-4716-8c08-ac993020e185"
.linkedin.com/	1970-01-20 10:04:10	Name: lidc Value: "b=TGST04:s=T:r=T:a=T:p=T:g=2894:u=1:x=1:i=1677763681:t=1677850081:v=2:sig=AQGg3_F-2sxtUQ3PrLTd6QlKB_ppg5D-"
.www.linkedin.com/	1970-01-20 18:48:19	Name: bscookie Value: "v=1&20230302132801bab45d66-998a-4c67-8f04-9698705db445AQHB3cwASIqgxRjHr4olhaHMXu6BCr54"
.linkedin.com/	1970-01-20 14:21:55	Name: li_gc Value: MTswOzE2Nzc3NjM2ODE7MjswMjFxizt4cYIE/JtLautM+UC6+L0hctu9rpVp8ZnMf6jUrQ==
.group-ib.com/	1970-01-20 19:38:43	Name: _ga_QMES53K3Y2 Value: GS1.1.1677763680.1.0.1677763681.59.0.0
.group-ib.com/	1970-01-20 12:12:19	Name: _gcl_au Value: 1.1.1246256694.1677763680.933208944.1677763682.1677763681

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://group-ib.com/cert.html Message: Failed to load resource: the server responded with a status of 403 ()
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network	error	URL: https://www.group-ib.com/api/fl/idgib-w-group-ib Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.neverbounce.com
app-lon09.marketo.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.neverbounce.com
connect.facebook.net
fhp-aws-antibot-back.group-ib.com
fonts.googleapis.com
forms-eu1.hsforms.com
forms.hsforms.com
google.com
googleads.g.doubleclick.net
group-ib.com
ipv6.6sc.co
j.6sc.co
js-eu1.hsforms.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
ru.id.group-ib.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.group-ib.com
www.linkedin.com
b.6sc.co
104.16.92.80
104.244.42.3
104.244.42.5
104.64.113.114
13.107.42.14
13.32.99.57
142.251.208.98
146.75.116.157
172.65.232.43
172.65.255.172
185.17.9.184
185.89.210.122
2001:4860:4802:34::36
2001:4860:4802:36::178
2600:9000:225e:bc00:2:53b2:240:93a1
2606:4700::6810:5805
2606:4700::6810:a852
2620:1ec:21::14
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:828::200a
2a00:1450:4001:82f::2003
2a00:1450:400d:802::200e
2a00:1450:4025:402::9d
2a02:26f0:11a:3a2::1c91
2a02:26f0:3500:16::215:149b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.72.181.255
3.72.191.153
52.3.31.211
0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc
141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0
14bc794b93844df0e9a47adecd1f252e7cb59d0a1efdc5f90938784962cf73dc
14c215f713ee81fce0116a60512864fdfdb71a954f1280a0ff45930b8d80cd54
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547
206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53
2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197
28aabea3885481e4a5fe0c4031bbea2e9ab1d4cca1adeac5ccde868d49ec0019
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34acb52523542361b9a954f7a3ff392e7995229c74c7e240f9aeb59f664c0aa2
3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34
3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6
3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61
41415cb6a79f3b7919cae909040d71437f47845bd5c0f260519b817b37c77f0c
48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9
4dd0928e0ce5527d34bf69c0d1488cce35e4465553c838847e631afa854ec834
4dd90918a89ad1d7c33d2bd92deb0168640409971818254530c2c7c993b4fd42
50188cba606965d44a4ee00eeb1e29a5b582c06a3e065dffbd0b29391d5a7497
55e788d197effcb353fae13408d650de8906b9ed03ebf5fa4f75f44197099f8e
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8
5c383c66beae35484e29311a9e17e2be6dc409c6fcf365e5cf9b11df2e6fe336
6190c20f2fc85a775d635809b2cd1440327c157e4278c0f3e1bdd4e1011aedf8
62caa3fd7290535a51c28be4fe200d1b8afa8130beeb84a6c788638261c67155
66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7061e8c6ca7c7b9eb635d5bc9154ade9f524ed694c9b4834f3404b2af189c610
723598c084fa197bd62fefa574250fd5b43b02fead89fa18171ba6fdce1a6299
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06
77d394a1dd590551f25748c1daceb7b5ebcb49d55ef7ec69dce4c4b33a5b4161
7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bd7a28fc82ef1a7f18153f908af5d1da9171b90d1b642e1877afa0b9145060a
80d86dea9a74767347deb9574da31e8976b921dd94104b527a5b83a070c17855
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5
84c9d99a554d86940bd8d70fc13d696dc014f5305672d6a87332b887c7378c30
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1
9021b098136adfe3b0c516eb7858c250e42d36bf5bed355934f021a5d181e937
96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645
96c4e58e8a03bbdefeb244e74873ce152349cdb30b308628dd7c3e2d7c7e118a
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355
9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246
a0123eded788d31af982c69073accde95512f79937578813e722c1bf4abbed27
a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acac29336d6f4876003739fc85c9a89f41042b1d162eeb726254899ea4e12a01
ad7387a232876a2aef693100f211bffb0a6e8458a763421fce605d0260ffb0b3
b07df66d7e2b543b049f418d3425d91f216f904b641e9aa1e3e5be6fcb2a002b
b8ebf6420bc19a4e916761eff41be78ee38efd82fb18a51fd83f9ac0c6ae788e
bd4c5b3ba4abfc7fe4ffdc1399b7cb4fc632be7dd50d344d710ff7273f35134e
beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410
c2e2289c49374b1a78591504a2469ae24573929991012904ec165ecbc5d82c7e
c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491
cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7
cc3993a2a0eb28a3b871c5f607c5b02cb0f14f255246bc074b06870fb4938e6b
cc969b746c92fcc512af98020d7a4ab80b866675702b048eb3bb65a1131c25b5
cf3d79c7385b8b507296a3f373581e76f91e4f892ac3fb373fa8034e98ccf0fb
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
daff0dc5c932f4cadd71ce425f756ea920c17dafc45e9df03574101df5c70341
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddc405fa970f9643a6c551b827bc595190f3fc089f2839f2b4b30b1792b4f96a
dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4
e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d
eca2de0a1fe2feb1bc1acf2d647bca1c90b7583b1c273c061adae5af917b4175
ed4599278417c21848d395b9f8a0db89313c120b87a90706d5c4e7f424c338da
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a76ecbcbefc0b357ce381eba61f68a4d2c8c5297ec27ec3380ed03edbe5744
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe2eccc7e6d3b8befa552b02ffb5289dcedb62317619e78e7e461b9d38032561
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c
ffafce1286e2eff44803b54b0ec27a839b70c8626547d6740d4663eddf356409

www.group-ib.com Open in urlscan Pro 3.72.181.255 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

99 Requests

96 %HTTPS

53 %IPv6

23 Domains

36 Subdomains

32 IPs

7 Countries

10484 kBTransfer

12812 kBSize

38 Cookies

14 Outgoing links

Page URL History

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

96 %
HTTPS

53 %
IPv6

23
Domains

36
Subdomains

32
IPs

7
Countries

10484 kB
Transfer

12812 kB
Size

38
Cookies

99 HTTP transactions
14 data transactions