www.group-ib.com Open in urlscan Pro
178.248.235.63 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=
Effective URL:
https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt...
Submission: On March 17 via api (March 17th 2022, 8:03:46 am UTC) from IE — Scanned from DE

Summary HTTP 80 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 27 IPs in 7 countries across 24 domains to perform 80 HTTP transactions. The main IP is 178.248.235.63, located in Russian Federation and belongs to QRATOR, RU. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 12th 2021. Valid for: a year.

This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	178.248.235.63 178.248.235.63	197068 (QRATOR) (QRATOR)
6	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:fb:... 2a02:26f0:fb:5b4::30ec	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:fb:... 2a02:26f0:fb::5f65:58d9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a03:2880:f00... 2a03:2880:f006:21:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 6	2a02:6b8::1:119 2a02:6b8::1:119	208722 (YNDX) (YNDX)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	134.213.193.62 134.213.193.62	15395 (RACKSPACE...) (RACKSPACE-LON)
2	2a00:1450:400... 2a00:1450:400c:c01::9d	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f10... 2a03:2880:f106:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
80	27

8 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

from.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 178.248.235.63 (Russian Federation)

ASN197068 (QRATOR, RU)

www.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb:5b4::30ec (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn-uicons.flaticon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb::5f65:58d9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f006:21:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:22::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (YNDX, FI)

mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.213.193.62 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)

689-lre-818.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c01::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f106:83:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	group-ib.com from.group-ib.com www.group-ib.com go.group-ib.com	955 KB
6	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1590 ka-f.fontawesome.com — Cisco Umbrella Rank: 2959	176 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	56 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 28691	2 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	564 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6433	672 B
3	google.com www.google.com — Cisco Umbrella Rank: 2	672 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	201 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	152 KB
2	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 434 px4.ads.linkedin.com — Cisco Umbrella Rank: 5153	1 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2832	6 KB
1	mktoresp.com 689-lre-818.mktoresp.com	475 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	15 KB
1	t.co t.co — Cisco Umbrella Rank: 448	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	459 B
1	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 2926	251 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 403	4 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 799	3 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 531	6 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1349	38 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 821	38 KB
1	flaticon.com cdn-uicons.flaticon.com	7 KB
80	24

	Domain	Requested by
21	www.group-ib.com	from.group-ib.com www.group-ib.com
7	go.group-ib.com	www.group-ib.com go.group-ib.com
6	cdnjs.cloudflare.com	www.group-ib.com
5	mc.yandex.com	2 redirects www.group-ib.com
5	ka-f.fontawesome.com	kit.fontawesome.com www.group-ib.com
4	www.facebook.com	www.group-ib.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.group-ib.com
3	www.google.de	www.group-ib.com
3	www.google.com	www.group-ib.com
3	connect.facebook.net	from.group-ib.com connect.facebook.net
3	www.googletagmanager.com	www.group-ib.com www.googletagmanager.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	munchkin.marketo.net	from.group-ib.com munchkin.marketo.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	689-lre-818.mktoresp.com	munchkin.marketo.net
1	www.googleadservices.com	www.googletagmanager.com
1	t.co	www.group-ib.com
1	analytics.twitter.com	static.ads-twitter.com
1	mc.yandex.ru	1 redirects
1	px4.ads.linkedin.com	www.group-ib.com
1	px.ads.linkedin.com	1 redirects
1	cdn.jsdelivr.net	www.googletagmanager.com
1	snap.licdn.com	from.group-ib.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	unpkg.com	www.group-ib.com
1	kit.fontawesome.com	www.group-ib.com
1	cdn-uicons.flaticon.com	www.group-ib.com
1	from.group-ib.com
80	29

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
blog.group-ib.com
explore.group-ib.com
youtu.be
t.me
instagram.com

Subject Issuer	Validity	Valid
from.group-ib.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh
group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-12` - `2022-06-17`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
thumbr.io Sectigo RSA Domain Validation Secure Server CA	`2020-06-05` - `2022-08-04`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
go.group-ib.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-24` - `2022-03-24`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
mc.yandex.ru Yandex CA	`2021-12-22` - `2022-06-03`	5 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Frame ID: 16A1F961FA97E0664DC5EE8F36C277DE
Requests: 79 HTTP requests in this frame

Frame: https://go.group-ib.com/index.php/form/XDFrame
Frame ID: 5A84B2ABAC2FCD85AAC64054662BFA6B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AssetZero: Attack Surface Management | Group-IB

Page URL History Show full URLs

https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcH... Page URL
https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

80
Requests

96 %
HTTPS

67 %
IPv6

24
Domains

29
Subdomains

27
IPs

7
Countries

1683 kB
Transfer

3377 kB
Size

34
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/organization/1382013/

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB_GIB

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groupibHQ

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/GroupIBGlobal

Search URL Search Domain Scan URL

URL: http://blog.group-ib.com/?utm_medium=email&utm_source=newsletter&utm_campaign=az-launch&utm_content=mea&utm_medium=email&utm_source=newsletter&utm_campaign=az-launch&utm_content=mea&utm_medium=email&utm_source=newsletter&utm_campaign=az-launch&utm_content=mea
Title: Blog

Search URL Search Domain Scan URL

URL: https://explore.group-ib.com/assetzero_landing/?utm_medium=email&utm_source=newsletter&utm_campaign=az-launch&utm_content=mea&utm_medium=email&utm_source=newsletter&utm_campaign=az-launch&utm_content=mea
Title: View product leaflet

Search URL Search Domain Scan URL

URL: https://youtu.be/3ryrcExYZS4

Search URL Search Domain Scan URL

URL: https://t.me/groupibhq

Search URL Search Domain Scan URL

URL: https://instagram.com/groupibhq

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78= Page URL
https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM%26utm_campaign%3Daz-launch%26utm_source%3Dnewsletter%26utm_medium%3Demail%26utm_content%3Dmea HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM%26utm_campaign%3Daz-launch%26utm_source%3Dnewsletter%26utm_medium%3Demail%26utm_content%3Dmea&e_ipv6=AQL3RXdiYPlRTAAAAX-W52gNCwPaOqX1OzDAX3g7p2l1EgOBxx1z9E9WHX4gzBbPJHkX3atP

Request Chain 55

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9580.vqWiKBCYxxphq5KKqMqaLOQ5D-ysypMjlNhaHHhVgvYspVWomW0AbAI8GlCpxwEf.GC3Oe1gS6KOUy3-pZzsEjnz2xwI%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9580.oQ0Z_KbdtW3LMm6WSkROMO9uFXSmjrGggDXIxwG3l_MGBFgYngUrKkJSszLzgUFLgL9CboGJ0QulwL2TuxG3rw%2C%2C.wR5s2zop42nVCfkeJQ525byzfc0%2C

Request Chain 74

https://mc.yandex.com/watch/25634039?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&page-ref=https%3A%2F%2Ffrom.group-ib.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A520%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A41660484036%3Ahid%3A926121654%3Az%3A0%3Ai%3A20220317080341%3Aet%3A1647504221%3Ac%3A1%3Arn%3A890937714%3Arqn%3A1%3Au%3A1647504221962372855%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647504220507%3Ads%3A19%2C132%2C62%2C1%2C0%2C0%2C%2C509%2C3%2C%2C%2C%2C724%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647504222%3At%3AAssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&t=gdpr(14)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&page-ref=https%3A%2F%2Ffrom.group-ib.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A520%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A41660484036%3Ahid%3A926121654%3Az%3A0%3Ai%3A20220317080341%3Aet%3A1647504221%3Ac%3A1%3Arn%3A890937714%3Arqn%3A1%3Au%3A1647504221962372855%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647504220507%3Ads%3A19%2C132%2C62%2C1%2C0%2C0%2C%2C509%2C3%2C%2C%2C%2C724%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647504222%3At%3AAssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&t=gdpr%2814%29aw%281%29ti%282%29

80 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=
from.group-ib.com/ 557 B
1 KB 133ms
93ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-type: text/html
cache-control: private, no-cache, no-store, max-age=0
x-cnection: close
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ed436a55b8f690a-FRA
content-encoding: gzip

GET
H/1.1 200
OK Primary Request assetzero.html Show response
www.group-ib.com/ 47 KB
11 KB 213ms
62ms Document
text/html 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM

Requested by

Host: from.group-ib.com
URL: https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

9d5ca757f26072ea3b8d6fce0c1ebf3de51e5844c5ae20548e223b875650d461

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://from.group-ib.com/

Response headers

Server: QRATOR
Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=15724800; includeSubDomains

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/ 2 KB
974 B 31ms
14ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ce4e98f3a3be297f48ebd5b771e74928f31754d43324fd795d1cd81cc41b35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1030848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 633
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-745"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ny8uYMpqEVuEsYGslc9ZQR9W8zcNF8l8qtNV5lYj5%2ByPXjetwd7JY5zkFJUak%2FEb9ChKbJwTYqAl%2FpP930J78aaGnzv2%2Fi3a01GPaonvviOscZJ9iTT9vsBuzQyZDfc7oY4u9WVYf21JYykRAu5XG8Io"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a809c45b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H2 200 jquery.modal.min.css
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/ 3 KB
2 KB 33ms
16ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 213867
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1541
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-c81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRDEL7OCjCGuK05no9OQ21kI6kpmxxdXVmGTd4sqXJDG5HScKWzAIjaMaAQcuTHfRgGBi9d8TYr3TZGdxrpoGwZI0wA6ZXapSl8fWtpOMqppSzaaA89ND0%2BKmkzGhJAybv6et0xCXLFzytyZEnM2JERB"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a809c75b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H2 200 swiper.min.css
cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/ 19 KB
3 KB 30ms
14ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1238340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2581
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03cf2-4d42"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MWmhCNtHSG7GZyu1IxkMNLNTvFK23otVloTxCRjwEgSvEhou6t%2BMhwZoQDuWPX%2Fe4u0s8FCjryhsl%2BDX8%2BUstr3DVqw2P0ZuPtZOXHpJ1wqv%2FwhtXx%2BGZAZUk%2BpUSOtEIbiTe%2B4AE%2FHe%2FhVD%2FY4W17V"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a809ca5b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H2 200 jquery.fancybox.min.css
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/ 12 KB
3 KB 31ms
15ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3579815
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2695
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:00 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e58-31fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESVs1rVXiEm44GcE%2B3Ztgpr9pHHmcV6AykQMhcLGquzU1jhIfzswC2T82UOosmcf1ytQXB2Zp2k6sb4Yt9iZQyKJ6BIfnoYEX3geTW9NNPz8ecU8CzJfuZcb%2BkUWtBDkw9JQIoTYkGMjW6%2B5HeAZwnfJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a809cc5b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H/1.1 200
OK style-4d414db2.css
www.group-ib.com/assetzero/css/ 13 KB
5 KB 47ms
46ms Stylesheet
text/css 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/css/style-4d414db2.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

3c5c78dec82c7065d91750398b97963b4b70674d8914a53f602276a3c2958dda

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Dns-Prefetch-Control: off
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Fri, 04 Mar 2022 10:02:04 GMT
Server: QRATOR
Etag: W/"6221e39c-3320"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK g-font-bd68418a.css
www.group-ib.com/assetzero/font-g/g-font/ 438 B
1 KB 60ms
43ms Stylesheet
text/css 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/font-g/g-font/g-font-bd68418a.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

219d58f30f926454c74b27fe575e69a07af5dacbd26138c8df703f79fe686a4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 438
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Wed, 24 Nov 2021 13:37:21 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "619e4011-1b6"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H2 200 uicons-regular-straight.css
cdn-uicons.flaticon.com/uicons-regular-straight/css/ 48 KB
7 KB 261ms
88ms Stylesheet
text/css 2a02:26f0:fb:5b4::30ec
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-uicons.flaticon.com/uicons-regular-straight/css/uicons-regular-straight.css
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:fb:5b4::30ec Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: cac6fc187d36699afc094cc451ec70302ea5413a47a52fde80e2eb828ce46710

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
last-modified: Mon, 07 Mar 2022 07:16:39 GMT
server: nginx
etag: "22f9d98d0cb76c0c170b54ae5b690b59"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31535975
content-transfer-encoding: Binary
x-default-rule: YES
content-length: 6588
expires: Fri, 17 Mar 2023 08:03:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
36 KB 150ms
62ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-25492706-2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9008dd6a59eea61636f2a589e0769f9d10c41c2fdbd2195f730db22e625e8b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36787
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK logo-new-4be421df.svg
www.group-ib.com/resources/threat-research/reports-2021/img/ 2 KB
2 KB 37ms
35ms Image
image/svg+xml 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/resources/threat-research/reports-2021/img/logo-new-4be421df.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 1139
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Tue, 30 Nov 2021 14:13:53 GMT
Server: QRATOR
Etag: W/"61a631a1-980"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK assetzero-section-min-f0086404.png
www.group-ib.com/assetzero/img/ 68 KB
69 KB 42ms
40ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/assetzero-section-min-f0086404.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

f91c0bef57380a12b36c8b6755e50b2a6461c8df29a0c3147b6127784b0ea93b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 69471
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 10:05:33 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621363ed-10f5f"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK technology-section-1-min-76a078fb.png
www.group-ib.com/assetzero/img/ 47 KB
48 KB 64ms
63ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/technology-section-1-min-76a078fb.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

f177f7170e041e3b7e4e70e3b6251630461c1bf0500bf5985a7a3d2804f90010

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 48079
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 09:51:58 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621360be-bbcf"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK technology-section-2-min-d634973f.png
www.group-ib.com/assetzero/img/ 44 KB
45 KB 76ms
62ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/technology-section-2-min-d634973f.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

f0f54b8577aba1616bed049d795828075e6f287f43e47b7955233d5b783092d2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 45516
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 09:51:58 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621360be-b1cc"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK technology-section-3-min-1ae1c5c6.png
www.group-ib.com/assetzero/img/ 65 KB
66 KB 110ms
40ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/technology-section-3-min-1ae1c5c6.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

0ff4409f93c2f5c135407dfbc256bae30385a55ccb07ed8beeab206f52557ca0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 66675
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 09:51:58 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621360be-10473"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK technology-section-4-min-ace96325.png
www.group-ib.com/assetzero/img/ 53 KB
54 KB 49ms
49ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/technology-section-4-min-ace96325.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

2907de34214d525c4a155f0f7cf58eb924e1faf94810b8cc40e75419e613caa6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 54100
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 09:51:58 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621360be-d354"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H2 200 forms2.min.js Show response
go.group-ib.com/js/forms2/js/ 205 KB
68 KB 265ms
22ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.group-ib.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
age: 112
etag: "680f37-3326e-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 6ed436aa1c82927d-FRA
expires: Thu, 17 Mar 2022 12:03:41 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 12ms
11ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2379871
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LubGBUeuaeh2SDS5KQZv3xwvG80Z%2BZpP4BZ2NPAtMrCvmQxt7GeWYsD6uXhgHabUyBse%2B6GjvNvMPKU5iIx2mOeyOLUSDckTczBN0AUyrngfgAiqOMsKbvN0iv3brcQuYBG%2BNNHKsq5FljhyAkfTZIjt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a99b4a5b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H2 200 jquery.fancybox.min.js Show response
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/ 67 KB
19 KB 13ms
10ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 650877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19249
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:00 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e58-10a9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FG%2Fus7uprGv6FZchzmYCpyPTczYAP7o5dJb%2BiFuWKwVkdG98c0pLW5lY92fnGUEO1MOoQ2ruyffSZeACj7mWWFPHgIM7luGbA2v7wtLOQqJf12b8bqmE158e2UcKqnvPZgJBLAjlTDtMMiXLGatOFvR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ed436a99b515b92-FRA
expires: Tue, 07 Mar 2023 08:03:41 GMT

GET
H2 200 4a78beaacf.js Show response
kit.fontawesome.com/ 11 KB
4 KB 97ms
56ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/4a78beaacf.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d076abb7b28c1589bcaf3605780238832e222c9e2fb279d2b3603baf02b71c78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 6ed436a9dd81911e-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FtjruGIibsiccyVNorVD

GET
H2 200 swiper-bundle.min.js Show response
unpkg.com/swiper@7.2.0/ 132 KB
38 KB 72ms
30ms Script
application/javascript 2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.2.0/swiper-bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

330fe5965859f5757348be82340b21f1d473cc9b3fb8c3b1fcd4e082aaf4c0a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1461059
fly-request-id: 01FWZX2SNHVM3ZRJ32KN8K8CGG-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"21196-WDvIRLXUPbXzFpQKGGR78uE1GRg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6ed436a9d87e9a15-FRA

GET
H/1.1 200
OK main-53bb585c.js Show response
www.group-ib.com/assetzero/js/ 11 KB
4 KB 28ms
26ms Script
application/javascript 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/js/main-53bb585c.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

f784fb63da7eafa230701b5b38966bd7fa80265118d272360020dabdaeee6dba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Dns-Prefetch-Control: off
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Thu, 17 Feb 2022 19:38:44 GMT
Server: QRATOR
Etag: W/"620ea444-2b0e"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 404
Not Found g-font.css
www.group-ib.com/assetzero/g-font/ 0
0 31ms
31ms Stylesheet
text/html 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/g-font/g-font.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/css/style-4d414db2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
Server: QRATOR
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains
Keep-Alive: timeout=15

GET
H/1.1 200
OK topbar-db456786.css
www.group-ib.com/assetzero/css/ 5 KB
3 KB 50ms
37ms Stylesheet
text/css 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/css/topbar-db456786.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/css/style-4d414db2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

cd9578f44e9b07804a59de417f647dbe83def0dba0015568a12d4fd9d68f91f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 1930
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Thu, 03 Feb 2022 07:41:52 GMT
Server: QRATOR
Etag: W/"61fb8740-148d"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK footer-690824a3.css
www.group-ib.com/assetzero/css/ 4 KB
2 KB 52ms
39ms Stylesheet
text/css 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/css/footer-690824a3.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/css/style-4d414db2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

4156640b74233babc1d33016aba095e8b20f9160d59aab92a03879fe4c35a0e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 1189
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Thu, 02 Dec 2021 08:05:10 GMT
Server: QRATOR
Etag: W/"61a87e36-f9c"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 241 KB
77 KB 194ms
116ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c63b0acad048ebbfee816cc05eb022b643433fc4aa8eb1a8f2b6f0b07c31dbd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78245
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 08:03:41 GMT

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK G-font-Regular-d2a0c65f.otf
www.group-ib.com/assetzero/font-g/g-font/ 47 KB
48 KB 63ms
52ms Font
application/octet-stream 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/font-g/g-font/G-font-Regular-d2a0c65f.otf

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/font-g/g-font/g-font-bd68418a.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 48120
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Fri, 12 Nov 2021 09:59:41 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: application/octet-stream
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Etag: "618e3b0d-bbf8"
Accept-Ranges: bytes
Keep-Alive: timeout=15

GET
H/1.1 200
OK header-section-min-43cf51ae.png
www.group-ib.com/assetzero/img/ 218 KB
219 KB 45ms
33ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/header-section-min-43cf51ae.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/css/style-4d414db2.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

b3a8a9b81ff430d7865338d148328a4a3e17f2c34609a91d22577fabe81fc5c0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 223215
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Mon, 21 Feb 2022 09:51:58 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "621360be-367ef"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK G-font-Medium-1e81b291.otf
www.group-ib.com/assetzero/font-g/g-font/ 60 KB
61 KB 47ms
34ms Font
application/octet-stream 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/font-g/g-font/G-font-Medium-1e81b291.otf

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/font-g/g-font/g-font-bd68418a.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 61140
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Fri, 12 Nov 2021 09:59:41 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: application/octet-stream
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Etag: "618e3b0d-eed4"
Accept-Ranges: bytes
Keep-Alive: timeout=15

GET
H/1.1 200
OK G-font-Bold-c61eca89.otf
www.group-ib.com/assetzero/font-g/g-font/ 49 KB
50 KB 58ms
35ms Font
application/octet-stream 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/assetzero/font-g/g-font/G-font-Bold-c61eca89.otf

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero/font-g/g-font/g-font-bd68418a.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 49952
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Fri, 12 Nov 2021 09:59:41 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Date: Thu, 17 Mar 2022 08:03:41 GMT
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: application/octet-stream
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Etag: "618e3b0d-c320"
Accept-Ranges: bytes
Keep-Alive: timeout=15

GET
H/1.1 200
OK intro-card-1-min-94912fe7.png
www.group-ib.com/assetzero/img/ 17 KB
19 KB 41ms
40ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/intro-card-1-min-94912fe7.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

2dd5b0957c3afbcdfcb7334f3f75fe21da9efd706eae73f31a54adaa33185aac

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 17916
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Tue, 23 Nov 2021 15:51:05 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "619d0de9-45fc"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK intro-card-2-min-fc8b3d2d.png
www.group-ib.com/assetzero/img/ 18 KB
19 KB 32ms
31ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/intro-card-2-min-fc8b3d2d.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

ed60268dafccca02074630ec9b819e6f43c21997ff5f3900e89dfc5f6140bfc0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 18403
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Tue, 23 Nov 2021 15:51:05 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "619d0de9-47e3"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK intro-card-3-min-e309a447.png
www.group-ib.com/assetzero/img/ 16 KB
17 KB 58ms
57ms Image
image/png 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/assetzero/img/intro-card-3-min-e309a447.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

95c8b4b8da6b29f903b86e53fd8d3fcb2b23c1100b722f97e7d85fa9b6bfc724

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
Connection: keep-alive
Content-Length: 16195
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Tue, 23 Nov 2021 15:51:05 GMT
Server: QRATOR
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Etag: "619d0de9-3f43"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Accept-Ranges: bytes
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H2 200 getForm Show response
go.group-ib.com/index.php/form/ 24 KB
5 KB 72ms
72ms Script
application/javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.group-ib.com/index.php/form/getForm?munchkinId=689-LRE-818&form=4495&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html&callback=jQuery112409212249110264901_1647504221137&_=1647504221138
Requested by: Host: go.group-ib.com
URL: https://go.group-ib.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b4e6e9a5332bf37eb6f2e66456d79dcaa49d67342d788f6bd1274658ebedde1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6ed436aa8d28927d-FRA
cached: true

GET
H2 200 getForm Show response
go.group-ib.com/index.php/form/ 5 KB
2 KB 65ms
65ms Script
application/javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.group-ib.com/index.php/form/getForm?munchkinId=689-LRE-818&form=1673&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html&callback=jQuery112409212249110264901_1647504221139&_=1647504221140
Requested by: Host: go.group-ib.com
URL: https://go.group-ib.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c871acfa6eeee8961ca35217e3afc4b10b60ec28c37dedb9458799a96d33f9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6ed436aa9d57927d-FRA
cached: true

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 127ms
81ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=4a78beaacf
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/4a78beaacf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
via: 1.1 65678b013de2c2e6c05b27f6ecb2d78a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikSRr5X0P8sPy%2B7OdBruVLcCCjo1PO2BXnSIgRx4PWJ7%2B%2FgDaBpdqlo%2BAecs6ADMKx7aKa5%2BgwzNupo%2F7MmbJoz0yYRmR6bG5LoCqcli%2B09RiY8rN2wSXreeQguEqjM9%2Bs0ePfyqp8rOFJLccUWwqEC18w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6ed436aafbc86964-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 2M88nqGC2xCw0i7A1WPQteRHj_1lzxnCi3o6OImYI6V-UXA7Gm6oew==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 117ms
80ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=4a78beaacf
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/4a78beaacf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
via: 1.1 f3af529e1cd5e36acd18d2e16d2a96c6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IcbSbp7mWdwSpMlgf3Q7OSzmJxImcuK3fXBGwfGbJsJ5Be%2FxH7G0MB49zOsHabegJk%2Bn88PCyt1rKIMd8qByaYvjQDvz81BRyOXvr6kgCuGfJJZk%2F%2FWtJQmlmribOH%2BRSF4lTdqXIr9zjlWo9PEYitVJUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6ed436aafbca6964-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: Bzl--g1le1vHmZoDS1F_u6Znk51Xe65SMIZsW9z4dd3l-VV-kPIK6w==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
2 KB 101ms
65ms Fetch
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=4a78beaacf
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/4a78beaacf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
via: 1.1 92d05088b4c5dd8daf39fac07c1c6b00.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dgmf1UvgcvOd%2BjJnUoByH1ivKf%2Ffmfrk9nGFkb%2Fc2OdAYd7VUpdnyg2n59%2F0IBb1W6%2B%2FtRCD%2B98KnajCyq1%2BIraUl046vLaTOMbL2%2FRVmG8mDdrpoJgBDjsMAQgGLB5UHOkAFmPJz4yl%2BG%2BxILA7dep03A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6ed436aafbcc6964-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: hWMk4gzRYvqHgAdB5-obgP1vhwicGbYzMlEs-9smI7ssEDMDZxKQog==

GET
H2 200 forms2.css
go.group-ib.com/js/forms2/css/ 13 KB
3 KB 24ms
23ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.group-ib.com/js/forms2/css/forms2.css

Requested by

Host: go.group-ib.com
URL: https://go.group-ib.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 111
content-length: 2623
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "680f27-3437-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ed436ab0dfe927d-FRA
expires: Thu, 17 Mar 2022 12:03:41 GMT

GET
H2 200 forms2-theme-simple.css
go.group-ib.com/js/forms2/css/ 826 B
331 B 27ms
27ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.group-ib.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: go.group-ib.com
URL: https://go.group-ib.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5382
content-length: 242
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "680f2d-33a-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ed436ab0e00927d-FRA
expires: Thu, 17 Mar 2022 12:03:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-25492706-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7136
date: Thu, 17 Mar 2022 06:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 17 Mar 2022 08:04:46 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 99 KB
38 KB 142ms
55ms Script
application/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-MG8BP56

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

db87f8babe4c889d8d72e7d24295bdbda52864db26d90f566ce4206bcdec02ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38760
x-xss-protection: 0
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 35ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: gzip
last-modified: Sat, 05 Feb 2022 00:44:37 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000043-IAD, cache-hhn11580-HHN

GET
H/1.1 200
OK watch.js Show response
www.group-ib.com/javascripts/ 138 KB
64 KB 27ms
26ms Script
application/javascript 178.248.235.63
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/javascripts/watch.js

Requested by

Host: from.group-ib.com
URL: https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),

Reverse DNS

Software

QRATOR /

Resource Hash

c1922061e01300c6b8d0e9a9dbc638c2eb7b2f5cf9e7690791bf7be4dd8733d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Dns-Prefetch-Control: off
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer
Last-Modified: Wed, 16 Mar 2022 22:10:02 GMT
Server: QRATOR
Etag: W/"6232603a-2269e"
X-Download-Options: noopen
X-Frame-Options: ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Type: application/javascript
Cache-Control: max-age=604800
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
Permissions-Policy: camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),
Content-Security-Policy: frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/
Keep-Alive: timeout=15
Expires: Thu, 24 Mar 2022 08:03:41 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 43ms
8ms Script
application/x-javascript 2a02:26f0:fb::5f65:58d9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: from.group-ib.com
URL: https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:fb::5f65:58d9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Mar 2022 20:16:02 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=61403
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3073

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 30ms
7ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: from.group-ib.com
URL: https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 45ms
14ms Script
application/x-javascript 2a03:2880:f006:21:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: from.group-ib.com
URL: https://from.group-ib.com/Njg5LUxSRS04MTgAAAGDNaZJZuCpkD6b8Veh7GCXaLyLC98v-q5jrJeVaErEOMfAzHjTHfUQ-OcHPjwnPe4-4flXe78=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f006:21:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26320
x-xss-protection: 0
pragma: public
x-fb-debug: f1PfsN5e+DwCyKPMYQ+j/WOre2aV6rPDYpRlzH+dLWaOApOy2mfdM8wdIZzHbZoFyhLLbg8Y94c0nm7i8Zkhaw==
x-fb-trip-id: 1709462857
x-frame-options: DENY
date: Thu, 17 Mar 2022 08:03:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 99 KB
39 KB 103ms
56ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-470293358

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2c944f2c87a85b9cf0bd9bfed0474e5a717e0f77020aaad00407ae9f0d258fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40308
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H2 200 htmlMediaElementsTracker.min.js Show response
cdn.jsdelivr.net/npm/@analytics-debugger/html-media-elements@latest/dist/ 9 KB
4 KB 60ms
21ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@analytics-debugger/html-media-elements@latest/dist/htmlMediaElementsTracker.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7bad5fe315f9cc904e9b2359ac8ae82bb77a049bc6aa6928a69bcc25ce292b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36990
x-jsd-version: 0.0.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19138-FRA, cache-hhn4053-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2552-QY5YDe2QAjm3BD4caHhXhH8nqww"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6ed436ab99615ca4-FRA

GET
H2 200 XDFrame Show response
go.group-ib.com/index.php/form/ Frame 5A84 2 KB
810 B 47ms
47ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.group-ib.com/index.php/form/XDFrame

Requested by

Host: go.group-ib.com
URL: https://go.group-ib.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df988594f52bf825308e9ba09f0b0f5af0d98270e2beabf5b332bfe4daafc670

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=3600
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ed436abff71927d-FRA
content-encoding: gzip

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 27ms
26ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Sat, 25 Jun 2022 08:03:42 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSM...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKS...

0
266 B

150ms
117ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM%26utm_campaign%3Daz-launch%26utm_source%3Dnewsletter%26utm_medium%3Demail%26utm_content%3Dmea&e_ipv6=AQL3RXdiYPlRTAAAAX-W52gNCwPaOqX1OzDAX3g7p2l1EgOBxx1z9E9WHX4gzBbPJHkX3atP
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9C202BCFA64C46BFB0496AA64FD9DD28 Ref B: FRAEDGE0718 Ref C: 2022-03-17T08:03:42Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXaZXfw+FVbFw4P+kKFZg==
x-li-fabric: prod-lva1

Redirect headers

date: Thu, 17 Mar 2022 08:03:41 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1F3A36F137AF4ADA91863BB51B704864 Ref B: VIEEDGE1517 Ref C: 2022-03-17T08:03:42Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2221722%2C3115692&time=1647504221414&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Fmkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM%26utm_campaign%3Daz-launch%26utm_source%3Dnewsletter%26utm_medium%3Demail%26utm_content%3Dmea&e_ipv6=AQL3RXdiYPlRTAAAAX-W52gNCwPaOqX1OzDAX3g7p2l1EgOBxx1z9E9WHX4gzBbPJHkX3atP
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXaZXfuOarLMT6cHPXb4w==

GET
H3 200 545899479446758 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 99ms
83ms Script
application/x-javascript 2a03:2880:f006:21:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/545899479446758?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f006:21:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48fcd2ccea0ddaa11d967d3e475617b44dd4fbec57d23c069fb25128efcf740c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 8icTb5DiO5VFzxd9U5bPdj2Is4Bp2ood14JHV1ODeI9AhEpKcKcNQDA7BsU+clzCc+L/QyDgWplqfJSFlP7aow==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 17 Mar 2022 08:03:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 75 KB
76 KB 64ms
49ms Font
font/woff2 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-brands-400.woff2
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5be0732ab1cc16692e165a7950810f0c772e400f6a2f63e1026a0b938016813

Request headers

Referer: https://www.group-ib.com/
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
via: 1.1 b238d3f6f579ec0d467edb5df6f43bbe.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
server: cloudflare
etag: "4f5ec865a8274ab291b6a42b5f70639e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxgasIbWIs1Q%2BaHYenO1HUC8lvW1JBhlZZw1jPUEOuKMdD2v2HGvBcLhAb5Q5kg%2Bf6JxDXmzgk%2F2ec%2FqISMpiJeCJeyE%2FNA0QWY7lI4TLYoIE0gSMwlbsVQtPiJQDEeHUmQD86ubRykESVKCLfU7RT6%2BDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 6ed436ac5b855c20-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 3gPQx1Lh9dAlWCKg3avgxrbHJjOfoXBaA8sVBxzoa4APDRHzqPVkOw==

GET
H3 200 free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 76 KB
77 KB 51ms
35ms Font
font/woff2 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/assetzero.html?utm_source=newsletter&utm_campaign=az-launch&utm_medium=email&utm_content=mea&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

Request headers

Referer: https://www.group-ib.com/
Origin: https://www.group-ib.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
via: 1.1 3adede23987e8394f5ea9efa0347562e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78168
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
server: cloudflare
etag: "a9fd1225fb2cd32320e2b931dca01089"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qb6Ezc%2Ft%2BAs0oMg%2B4iPeHTXrUU5hyx33AOeR2rIC3FZqajgUbKfzC%2FF8elXAZNXtkfztSXdHluwDHBLRPFm0sGeNmd%2FB6xvt%2Fn4YFgLctCq%2BeiGa8YJ25JDPrJckLZn8ozz9exLZ7iDkEikbsmUai%2F8Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 6ed436ac5b8a5c20-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: wAcqrByI3VtNy0tyoyQETfgdOVBrSD2VXJSas4rXdw1-nBlokQrYRw==

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9580.vqWiKBCYxxphq5KKqMqaLOQ5D-ysypMjlNhaHHhVgvYspVWomW0AbAI8GlCpxwEf.GC3Oe1gS6KOUy3-pZzsEjnz2xwI%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9580.oQ0Z_KbdtW3LMm6WSkROMO9uFXSmjrGggDXIxwG3l_MGBFgYngUrKkJSszLzgUFLgL9CboGJ0QulwL2TuxG3rw%2C%2C.wR5s2zop42nVCfkeJQ525byzfc0%2C

75 B
75 B

33ms
33ms

Image
text/html

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9580.oQ0Z_KbdtW3LMm6WSkROMO9uFXSmjrGggDXIxwG3l_MGBFgYngUrKkJSszLzgUFLgL9CboGJ0QulwL2TuxG3rw%2C%2C.wR5s2zop42nVCfkeJQ525byzfc0%2C

Requested by

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9580.oQ0Z_KbdtW3LMm6WSkROMO9uFXSmjrGggDXIxwG3l_MGBFgYngUrKkJSszLzgUFLgL9CboGJ0QulwL2TuxG3rw%2C%2C.wR5s2zop42nVCfkeJQ525byzfc0%2C
date: Thu, 17 Mar 2022 08:03:42 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 130ms
110ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o6fwj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=85300540-d702-482a-b4bd-fab466f0c04f&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 104
date: Thu, 17 Mar 2022 08:03:41 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 38f6c66dbe6987e18a06da04b0a426a3f41535e28cdc95c96463c59788ff4f91
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
337 B 127ms
111ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o6fwj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=85300540-d702-482a-b4bd-fab466f0c04f&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 104
date: Thu, 17 Mar 2022 08:03:41 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: e19d66a7d791a607c1c21a45d454e0b8fc99511107a7ea8c4870e7ed693af7fc
content-length: 43

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
228 B 90ms
31ms Image
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Wed, 16 Mar 2022 13:13:01 GMT
etag: "6231b82d-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 17 Mar 2022 09:03:42 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 94ms
46ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1142375072&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&dr=https%3A%2F%2Ffrom.group-ib.com%2F&ul=en-us&de=UTF-8&dt=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABQAAAAC~&jid=1755513595&gjid=334453631&cid=1335432071.1647504221&tid=UA-25492706-2&_gid=1540498778.1647504221&_r=1&gtm=2ou3e0&z=1101856323

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 133ms
49ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-470293358

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

b872b4ad2e649961fbf3cdc43966716bd820301634adebaf5329c1aa22a1f7ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14889
x-xss-protection: 0
server: cafe
etag: 11178597599353190569
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H2 200 forms2.min.js Show response
go.group-ib.com/js/forms2/js/ Frame 5A84 205 KB
68 KB 24ms
23ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.group-ib.com/js/forms2/js/forms2.min.js

Requested by

Host: go.group-ib.com
URL: https://go.group-ib.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.group-ib.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
age: 113
etag: "680f37-3326e-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 6ed436aca86d927d-FRA
expires: Thu, 17 Mar 2022 12:03:42 GMT

POST
H/1.1 200
OK visitWebPage
689-lre-818.mktoresp.com/webevents/ 2 B
475 B 90ms
24ms Ping
text/plain 134.213.193.62
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://689-lre-818.mktoresp.com/webevents/visitWebPage?_mchNc=1647504221554&_mchCn=&_mchId=689-LRE-818&_mchTk=_mch-group-ib.com-1647504221554-51464&mkt_tok=Njg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&_mchHo=www.group-ib.com&_mchPo=&_mchRu=%2Fassetzero.html&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Ffrom.group-ib.com%2F&_mchQp=utm_source%3Dnewsletter__-__utm_campaign%3Daz-launch__-__utm_medium%3Demail__-__utm_content%3Dmea__-__mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.193.62 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 08:03:42 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 0d053580-55e3-4cf1-9e80-17355fac94db

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 60ms
19ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=314475730&gjid=131091869&_gid=1540498778.1647504221&_u=aHDAgUABQAAAAG~&z=1126622892

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Mar 2022 08:03:42 GMT
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1142375072&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&dr=https%3A%2F%2Ffrom.group-ib.com%2F&ul=en-us&de=UTF-8&dt=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&exp=ZQrqtemoR6eywqYBo0G0zg.1&_u=aHDAgUABQAAAAC~&jid=314475730&gjid=131091869&cid=1335432071.1647504221&tid=UA-25492706-2&_gid=1540498778.1647504221&gtm=2wg3g0PW7265&cd1=1335432071.1647504221&z=981501472

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 16:50:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 54820
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 37ms
18ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=1755513595&gjid=334453631&_gid=1540498778.1647504221&_u=YEBAAUAAQAAAAC~&z=1311678058

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Mar 2022 08:03:42 GMT
content-type: text/plain
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1142375072&t=data&qt=221&_s=2&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&dr=https%3A%2F%2Ffrom.group-ib.com%2F&ul=en-us&de=UTF-8&dt=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAAUABQAAAAG~&jid=&gjid=&cid=1335432071.1647504221&tid=UA-25492706-2&_gid=1540498778.1647504221&gtm=2ou3e0&z=2001889204

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 16:50:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 54820
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 200761848796537 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 61ms
60ms Script
application/x-javascript 2a03:2880:f006:21:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/200761848796537?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f006:21:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2983428d0f72d109b045f7c9170aab3bec1410fa6575b573cae2a97cc38882b0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: LthRB0xQpZrA0wc8z/m/lfRcFkoqTc0iA6I6Xgq6LuaAdNxRj8W4wbQrHXDiG3l3aenXCluhWNl58pyW7UPvmg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 17 Mar 2022 08:03:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 48ms
15ms Image
image/gif 2a03:2880:f106:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=545899479446758&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&rl=https%3A%2F%2Ffrom.group-ib.com%2F&if=false&ts=1647504221643&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1647504221641.951256622&it=1647504221422&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f106:83:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 135ms
50ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=1755513595&_u=YEBAAUAAQAAAAC~&z=1023915713

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 133ms
47ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=1755513595&_u=YEBAAUAAQAAAAC~&z=1023915713

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 133ms
49ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=314475730&_u=aHDAgUABQAAAAG~&z=1945511021

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 135ms
50ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=1335432071.1647504221&jid=314475730&_u=aHDAgUABQAAAAG~&z=1945511021

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/470293358/ 3 KB
2 KB 138ms
52ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/470293358/?random=1647504221653&cv=9&fst=1647504221653&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&ref=https%3A%2F%2Ffrom.group-ib.com%2F&tiba=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47177e1b0035ef2b1184a0c8f9988d1feb17189c4be10b29f3b470558a07e6d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/25634039/
Redirect Chain

https://mc.yandex.com/watch/25634039?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%2...
https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea...

338 B
420 B

32ms
32ms

XHR
application/json

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&page-ref=https%3A%2F%2Ffrom.group-ib.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A520%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A41660484036%3Ahid%3A926121654%3Az%3A0%3Ai%3A20220317080341%3Aet%3A1647504221%3Ac%3A1%3Arn%3A890937714%3Arqn%3A1%3Au%3A1647504221962372855%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647504220507%3Ads%3A19%2C132%2C62%2C1%2C0%2C0%2C%2C509%2C3%2C%2C%2C%2C724%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647504222%3At%3AAssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&t=gdpr%2814%29aw%281%29ti%282%29

Requested by

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

49e0be0ab4bfa6550cce9c34623566b56b6b318710940035db132576b53d1f35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 17-Mar-2022 08:03:42 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 338
x-xss-protection: 1; mode=block
expires: Thu, 17-Mar-2022 08:03:42 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Thu, 17-Mar-2022 08:03:42 GMT
location: /watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&page-ref=https%3A%2F%2Ffrom.group-ib.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Agqny5kf8o1qwi6kkxr%3Afp%3A520%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A41660484036%3Ahid%3A926121654%3Az%3A0%3Ai%3A20220317080341%3Aet%3A1647504221%3Ac%3A1%3Arn%3A890937714%3Arqn%3A1%3Au%3A1647504221962372855%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647504220507%3Ads%3A19%2C132%2C62%2C1%2C0%2C0%2C%2C509%2C3%2C%2C%2C%2C724%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647504222%3At%3AAssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.group-ib.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 17-Mar-2022 08:03:42 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 32ms
15ms Image
image/gif 2a03:2880:f106:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=200761848796537&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&rl=https%3A%2F%2Ffrom.group-ib.com%2F&if=false&ts=1647504221721&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1647504221641.951256622&it=1647504221422&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f106:83:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/470293358/ 42 B
64 B 111ms
61ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/470293358/?random=1647504221653&cv=9&fst=1647504000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&ref=https%3A%2F%2Ffrom.group-ib.com%2F&tiba=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&async=1&fmt=3&is_vtc=1&random=1886762821&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/470293358/ 42 B
64 B 98ms
50ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/470293358/?random=1647504221653&cv=9&fst=1647504000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&ref=https%3A%2F%2Ffrom.group-ib.com%2F&tiba=AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB&async=1&fmt=3&is_vtc=1&random=1886762821&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 08:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 16ms
15ms Image
image/gif 2a03:2880:f106:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=545899479446758&ev=Microdata&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&rl=https%3A%2F%2Ffrom.group-ib.com%2F&if=false&ts=1647504222151&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB%22%2C%22meta%3Adescription%22%3A%22AssetZero%20is%20an%20intelligence-driven%20attack%20surface%20management%20solution%20that%20provides%20complete%20visibility%20on%20all%20of%20your%20organization%27s%20Internet-facing%20assets.%22%2C%22meta%3Akeywords%22%3A%22%40%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22https%3A%2F%2Fwww.group-ib.com%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%22%2C%22og%3Atitle%22%3A%22AssetZero%3A%20control%20of%20external%20attack%20surface%20%7C%20Group-IB%22%2C%22og%3Adescription%22%3A%22AssetZero%20is%20an%20intelligence-driven%20attack%20surface%20management%20solution%20that%20provides%20complete%20visibility%20on%20all%20of%20your%20organization%27s%20Internet-facing%20assets.%22%2C%22og%3Aimage%22%3A%22%2Fassetzero%2Fimg%2Fassetzero-og-preview-en-99c847b1.png%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22630%22%2C%22og%3Aimage%3Aalt%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1647504221641.951256622&it=1647504221422&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f106:83:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 17 Mar 2022 08:03:42 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 15ms
15ms Image
image/gif 2a03:2880:f106:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=200761848796537&ev=Microdata&dl=https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%3Futm_source%3Dnewsletter%26utm_campaign%3Daz-launch%26utm_medium%3Demail%26utm_content%3Dmea%26mkt_tok%3DNjg5LUxSRS04MTgAAAGDNaZJZmYJjAdkSSrVLyo3QbKSMsPUzCa4k5TtpMEIndPlD97LVXT0_gB4IpO5_xyHaL6tgUOfXFpYrXlrTtGA_eue-BkmrMKVE-WS4wE1ZLM&rl=https%3A%2F%2Ffrom.group-ib.com%2F&if=false&ts=1647504222223&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22AssetZero%3A%20Attack%20Surface%20Management%20%7C%20Group-IB%22%2C%22meta%3Adescription%22%3A%22AssetZero%20is%20an%20intelligence-driven%20attack%20surface%20management%20solution%20that%20provides%20complete%20visibility%20on%20all%20of%20your%20organization%27s%20Internet-facing%20assets.%22%2C%22meta%3Akeywords%22%3A%22%40%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22https%3A%2F%2Fwww.group-ib.com%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.group-ib.com%2Fassetzero.html%22%2C%22og%3Atitle%22%3A%22AssetZero%3A%20control%20of%20external%20attack%20surface%20%7C%20Group-IB%22%2C%22og%3Adescription%22%3A%22AssetZero%20is%20an%20intelligence-driven%20attack%20surface%20management%20solution%20that%20provides%20complete%20visibility%20on%20all%20of%20your%20organization%27s%20Internet-facing%20assets.%22%2C%22og%3Aimage%22%3A%22%2Fassetzero%2Fimg%2Fassetzero-og-preview-en-99c847b1.png%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22630%22%2C%22og%3Aimage%3Aalt%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1647504221641.951256622&it=1647504221422&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f106:83:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 08:03:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 17 Mar 2022 08:03:42 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
from.group-ib.com/	1969-12-31 23:59:59	Name: BIGipServerPOOL-162.13.131.123-go2.wire.com-80 Value: !TNUDOvl0EUqDRzcuePf3ddfKYlXPDVzBpUrybc9vuxVaI8BmEMdMiFUfW4gc/Ep+wqn572eiBMb45+c=
.from.group-ib.com/	1970-01-20 01:38:26	Name: __cf_bm Value: _FgYW.NUFGX9GV8MoQVhnfxVOPmzjx4_TIcc000mwI0-1647504221-0-Aa4VIXIgM1yXhVHwoOejTtGypbSPrhIBPyCPwdbpAIl7T7XaZjqCrxet9B1huBpJYuZyzA169/uWzEglIqYM2I8=
.go.group-ib.com/	1970-01-20 01:38:26	Name: __cf_bm Value: TjFnaOHWoA92kkX2T8IJIaHiMY5Lt.DExzNqhcQNNNU-1647504221-0-AWho5i2hcSu3Pkf/Z8JNOpAjbmlYNIkM+xUYnYQIn8JNnIUXELvEL+3WSQ2n+oEYzQqcjv9fUAfehwcESMkM52A=
.group-ib.com/	1970-01-20 03:48:00	Name: _gcl_au Value: 1.1.2004883575.1647504221
.group-ib.com/	1970-01-20 10:24:00	Name: ppcSource Value: newsletter
.group-ib.com/	1970-01-20 10:24:00	Name: ppcMedium Value: email
.group-ib.com/	1970-01-20 10:24:00	Name: ppcCampaign Value: az-launch
.group-ib.com/	1970-01-20 10:24:00	Name: ppcContent Value: mea
.group-ib.com/	1970-01-20 10:24:00	Name: _ym_uid Value: 1647504221962372855
.group-ib.com/	1970-01-20 10:24:00	Name: _ym_d Value: 1647504221
go.group-ib.com/	1969-12-31 23:59:59	Name: RSMKTO1 Value: 3204520876.47617.0000
.group-ib.com/	1970-01-20 19:09:36	Name: _ga Value: GA1.2.1335432071.1647504221
.group-ib.com/	1970-01-20 01:39:50	Name: _gid Value: GA1.2.1540498778.1647504221
.group-ib.com/	1970-01-20 01:38:24	Name: _gat_gtag_UA_25492706_2 Value: 1
.group-ib.com/	1970-01-20 19:09:36	Name: _mkto_trk Value: id:689-LRE-818&token:_mch-group-ib.com-1647504221554-51464
.group-ib.com/	1970-01-20 03:27:21	Name: _gaexp Value: GAX1.2.ZQrqtemoR6eywqYBo0G0zg.19144.1
.mc.yandex.com/	1970-01-20 01:38:24	Name: sync_cookie_csrf Value: 4253025954fake
.group-ib.com/	1970-01-20 01:38:24	Name: _dc_gtm_UA-25492706-2 Value: 1
.group-ib.com/	1970-01-20 01:39:36	Name: _ym_isad Value: 2
.t.co/	1970-01-20 19:09:36	Name: muc_ads Value: 95b56a4a-414d-4afc-af1f-886b2fd7dbcd
.twitter.com/	1970-01-20 19:09:36	Name: personalization_id Value: "v1_BcQvYwPW738g3n0nVJk7GQ=="
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:10:18	Name: bcookie Value: "v=2&8c4d5f24-2f0a-4569-8026-157031013637"
.linkedin.com/	1970-01-20 18:59:02	Name: li_gc Value: MTswOzE2NDc1MDQyMjI7MjswMjF92YzBtoUkrvWpvcK1LxRStg1JKpR0rK40T/4xXyq04w==
.linkedin.com/	1970-01-20 01:39:50	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2300:u=1:x=1:i=1647504222:t=1647590622:v=2:sig=AQEOzMsautvgBRMi15ZK5KRPnnj1aeUk"
.mc.yandex.ru/	1970-01-20 01:38:24	Name: sync_cookie_csrf Value: 4072787341fake
.group-ib.com/	1970-01-20 03:48:00	Name: _fbp Value: fb.1.1647504221641.951256622
.yandex.com/	1970-01-20 10:24:00	Name: yandexuid Value: 3379393981647504222
.yandex.com/	1970-01-20 10:24:00	Name: yuidss Value: 3379393981647504222
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1260784351647504222
.yandex.com/	1970-01-23 17:14:24	Name: i Value: wTrcnZIjmH4siCCndfjGu8QdYbHaIs8ynT/M/8O+nMRRAgT3auAmBeDkc6LdhhJNfCGs65Uzcq5mq3y94TJbggIS7kY=
.yandex.com/	1970-01-20 10:24:00	Name: ymex Value: 1679040222.yrts.1647504222#1679040222.yrtsi.1647504222
.group-ib.com/	1970-01-20 01:38:26	Name: _ym_visorc Value: w
.doubleclick.net/	1970-01-20 01:38:25	Name: test_cookie Value: CheckForPermission

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network	error	URL: https://www.group-ib.com/assetzero/g-font/g-font.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9580.oQ0Z_KbdtW3LMm6WSkROMO9uFXSmjrGggDXIxwG3l_MGBFgYngUrKkJSszLzgUFLgL9CboGJ0QulwL2TuxG3rw%2C%2C.wR5s2zop42nVCfkeJQ525byzfc0%2C Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

689-lre-818.mktoresp.com
analytics.twitter.com
cdn-uicons.flaticon.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
connect.facebook.net
from.group-ib.com
go.group-ib.com
googleads.g.doubleclick.net
ka-f.fontawesome.com
kit.fontawesome.com
mc.yandex.com
mc.yandex.ru
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.group-ib.com
104.111.234.67
104.17.74.206
104.244.42.133
104.244.42.195
13.107.42.14
134.213.193.62
172.217.18.98
178.248.235.63
199.232.136.157
2606:4700::6810:125e
2606:4700::6810:5614
2606:4700::6810:7daf
2606:4700::6812:1634
2620:1ec:22::14
2a00:1450:4001:801::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c01::9d
2a02:26f0:fb:5b4::30ec
2a02:26f0:fb::5f65:58d9
2a02:6b8::1:119
2a03:2880:f006:21:face:b00c:0:3
2a03:2880:f106:83:face:b00c:0:25de
2a06:98c1:3120::7
0ff4409f93c2f5c135407dfbc256bae30385a55ccb07ed8beeab206f52557ca0
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4
219d58f30f926454c74b27fe575e69a07af5dacbd26138c8df703f79fe686a4f
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2907de34214d525c4a155f0f7cf58eb924e1faf94810b8cc40e75419e613caa6
2983428d0f72d109b045f7c9170aab3bec1410fa6575b573cae2a97cc38882b0
2dd5b0957c3afbcdfcb7334f3f75fe21da9efd706eae73f31a54adaa33185aac
330fe5965859f5757348be82340b21f1d473cc9b3fb8c3b1fcd4e082aaf4c0a9
3b4e6e9a5332bf37eb6f2e66456d79dcaa49d67342d788f6bd1274658ebedde1
3c5c78dec82c7065d91750398b97963b4b70674d8914a53f602276a3c2958dda
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
4156640b74233babc1d33016aba095e8b20f9160d59aab92a03879fe4c35a0e4
47177e1b0035ef2b1184a0c8f9988d1feb17189c4be10b29f3b470558a07e6d6
48fcd2ccea0ddaa11d967d3e475617b44dd4fbec57d23c069fb25128efcf740c
49e0be0ab4bfa6550cce9c34623566b56b6b318710940035db132576b53d1f35
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4c871acfa6eeee8961ca35217e3afc4b10b60ec28c37dedb9458799a96d33f9e
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541
6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b
9008dd6a59eea61636f2a589e0769f9d10c41c2fdbd2195f730db22e625e8b0f
95c8b4b8da6b29f903b86e53fd8d3fcb2b23c1100b722f97e7d85fa9b6bfc724
97ce4e98f3a3be297f48ebd5b771e74928f31754d43324fd795d1cd81cc41b35
9d5ca757f26072ea3b8d6fce0c1ebf3de51e5844c5ae20548e223b875650d461
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b3a8a9b81ff430d7865338d148328a4a3e17f2c34609a91d22577fabe81fc5c0
b5be0732ab1cc16692e165a7950810f0c772e400f6a2f63e1026a0b938016813
b872b4ad2e649961fbf3cdc43966716bd820301634adebaf5329c1aa22a1f7ee
c1922061e01300c6b8d0e9a9dbc638c2eb7b2f5cf9e7690791bf7be4dd8733d6
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c2c944f2c87a85b9cf0bd9bfed0474e5a717e0f77020aaad00407ae9f0d258fd
c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
c63b0acad048ebbfee816cc05eb022b643433fc4aa8eb1a8f2b6f0b07c31dbd9
cac6fc187d36699afc094cc451ec70302ea5413a47a52fde80e2eb828ce46710
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
cd9578f44e9b07804a59de417f647dbe83def0dba0015568a12d4fd9d68f91f6
d076abb7b28c1589bcaf3605780238832e222c9e2fb279d2b3603baf02b71c78
db87f8babe4c889d8d72e7d24295bdbda52864db26d90f566ce4206bcdec02ba
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df988594f52bf825308e9ba09f0b0f5af0d98270e2beabf5b332bfe4daafc670
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bad5fe315f9cc904e9b2359ac8ae82bb77a049bc6aa6928a69bcc25ce292b6
eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1
ed60268dafccca02074630ec9b819e6f43c21997ff5f3900e89dfc5f6140bfc0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f54b8577aba1616bed049d795828075e6f287f43e47b7955233d5b783092d2
f177f7170e041e3b7e4e70e3b6251630461c1bf0500bf5985a7a3d2804f90010
f784fb63da7eafa230701b5b38966bd7fa80265118d272360020dabdaeee6dba
f91c0bef57380a12b36c8b6755e50b2a6461c8df29a0c3147b6127784b0ea93b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.group-ib.com Open in urlscan Pro 178.248.235.63 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

96 %HTTPS

67 %IPv6

24 Domains

29 Subdomains

27 IPs

7 Countries

1683 kBTransfer

3377 kBSize

34 Cookies

9 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.group-ib.com Open in urlscan Pro
178.248.235.63 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

96 %
HTTPS

67 %
IPv6

24
Domains

29
Subdomains

27
IPs

7
Countries

1683 kB
Transfer

3377 kB
Size

34
Cookies

80 HTTP transactions
1 data transactions