www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Page URL
2. https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1696881498159%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fmedia-center%252Fpress-releases%252Fmeta-phishing-campaign%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL-D0ZQP1xp7wAAAYsWBOAj0yRBX5qdSEJkgtcpqPVcjMB-VAB-ZGTMAl09WYoDrhSyua8

Request Chain 80

• https://mc.yandex.com/sync_cookie_image_check HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10151.LkU_pSPCtA2RABpMJoJINmf97z1bj8XN6whmc90RM4CpCjW48li4b_M1rLqEnh-B.-ccpvn2i651upcUnJ1Cfa38FpVI%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide?token=10151.9lzCnk_zPXSl6TwBU6Y92RtWcFwWwKZv3E2454TMDFzxZOldLJjqQLrqn0r27aFMxZKzvnYgcxpUrQ7142eTHMYZQiLFqUNeMnOk9DLpWoE%2C.egKsg0EC1Mv9bZrU0mDm7LHRUH0%2C

Request Chain 92

• https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A487%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A16686736319%3Ahid%3A638796307%3Az%3A120%3Ai%3A20231009215818%3Aet%3A1696881498%3Ac%3A1%3Arn%3A269090314%3Arqn%3A1%3Au%3A1696881498753666158%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C40%2C0%2C0%2C%2C397%2C0%2C%2C%2C%2C539%3Aco%3A0%3Acpf%3A1%3Ans%3A1696881497167%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1696881498%3At%3ATech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
• https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A487%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A16686736319%3Ahid%3A638796307%3Az%3A120%3Ai%3A20231009215818%3Aet%3A1696881498%3Ac%3A1%3Arn%3A269090314%3Arqn%3A1%3Au%3A1696881498753666158%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C40%2C0%2C0%2C%2C397%2C0%2C%2C%2C%2C539%3Aco%3A0%3Acpf%3A1%3Ans%3A1696881497167%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1696881498%3At%3ATech%20%28non%29support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1

Request Chain 107

• https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10151.irOg1YxcswOD7F_OY8WaqlZwOQxDYcNH6P8jo0-mXpLQn--KX5RzV3A9keLlo_qq.eztNvWvIOsxypRPUC1yaOSkRDuc%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10151.zClsGfXG9xyO2z-tu2tdQZeknoF9grGuCiyGjaCgx4ciYAg6ZBYZGFtCvyOtAylP38dadBZdCMyh0vKfWb66QJLkB3mm9XtCwgZ6r8QeTZ4%2C.mKaL4K1d1DNN1RB106zhUxXOhPo%2C

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
13 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	/ Show response www.group-ib.com/media-center/press-releases/meta-phishing-campaign/	7 KB 7 KB	179ms 41ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software / Resource Hash 4811f65ae92b2af3f53ae249c86efb968125de3ad2cb38a8a254035a3af79393 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, no-store, must-revalidate content-type text/html date Mon, 09 Oct 2023 19:58:15 GMT
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	347 KB 137 KB	168ms 78ms	Script text/javascript	188.40.44.175 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.40.44.175 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.175.44.40.188.clients.your-server.de Software nginx / Resource Hash 23c5779be5752ac8dac9a86632277f8b8dfc256130ddfe3211c50da9357ba930 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:15 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET DATA	200 OK	truncated /	486 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 45d434a27646ec5e0777693c82fb8176187c8b33b8d0835db9392761ccfcf4a4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d507d5bd98d8c87e0568e10e9cfa249bb52e6e018b016ae9c25827e424aeccee Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	205 B 657 B	49ms 49ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 174f8f77a5af94c8494738269cee02d0075d3a5eae4a590affb24ce474de6847 Request headers Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 x-cfids - Response headers date Mon, 09 Oct 2023 19:58:15 GMT content-encoding gzip server nginx etag W/"gxxzYKbngc5t2dYE4qhDKxxnOFaNTYwLjLSXRvvXpz9cC1zxBPfMw2uSrP+yYCDwg3TtCNcsraE0Y8tfNFz/ypLcLguxhsYkudYTukOCDMS90ASm5jaQGR9cusPX36qDUv+INS/fy2F3IVCAy29ogAUx" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 1
POST H2	200	fl Show response www.group-ib.com/api/	665 B 982 B	94ms 94ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=a00d6350-66c0-11ee-a8a5-2b520884db60&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=gxxzYKbngc5t2dYE4qhDKxxnOFaNTYwLjLSXRvvXpz9cC1zxBPfMw2uSrP%2ByYCDwg3TtCNcsraE0Y8tfNFz%2FypLcLguxhsYkudYTukOCDMS90ASm5jaQGR9cusPX36qDUv%2BINS%2Ffy2F3IVCAy29ogAUx Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash acb28e93192a1d6afdfd6b22db4757dcd7822bbca6ef652afa5aee786a98bde2 Request headers Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
POST H2	200	fl www.group-ib.com/api/	665 B 691 B	58ms 58ms	Ping application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=a00d6350-66c0-11ee-a8a5-2b520884db60&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=8sfis6W%2FxC6Jh%2FIAbIAzb%2BmSZERLjdf4G4LwlURv5igFRf3T1jYOVgW923Z52oNGYGD3HPKCIHIDNH%2Fio5eisBVan0gm5dP0sPIOL1aIJtFVym%2BWuWK3TTJNdp54Vkr4HTwSFHP%2FLmCnbsrL5RI4OI1Vf0L%2Fb%2BJ9uVNe Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 2 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	Primary Request / Show response www.group-ib.com/media-center/press-releases/meta-phishing-campaign/	78 KB 17 KB	63ms 62ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash b0cd533c2bb94fe8b76f40c228aa449bb8a3ec17f35b053addb2ece1e882a61a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin https://www.group-ib.com cache-control private, max-age=3600 content-encoding gzip content-length 16671 content-security-policy frame-ancestors 'self'; content-type text/html; charset=UTF-8 date Mon, 09 Oct 2023 19:58:17 GMT etag "4097-6074e00f3ee9d" last-modified Mon, 09 Oct 2023 19:57:45 GMT permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security max-age=31536000; includeSubDomains vary X-Forwarded-Proto,Accept-Encoding,Cookie x-content-type-options nosniff x-frame-options sameorigin x-xss-protection 1; mode=block
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	347 KB 137 KB	81ms 80ms	Script text/javascript	188.40.44.175 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 188.40.44.175 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.175.44.40.188.clients.your-server.de Software nginx / Resource Hash 23c5779be5752ac8dac9a86632277f8b8dfc256130ddfe3211c50da9357ba930 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:17 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	lazyload.min.js Show response www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/	6 KB 2 KB	61ms 59ms	Script application/x-javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 2356 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 29 Jun 2023 07:01:06 GMT server nginx etag "1883-5ff3f43abc651-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	swiper-bundle.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	140 KB 39 KB	188ms 66ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 39504 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:41:14 GMT server nginx etag "22ede-5e7e9344df9f2-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id wslV1u1iSuE2sa_BsARlM439CiIn4DVuiy23QLURWEtSIayrRo67Sg== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	classic-themes.min.css website.cdn.group-ib.com/wp-includes/css/	217 B 1006 B	262ms 140ms	Stylesheet text/css	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/classic-themes.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 189 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "d9-5ed309cf15c82-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 6bmr5NTOm0t-NIdgvN7ndw4iaJHVa8C7sOrPwb40Xiwu-PMpV1-Sxw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	dashicons.min.css website.cdn.group-ib.com/wp-includes/css/	58 KB 36 KB	238ms 117ms	Stylesheet text/css	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/dashicons.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 35730 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 10 Jun 2022 07:03:36 GMT server nginx etag "e688-5e112897ec200-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id DH1VcggEJyHbMTZeVoslbdn2NJ4bkrinDiJftmM7OIZrDk7CekkDJw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	frontend.min.css www.group-ib.com/wp-content/plugins/post-views-counter/css/	215 B 251 B	61ms 60ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ed70c2cf61d0f24d03299ffc5896c7abd86bb858501987dc10e3afec086c01df Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 160 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 26 Apr 2023 07:26:40 GMT server nginx etag "d7-5fa38293ec798-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	jquery.min.js Show response website.cdn.group-ib.com/wp-includes/js/jquery/	88 KB 31 KB	262ms 141ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/js/jquery/jquery.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 30995 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "15e54-5ed309cf21802-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id feph_zEsjXGiUuD99Rc73F05XxRDktKZX27FuCWJFN0LuZ6NiRE6Nw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	single-press-release.css website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/	227 KB 34 KB	220ms 99ms	Stylesheet text/css	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 9ea99438227af036f87175bd97770d185538ffd7bf7e3c9a786bd735b68d8f66 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 33723 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 09 Oct 2023 19:58:05 GMT server nginx etag "38aba-6074e023096c9-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id nbBRYYuwziYm-YU-aZUECVAfBSyMXZ3SUguseYxVH2L8VC2rCeI3lA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	v2.js Show response js-eu1.hsforms.net/forms/	549 KB 175 KB	167ms 50ms	Script application/javascript	172.65.255.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsforms.net/forms/v2.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-encoding br age 488 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3812/bundles/project-v2.js&cfRay=813926a4d19f2c35-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"84d6c03b19ba72ee08ca8c27dee147c2" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3812/bundles/project-v2.js date Mon, 09 Oct 2023 19:58:17 GMT x-amz-version-id 4b09e6_AhU37WJHx62r2StyRWH0KMlOF via 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id ecc120ea-88a9-4f71-ae8a-989280734dc6 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id ecc120ea-88a9-4f71-ae8a-989280734dc6 last-modified Fri, 22 Sep 2023 08:13:06 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITfcjhI%2BTAVFvUy%2Fu3%2Fr5h7B1uy3cAq%2B9jjK4WzPO2xq0RjDyMxIm07s2vU%2BMafoeD7rrCKnN5V8WYrWmb0zpbpCBHxldBbN%2F3BplPI7LU9gxah8TGhssPkgB0I8f39BBDxd2g%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 cf-ray 8139328e988d2c47-FRA x-amz-cf-id ldUHFAm4IvVFIYrwtD7djeXS8LePWx_RH1FyrYLsoL1DLeHC9YEeCA==
GET H2	200	jquery-ui.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/	517 KB 125 KB	65ms 65ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/jquery-ui/jquery-ui.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e97315234cc1f1c4737d98ea29c0f4d4f06c032dc5943012ae50bc4b10a92276 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx etag "812a6-5e7e8f85cb376-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 1GtM_kUkI7zfgTXX_7wBJt2BkK4_t7W1CrZeUzGJ5NS2gWhWYG6c7A== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	fancybox.umd.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/	103 KB 30 KB	239ms 153ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 29634 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx etag "19ca6-5e7e8f85cb376-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Sjk3hsYNl5GDPTB8y_xjLUeOFN6IkcLe686STE7qbERDJRxEObO9cA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	main.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	212 KB 46 KB	70ms 69ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 620418e15bd4302ca68fe0c806a6a6e74a11a7cbc56004a3e052529b73092e9b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 45892 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 06 Oct 2023 11:14:14 GMT server nginx etag "34e47-6070a5733757d-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id N42eU6FwGPq4VclZ9RE-PbZs2yn0Lxbl29lLmNClQi7Gm1Ebn5UdNA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 1 KB	188ms 67ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5d551560a0a3a77f33ebd57c238f27641c0250913a6c2cde2afb8be10d2239cd Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 38580ddf-52e4-43b2-8fe4-5c71a210aaf8 x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 38580ddf-52e4-43b2-8fe4-5c71a210aaf8 last-modified Mon, 09 Oct 2023 19:17:25 GMT server cloudflare x-trace 2B7A512CA3ADE3AB84560D9C16E57EAFDCB8912D1F000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control public, max-age=30 access-control-allow-credentials true x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-86f46d6c7b-rk5lc cf-ray 8139329089ee4d55-FRA
GET DATA	200 OK	truncated /	486 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e59bdd3d52b99ccc20c2ecc9e8e376264f90c079244c1c18085dcac3d5f51521 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 38d5c004378994746de81f338ed24211496b40e7e09f2b9701ecf6994baedf6b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	217 B 611 B	48ms 48ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1d185aa2cd7e1b6c7ce3940eefca4244b48ebb6cd53bef19ec477ca77a09b343 Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 nyRRAetApAGWn/rT2AZQXh+u7LsSs1O3kW9dyJfHROh5mGDyOO0bBuQ9f/4vHH793N2f2mnUZvGLS9ngITLOOikNdYRvfFHQncNYXNyymHPGlWyrE0GV0mr7XbnKiHRUMSY/JviqeyRq23NtOKXBnwLD1EoBv5dIdWzjaXfm0zaAr/85LY2AdBA4G2SjEH20m8hi9VjbjwYezMH8TfKZ5FsQY9VIwGfaDGkMZg+DvLH2kx1TgEJf0LdBpBOhnQ== Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 RnAZfd2b0c4580f121cc28a99a9aaa6c11e8a5aa x-cfids 8sfis6W/xC6Jh/IAbIAzb+mSZERLjdf4G4LwlURv5igFRf3T1jYOVgW923Z52oNGYGD3HPKCIHIDNH/io5eisBVan0gm5dP0sPIOL1aIJtFVym+WuWK3TTJNdp54Vkr4HTwSFHP/LmCnbsrL5RI4OI1Vf0L/b+J9uVNe Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding gzip server nginx etag W/"Za08CeL8rXGVNHZmWePfZbq6F2Ej348Q3IYl3TLBs5YVWncylE9RtTlKtsga1mob/CnrRDcTY3367XuPdhHbuO80Oe4bLy/pperxLve8l/zy78uLnfmz6lOspA5TG1K4PmEWr/EjTiZ6RnMFkZlGHa2/TXgOS4CLQ/hB" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 0
GET H2	200	G-font-Medium.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	60 KB 35 KB	175ms 91ms	Font application/x-font-otf	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 35382 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "eed4-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 0-jScVwugi7qsoyhFSkDVE7C6AlAT9I3Wt7bLULD8ME-MQkcqvfSmg== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	G-font-Regular.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	47 KB 31 KB	222ms 138ms	Font application/x-font-otf	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 30798 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "bbf8-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Q7rkAGQQSYMadtt8i6qV11ABii_m4pi9iaKqXDuRUnCHMJZKzDTl3Q== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/	9 KB 3 KB	340ms 83ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cdd02bb6d7dfc840a21b2042e02ffad345ff552c8dbd7b251829eaa820c50a4e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Mon, 09 Oct 2023 19:58:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 2234f749-1f5c-452c-b93a-d037120030ea Transfer-Encoding chunked x-envoy-upstream-service-time 7 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2234f749-1f5c-452c-b93a-d037120030ea Server cloudflare X-Trace 2B091D568A50F94D0A26445172AA31E06DC064A593000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 81393291bd7337e6-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	cross.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	342 B 1 KB	50ms 49ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 207 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "156-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id HhHfPTwYaAa6o1u_jl5BRivL0d-wKXdzUihbRUUuidkODXlFWOebXw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/	112 KB 30 KB	333ms 91ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ab1f1830107e3a3b7904e3f5b6d094811d6b391bf2885fa231c66f9ef896ce0b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Mon, 09 Oct 2023 19:58:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 5b3fc7e9-712c-4554-a997-d32b32beae3c Transfer-Encoding chunked x-envoy-upstream-service-time 17 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5b3fc7e9-712c-4554-a997-d32b32beae3c Server cloudflare X-Trace 2BF82C1E75AFCF50B791D421735873DE5E74B979CD000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 81393291be223a5e-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/	104 KB 29 KB	339ms 99ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca494115f5b2f3abadeef869ca90159f93b27226b064e8362a18df5f059219aa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Mon, 09 Oct 2023 19:58:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id ff465876-3bf9-4536-ba1f-cb30a79434e1 Transfer-Encoding chunked x-envoy-upstream-service-time 17 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ff465876-3bf9-4536-ba1f-cb30a79434e1 Server cloudflare X-Trace 2B96DF34505CF154331FAFFBA683A5FCE6462EE73C000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 81393291bed69bbf-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fc67f33bc49319018464db6f4c7689d0c8f696cb511c9b286ba3499a3a577ebe Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4b4ac4b4f853c196ff40dc87a1d718ecaae240c7b18c22fff9e6fa821754a393 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95c9411ecd76a351b908b4e708d1194efd3f3676734d805656fc2143b840a0a2 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8a91c520c082009d3c4bb7c21aa02617a434ac11a566b372a5cb3750cbfeb40a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f702cf352c5093a632bac8e5d643c9ba90468e56888481605405d29b14a3d56f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash afcf3c522c0766c42d64ab3c893febb8cb422cc8dcd435416faac561e2efc6db Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c2dcae73d727bb9df7098138cfcf2d2e67a82526196f3223d2ed53f806bed758 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	dropdown_before.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	154 B 973 B	59ms 58ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 150 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "9a-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id KRX_pZt4DrMFtKAylCyi-rQZhSRi673DAdHqnrTSYorJseAuXoX7Mg== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	link-arrow.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	409 B 1 KB	59ms 59ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 267 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "199-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 0jrmr4xyMuN1J-dAxC6pT2rvWRkR19dasvFoy8cJnROs9YdlfPCgoA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	G-font-Bold.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	49 KB 32 KB	167ms 128ms	Font application/x-font-otf	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 31918 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "c320-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id qbQsAb-JG_OH6D43OxRmG7CPHQ8-1Om96-MaSK5fxxlY8zjgZ6vT3Q== expires Mon, 09 Oct 2023 20:28:17 GMT
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 81cc2a3a0c0b6e8335f5f3143390b8b6f036dc573e73d3f4b5742482f0bdca73 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/	8 KB 3 KB	280ms 71ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash da7207cbc643effed748204c4a08d792d2d130904f28c37c52e8c2a0485e373d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Mon, 09 Oct 2023 19:58:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 7139e6b8-a026-4f41-944e-8b3c9dcbefbe Transfer-Encoding chunked x-envoy-upstream-service-time 11 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7139e6b8-a026-4f41-944e-8b3c9dcbefbe Server cloudflare X-Trace 2B49B5EE6BF49340B7C293AB76A55B5955269E089E000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 81393291b8bf2c57-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	gtm.js Show response www.googletagmanager.com/	277 KB 89 KB	286ms 79ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8dbd50f7f988b391e64cbc44f514f57b81bad8d19cc2549478ee356dd2d5d8f1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 91192 x-xss-protection 0 last-modified Mon, 09 Oct 2023 19:01:19 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 09 Oct 2023 19:58:17 GMT
GET H2	200	insight.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	8 KB 4 KB	51ms 51ms	Script application/x-javascript	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 3085 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 15 Jul 2022 14:12:57 GMT server nginx etag "1e5a-5e3d89d6a8c40-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id iIOkwXcOmW7N1ndhhHgvv0aC4NchsWG71rRqTNUPoWLfZFVEA5ldkQ== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/	7 KB 3 KB	269ms 82ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1b2a22cf91fd4e3fd6af5317d6d8b23cda6021c28084d7f71e6a706b0fa0ce0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Mon, 09 Oct 2023 19:58:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id bdd37355-aded-4b69-8343-27a034654c23 Transfer-Encoding chunked x-envoy-upstream-service-time 6 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id bdd37355-aded-4b69-8343-27a034654c23 Server cloudflare X-Trace 2B77D6EDFEE55BF76869E4B01F03C553B1CAA98F1E000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 81393291b8a4927f-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45
GET H2	200	tag.js Show response mc.yandex.ru/metrika/	202 KB 70 KB	314ms 153ms	Script application/javascript	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.ru/metrika/tag.js Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash e9597987b6f5f6a1e2c0a9bb76f9728ad3bda5548c3b1341dac1e7708c18ee7e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding br strict-transport-security max-age=31536000 last-modified Fri, 06 Oct 2023 14:28:02 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "651fef42-11470" content-type application/javascript access-control-allow-origin * cache-control max-age=3600 timing-allow-origin * content-length 70768 expires Mon, 09 Oct 2023 20:58:17 GMT
GET H2	200	telegram-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 2 KB	64ms 61ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 787 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "5fc-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id eFFaI_9dsu7aNS9n6u2idyssc_LhJcMdNLLoxlOmFCwg2orrTLm5uw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	telegram-blue.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 2 KB	61ms 59ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-blue.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f134669d195076302131981e5fbcff6cf42dc48f5642c1a8e392862f7b4ca412 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 792 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "5fb-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id zbeZvBK6lI0mmwqWb8HVDhRV5gLsQbOag6vSoNwCFaWrO-9RQ8SaIA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	twitter-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 1 KB	63ms 62ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 554 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "426-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id oKCI13FjdZMJcQSsOKKVbeMSOKymn7pqPcYcz25SAYqBYq-ExBHb-A== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	twitter-blue.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 1 KB	63ms 62ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-blue.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 811a0ac7da35a5fd342022f6587eec2f5ad3aa69dfdb05a7cea5224030617507 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 556 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "426-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id icc3O0wpUI7gnk-RMGgqTVc7Ph1NaeWv9QnGV7c15oh_Eg9qBUZ17Q== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	linkedin-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	919 B 1 KB	61ms 60ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 470 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "397-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id HSM_YLZR3mttlsBxEEXpZRjyXz3nMb4qBiPqlo1FqtVJQBsT8UYgbA== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	linkedin-blue.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	919 B 1 KB	62ms 61ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-blue.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash dbc32b11b85805050a7fbd85361a52e9c84a34cff6fa03d7d764b190c75fefe3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 470 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "397-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id w6EA27LG0Kq-SwArDlrvV5hR5zvZcPDUo9B9Gw59Vuo7wySThM5xqQ== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	whatsapp-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	2 KB 2 KB	61ms 60ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 1046 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "7e8-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id aeFFwG8MsxHe3RHhxg3KzW8gHc98zgoyKqtURDFRPtks_d4z3DrKCQ== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	whatsapp-blue.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	2 KB 2 KB	59ms 58ms	Image image/svg+xml	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-blue.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash d3689b014c0ffdfe6c70af7141a0d708166ba120d136838de16b50a7394947a9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-press-release.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 1047 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "7e7-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ducEClB8QKP03oL-kOvYQHg3CQAVfHqFnU382lPDVlXLF_s1WCq1Nw== expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	main-logo.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	3 KB 2 KB	73ms 69ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Mon, 09 Oct 2023 19:58:17 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 1527 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 30 Jan 2023 11:16:06 GMT server nginx etag "d82-5f379576be685-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Mon, 09 Oct 2023 20:28:17 GMT
GET H2	200	ti.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	74ms 71ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 5919 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "171f-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id iGh3fEaTbccuxCgXQi0AwtixcoFLBAYDNwDWpgxBPq3smpxcba8jVg== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	asm.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	73ms 70ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 5941 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1735-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id K9Vvfn9M7btfd8JjhY2iWsA9blNXL4juFZkxKAsz-VNYX-Cx9SLjjA== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	fp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	8 KB 8 KB	68ms 65ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 7844 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1ea4-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id n4WxneKnkbm6dQuKDjbfEKDvzDBMZl9eQSK5jw_eQn9UEY4GnRpoYQ== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	drp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	5 KB 6 KB	69ms 66ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 5398 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1516-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ulZxhV-gAwO2v15-Lc4cycT66IQG4SwRj0hbs5AqbeR5bbP3KDKMsw== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	mxdr.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	69ms 67ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 6506 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "196a-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id tgAn8Z1JyxB-hqSM8aIQhTaNkalfC9gjO0XEyHhn_g7ubugIrqlS9w== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	bep.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	60ms 58ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 6362 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "18da-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id AZypa7TjFj1PpdxsGjdZvUIoupvnjWeWmV2lOEOKqG9BoVX16331jA== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	blog1-1-2-e1686148118626.png website.cdn.group-ib.com/wp-content/uploads/	510 KB 511 KB	135ms 133ms	Image image/png	2600:9000:2156:9400:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/blog1-1-2-e1686148118626.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8fc68d47f36ad13523bbe7741dcae93b9dc478286695b91ffbb6c28ab9a70283 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Mon, 09 Oct 2023 19:58:17 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront content-length 522106 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 07 Jun 2023 14:28:38 GMT server nginx etag "7f77a-5fd8af3a6742d" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id vouBYOvVe7NH1nXguAdLCrXa-d4KosqR8BdUGmNQGjma_YL29ptizw== expires Mon, 09 Oct 2023 19:58:16 GMT
GET H2	200	collect px.ads.linkedin.com/	0 748 B	346ms 262ms	Image application/javascript	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1696881497773&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 24857E4E54AF4DA2AE05EB162BE14BDD Ref B: FRAEDGE1413 Ref C: 2023-10-09T19:58:17Z linkedin-action 1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} content-type application/javascript x-li-fabric prod-ltx1 x-cache CONFIG_NOCACHE x-li-proto http/2 content-length 0 x-li-uuid AAYHTgLqcmvYz3xUEM2YvA==
GET H2	200	collectedforms.js Show response js-eu1.hscollectedforms.net/	69 KB 25 KB	167ms 47ms	Script application/javascript	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hscollectedforms.net/collectedforms.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1b5aca028dd8447199f3c06601e38f5b8aba3b29be5ccd2de504a561fed2558 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-encoding br age 11 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.425/bundles/project.js&cfRay=813932486cd39b4b-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"526bb173ed1384afadfc2b0eb6b0846e" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset collected-forms-embed-js/static-1.425/bundles/project.js date Mon, 09 Oct 2023 19:58:17 GMT x-amz-version-id 99Y.E0UsJAdqqpubte3vKq3r2MOVQh4K via 1.1 5d5481cfa85227a3fdd5ff0b03093c62.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id eb99c6df-1f19-4e0c-a6b0-a07c2d252ce2 x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 x-evy-trace-route-configuration listener_https/all x-request-id eb99c6df-1f19-4e0c-a6b0-a07c2d252ce2 last-modified Fri, 22 Sep 2023 08:42:59 UTC server cloudflare x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-49p9l cf-ray 813932921dbf9a05-FRA x-amz-cf-id YeuWhXctjRjssp3RgdxbGzNo6IvB5MS0dsHCr9L0muJwebGJEKzbGg==
GET H2	200	web-interactives-embed.js Show response js-eu1.hubspot.com/	75 KB 23 KB	172ms 56ms	Script application/javascript	172.65.236.181 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hubspot.com/web-interactives-embed.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash abb73112c646c0cfca5313dce411270cee90340454a51c3ee1218834774ddd5c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator age 11 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.579/bundles/project.js&cfRay=813932486f4530cf-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"61cf09f2840246c03b083d2b2aaedbaf" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.579/bundles/project.js date Mon, 09 Oct 2023 19:58:17 GMT x-amz-version-id ZH1lXdEo36sSD12T68pVuRktbLMj6Y_H via 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 226a830c-4662-4818-854a-519f4128546d x-cache RefreshHit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-request-id 226a830c-4662-4818-854a-519f4128546d last-modified Wed, 04 Oct 2023 10:21:17 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AezjSYBlStgnpjpM1SQAkm3aCivHrKrPTGKwPry2x4v7d1MFkmD7ZkjK5b98ua2vNEjaAR21pDHKSe5DJBhh7%2BofC%2Bo3H7OaJL%2BKm%2BZKGFckWiLIsM6cFY2D%2Fk4UzYWaINJT7g%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 cf-ray 813932920f209247-FRA x-amz-cf-id _SDvmoufJd1lB32xLxDuGEu5o49O-NeUrLYyeEOYeo2fphuE6jW98w==
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1696881300000/	66 KB 21 KB	195ms 79ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1696881300000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb6d4b072a3600313d26823a5904a0d86b638e99bbbb7f28df4d01f9fc54c1bf Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT content-encoding br cf-cache-status MISS x-amz-request-id TEGNY71WDTJQG7WE x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id c6daeb26-e63f-44a5-92a6-f419229fa36d x-envoy-upstream-service-time 16 x-amz-id-2 U5jX+HT6FAMzGm4H1w3LvgUP0ER9X3V5WyWONxWKItFCVM37P6/y+a3NInBbG1fxzt8Kzjs9jBI= x-evy-trace-listener listener_https x-request-id c6daeb26-e63f-44a5-92a6-f419229fa36d x-evy-trace-route-configuration listener_https/all last-modified Fri, 15 Sep 2023 18:22:56 GMT server cloudflare etag W/"bddf65f21de48f070df8e8508c7a77e6" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-6bfd96c9d5-v5rkj cache-control max-age=300,public access-control-allow-credentials false cf-ray 813932920b83922f-FRA expires Mon, 09 Oct 2023 20:03:17 GMT
GET H2	200	banner.js Show response js-eu1.hs-banner.com/v2/25755956/	66 KB 20 KB	169ms 54ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/v2/25755956/banner.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c8b6e88e89d0fc9b71504a53a33bf69617ede9a9cd91bf04525d79aff01cbfe Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT x-amz-version-id CQwoOhSt2urxB0aJ.DfTh_RkrgGWOAsX content-encoding br cf-cache-status HIT x-amz-request-id MRXJYB74FY7Z988E x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id cc990e40-6be8-44d2-9bf1-711e190b5833 age 10 x-envoy-upstream-service-time 31 x-amz-id-2 KLoFo3eZDFoCQ8V6GC8MmXE6PWXgT+o1E94/Y3eFmgrHUua0bWdhQ0ZVOQ3EYKuwS0T/NyQXOAI= x-evy-trace-listener listener_https x-request-id cc990e40-6be8-44d2-9bf1-711e190b5833 x-evy-trace-route-configuration listener_https/all last-modified Tue, 26 Sep 2023 20:22:59 GMT server cloudflare etag W/"5937aa4e9e159cd166607b689fc7762f" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-55f7b4ccdf-4kqp8 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 813932920e8c1c2e-FRA expires Mon, 09 Oct 2023 20:03:07 GMT
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	6 KB 4 KB	165ms 50ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:17 GMT x-amz-version-id MiORZOji2P27E5f3usS102mv5dcg0lYn via 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop FRA56-P2 age 429 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.485/bundles/pixels-release.js&cfRay=8139281418ed9219-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 8e713716-4206-4ba0-83fe-807eae2871a7 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 0 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8e713716-4206-4ba0-83fe-807eae2871a7 last-modified Tue, 19 Sep 2023 08:21:28 UTC server cloudflare etag W/"1bce211846e6a6691aa314979e0a21fb" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 cf-ray 8139329208fb927f-FRA x-amz-cf-id q7DQBon6x5XXJwSrT9EovW14xgG1Pdki1pPs4b2dz5MjkGkSWDE2Lg== x-hs-target-asset adsscriptloaderstatic/static-1.485/bundles/pixels-release.js
GET H/1.1	200 OK	counters.gif forms.hsforms.com/embed/v3/	35 B 1015 B	272ms 186ms	Image image/gif	2606:4700::6811:eff9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:18 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 53bfdfe7-d1aa-40b0-be08-50a9aa9f78ab x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 53bfdfe7-d1aa-40b0-be08-50a9aa9f78ab Server cloudflare X-Trace 2B0488D45E3E53A2D4C4096A8B12FA29BDD9D8937F000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-79986f96f-97gbm Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 81393292cb18996c-FRA
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	154ms 70ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:18 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id af775ca2-53b0-4a43-aeae-8dc13960ab1c x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id af775ca2-53b0-4a43-aeae-8dc13960ab1c Server cloudflare X-Trace 2B617B11D4EC903B6184CF14C29C55A250F09AFA42000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 8139329329a5bb56-FRA
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	250 B 1 KB	176ms 70ms	XHR application/json	2a06:98c1:3200::90:2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id f12f0846-723f-4662-8c58-2a010f2c9191 content-encoding br x-envoy-upstream-service-time 12 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f12f0846-723f-4662-8c58-2a010f2c9191 server cloudflare x-trace 2BC2985DFAB0CBF956458861886AA0A1BF966FBF3E000000000000000000 vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-86f46d6c7b-rk5lc report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GcRKM6h%2BLu%2BYwafS9x0OtrfS79f1k%2FaX5FgvAqql%2FGXPI2G3cAtr7t%2BL2X0zdg0QeSsDhWUOcHBdfcTQ53NwARprFEBui%2BsGklq5eAV2%2BSuidtrlnxTFQwr3JeuIG%2BhPEC8FSOlcPkX1AI7RS5PgKg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 81393293ed532bb6-FRA access-control-allow-headers *
GET H2	200	combinedConfigs Show response cta-eu1.hubspot.com/web-interactives/public/v1/embed/	207 B 1 KB	193ms 71ms	Fetch application/json	172.65.198.159 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e1f5dae1f231a3e6c42993418f2c2b7670e62db5b3ffee9afe0afa6657504f5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 2282095c-760c-4bd0-b3f2-f180adf325aa content-encoding br x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2282095c-760c-4bd0-b3f2-f180adf325aa server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iyz2cQDPDrYcKgpThhyw986h43C2i5BeA76g4HZu7abK26fVwIt6e3t2w5GqWVyoK8djQN6aRkRVH1EFr4Mt8jvtbrOvhKNqk9Bib1kDvl6jd0Yoik5wwcF0gSyrHYzkMySJz0%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 813932941eb71b36-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-qj67h
GET H2	200	json Show response forms-eu1.hscollectedforms.net/collected-forms/v1/config/	116 B 458 B	76ms 62ms	XHR application/json	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=25755956&utk= Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 87d73c86-af8f-45de-8e18-c5d84e1b60b1 x-envoy-upstream-service-time 8 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 87d73c86-af8f-45de-8e18-c5d84e1b60b1 server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-797758f45b-8q8m9 access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 813932938f849a05-FRA
GET H2	200	6si.min.js Show response j.6sc.co/	60 KB 16 KB	277ms 45ms	Script application/javascript	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash a09fe9b9f8deb402e85425e864ed0d7bd28a382f8e4b5e5ad1a6bb3ad3030ce3 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 09 Oct 2023 17:32:21 GMT server nginx/1.14.0 (Ubuntu) etag "65243925-f02a" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 16343 expires Mon, 09 Oct 2023 19:58:18 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/	3 KB 2 KB	148ms 54ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/?random=1696881498154&cv=11&fst=1696881498154&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&hn=www.googleadservices.com&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&auid=1852175597.1696881498&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7fa40c2e5354bca8cd28dc9d5d7dd8f1890454c6cac107d1717b4fcec6a775c9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1412 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	NeverBounce.js Show response cdn.neverbounce.com/widget/dist/	96 KB 29 KB	273ms 47ms	Script application/javascript	13.32.99.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.neverbounce.com/widget/dist/NeverBounce.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.12 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-12.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 16:32:17 GMT content-encoding gzip via 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront) last-modified Mon, 02 Mar 2020 18:37:33 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 12362 etag W/"c1e06621030dfcba15b88abbcaa546eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id JFlwH9zYmEph7ON5ZNpcvrTSI9B1alpVRUxuO277gYtKoa51znNMYw==
GET H2	200	63e267f61a03d71ea3df5fe7 Show response ws.zoominfo.com/pixel/	3 KB 2 KB	326ms 234ms	Script text/javascript	2606:4700::6810:890f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 5c04295a9eebe9a6d59152f85ca03c35d67c3bc82b8e0c366b9b9b39167bbf68 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-allow-credentials true cf-ray 813932943e0b9baa-FRA access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok alt-svc h3=":443"; ma=86400
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	198 KB 53 KB	120ms 40ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 09 Oct 2023 19:58:18 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 53356 x-xss-protection 0 pragma public x-fb-debug reeqNujeLqB/faODpV4c/3pfpWhaFdVgBaLA93IVTo7paQME9ulG+PzGl4ipVwM+uZHHzze9a9Dn+JAT1LXbkg== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	288 KB 94 KB	79ms 78ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 148dc9a4fefb4c8e77764d024965b4ce4d0fcec33fd90b079e2fd8dc0fc1b5a7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96268 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 09 Oct 2023 19:58:18 GMT
GET		collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1696881498159%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fm... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=tru... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=tr...	0 0
GET H2	200	sync_cookie_image_decide mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10151.LkU_pSPCtA2RABpMJoJINmf97z1bj8XN6whmc90RM4CpCjW48li4b_M1rLqEnh-B.-ccpvn2i651upcUnJ1Cfa38FpVI%2C https://mc.yandex.com/sync_cookie_image_decide?token=10151.9lzCnk_zPXSl6TwBU6Y92RtWcFwWwKZv3E2454TMDFzxZOldLJjqQLrqn0r27aFMxZKzvnYgcxpUrQ7142eTHMYZQiLFqUNeMnOk9DLpWoE%2C.egKsg0EC1Mv9bZrU0mDm7LHRUH0%2C	43 B 67 B	78ms 78ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide?token=10151.9lzCnk_zPXSl6TwBU6Y92RtWcFwWwKZv3E2454TMDFzxZOldLJjqQLrqn0r27aFMxZKzvnYgcxpUrQ7142eTHMYZQiLFqUNeMnOk9DLpWoE%2C.egKsg0EC1Mv9bZrU0mDm7LHRUH0%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide?token=10151.9lzCnk_zPXSl6TwBU6Y92RtWcFwWwKZv3E2454TMDFzxZOldLJjqQLrqn0r27aFMxZKzvnYgcxpUrQ7142eTHMYZQiLFqUNeMnOk9DLpWoE%2C.egKsg0EC1Mv9bZrU0mDm7LHRUH0%2C date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H2	200	advert.gif mc.yandex.com/metrika/	43 B 161 B	77ms 77ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/metrika/advert.gif Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 last-modified Fri, 06 Oct 2023 14:26:04 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "651feecc-2b" content-type image/gif access-control-allow-origin * cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 43 expires Mon, 09 Oct 2023 20:58:18 GMT
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	67ms 66ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=5 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:18 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 011e93b2-458f-49c5-b86c-14a027cb5b61 x-envoy-upstream-service-time 6 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 011e93b2-458f-49c5-b86c-14a027cb5b61 Server cloudflare X-Trace 2BF7CD4B9E993AAFBFDFC1526B52AC9A170BE2F10D000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45 Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 81393293fa9abb56-FRA
GET H3	200	js Show response www.googletagmanager.com/gtag/	227 KB 79 KB	72ms 72ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash de080c91e023811e0e3fcbc93dd879b21cbea22fd0eff223e1c871ab2a7c203f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80767 x-xss-protection 0 last-modified Mon, 09 Oct 2023 18:55:08 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 09 Oct 2023 19:58:18 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	227 KB 79 KB	84ms 83ms	Script application/javascript	2a00:1450:4001:810::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 21ee006d608c2f7a5391bccfe114ef3be716c65e263bb15f74e5880f78b40aee Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80712 x-xss-protection 0 last-modified Mon, 09 Oct 2023 18:55:08 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 09 Oct 2023 19:58:18 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 255 B	137ms 47ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je3a40&_p=530562315&_gaz=1&cid=1118698939.1696881498&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&sid=1696881498&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&dt=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 246 B	145ms 48ms	Ping text/plain	2a00:1450:400c:c07::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=1118698939.1696881498&gtm=45je3a40&aip=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	169ms 80ms	Image image/gif	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=1118698939.1696881498&gtm=45je3a40&aip=1&z=1396191516 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	counters.gif perf-eu1.hsforms.com/embed/v3/	35 B 1 KB	159ms 65ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Date Mon, 09 Oct 2023 19:58:18 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 168f0da5-0775-46ac-a8a3-23aaa1782039 x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 168f0da5-0775-46ac-a8a3-23aaa1782039 Last-Modified Mon, 09 Oct 2023 19:58:18 GMT Server cloudflare X-Trace 2BD8F48F981A6FC063409E04CE370E521061ED5EF6000000000000000000 Vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-5cdd94655b-fwv45 Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false Accept-Ranges bytes X-Robots-Tag none CF-RAY 813932953a0f0414-FRA
GET H2	200	/ www.google.com/pagead/1p-user-list/10897073384/	42 B 455 B	137ms 51ms	Image image/gif	2a00:1450:4001:82b::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10897073384/?random=1696881498154&cv=11&fst=1696878000000&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&fmt=3&is_vtc=1&random=751852581&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/10897073384/	42 B 455 B	91ms 53ms	Image image/gif	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10897073384/?random=1696881498154&cv=11&fst=1696878000000&bg=ffffff&guid=ON&async=1&gtm=45He3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&fmt=3&is_vtc=1&random=751852581&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	649324202964935 Show response connect.facebook.net/signals/config/	140 KB 36 KB	45ms 44ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.132&r=stable&domain=www.group-ib.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 498b017ece9703782ce3ddccf9a5f6662e93910e8ae08fcfeeba2a1c5078f361 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 09 Oct 2023 19:58:18 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 36553 x-xss-protection 0 pragma public x-fb-debug 0ukVJLqzeN4+Dzouht5s/iJmqvlCuYmGJCHEXLkuH4pf+tWRXC3FgNGS/E0SAcwEe0/YgJUd1LzzcyUJ5uUbUQ== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	1 Show response mc.yandex.com/watch/26812653/ Redirect Chain https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C... https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%...	435 B 549 B	85ms 85ms	XHR application/json	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A487%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A16686736319%3Ahid%3A638796307%3Az%3A120%3Ai%3A20231009215818%3Aet%3A1696881498%3Ac%3A1%3Arn%3A269090314%3Arqn%3A1%3Au%3A1696881498753666158%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C40%2C0%2C0%2C%2C397%2C0%2C%2C%2C%2C539%3Aco%3A0%3Acpf%3A1%3Ans%3A1696881497167%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1696881498%3At%3ATech%20%28non%29support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash f4dfe856b32148cfc143acebff20e5ad4e04bfb1da243ad7123ce391d8938632 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff last-modified Mon, 09-Oct-2023 19:58:18 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 435 x-xss-protection 1; mode=block expires Mon, 09-Oct-2023 19:58:18 GMT Redirect headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 last-modified Mon, 09-Oct-2023 19:58:18 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA location /watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A487%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A0%3Als%3A16686736319%3Ahid%3A638796307%3Az%3A120%3Ai%3A20231009215818%3Aet%3A1696881498%3Ac%3A1%3Arn%3A269090314%3Arqn%3A1%3Au%3A1696881498753666158%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C40%2C0%2C0%2C%2C397%2C0%2C%2C%2C%2C539%3Aco%3A0%3Acpf%3A1%3Ans%3A1696881497167%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1696881498%3At%3ATech%20%28non%29support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true x-xss-protection 1; mode=block expires Mon, 09-Oct-2023 19:58:18 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	3 KB 2 KB	60ms 60ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1696881498462&cv=11&fst=1696881498462&bg=ffffff&guid=ON&async=1&gtm=45be3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&hn=www.googleadservices.com&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1852175597.1696881498&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1fa16a8640c2acbe5db8f9672612e430fb65083dc9ec2f069044cd160a399d43 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1431 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	991ms 129ms	Script application/javascript	18.206.50.43 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_694038 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.206.50.43 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-206-50-43.compute-1.amazonaws.com Software nginx / Resource Hash fe5447b49c2690695a67bcbede60fb3caa600a95c60052da0c1bc37640aebd16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	62 B 282 B	989ms 128ms	Script application/javascript	18.206.50.43 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_768026 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.206.50.43 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-206-50-43.compute-1.amazonaws.com Software nginx / Resource Hash b0846946fa4ebe0eb26dc602804739addb9b97f9f005e871714ab41cfabe393e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	990ms 129ms	Script application/javascript	18.206.50.43 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_128506 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.206.50.43 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-206-50-43.compute-1.amazonaws.com Software nginx / Resource Hash 2bab460bafedbaea28d8e92c01bef5df6a8896acfa58977918141fabc37d17b6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	62 B 281 B	1092ms 232ms	Script application/javascript	18.206.50.43 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_42707 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.206.50.43 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-206-50-43.compute-1.amazonaws.com Software nginx / Resource Hash 2777a95dede8219628953260823f52e794b6ac9e0a1b86c655d2140176d5c20b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	62 B 281 B	988ms 128ms	Script application/javascript	18.206.50.43 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_175152 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.206.50.43 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-206-50-43.compute-1.amazonaws.com Software nginx / Resource Hash f89ad86161374872ff5bf65a32ec395278596242c84f2a56d652b34f2f28a6c3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	/ www.facebook.com/tr/	0 185 B	127ms 40ms	Image text/plain	2a03:2880:f177:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&if=false&ts=1696881498515&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696881498512.1514778516&cs_est=true&it=1696881498384&coo=false&exp=a1&rqm=GET Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Mon, 09 Oct 2023 19:58:18 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	58ms 48ms	XHR text/html	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.group-ib.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	19 B 310 B	842ms 53ms	XHR text/html	2a02:26f0:e600::170f:b2ca AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e600::170f:b2ca Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:19 GMT vary Origin content-type text/html access-control-allow-origin https://www.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:1338:92::7 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696881498660_386904774_246898242_19_810_51_717_219";dur=1 content-length 19 expires Mon, 09 Oct 2023 19:58:19 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	277ms 256ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=c3668724-4d4b-4508-8d70-b7f331a5411c&session=545a353a-7f32-46fc-8afe-7478c5005367&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2009%20Oct%202023%2019%3A58%3A18%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20discovers%20more%20than%203%2C200%20fake%20Facebook%20profiles%20in%20ongoing%20phishing%20campaign%20that%20sees%20scammers%20impersonate%20Meta%20support%20staff.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&pageViewId=4b191936-a3f1-4101-8137-f81a44b80c8e&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	281ms 260ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=c3668724-4d4b-4508-8d70-b7f331a5411c&session=545a353a-7f32-46fc-8afe-7478c5005367&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2009%20Oct%202023%2019%3A58%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2009%20Oct%202023%2019%3A58%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2009%20Oct%202023%2019%3A58%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20discovers%20more%20than%203%2C200%20fake%20Facebook%20profiles%20in%20ongoing%20phishing%20campaign%20that%20sees%20scammers%20impersonate%20Meta%20support%20staff.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&pageViewId=4b191936-a3f1-4101-8137-f81a44b80c8e&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 1009 B	129ms 129ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=a00d6350-66c0-11ee-a8a5-2b520884db60&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=Za08CeL8rXGVNHZmWePfZbq6F2Ej348Q3IYl3TLBs5YVWncylE9RtTlKtsga1mob%2FCnrRDcTY3367XuPdhHbuO80Oe4bLy%2FpperxLve8l%2Fzy78uLnfmz6lOspA5TG1K4PmEWr%2FEjTiZ6RnMFkZlGHa2%2FTXgOS4CLQ%2FhB Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 9641dea474463476e4ba51b989b293f6b35c12bc1bd3f74775435d7e40ebcffe Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 nyRRAetApAGWn/rT2AZQXh+u7LsSs1O3kW9dyJfHROh5mGDyOO0bBuQ9f/4vHH793N2f2mnUZvGLS9ngITLOOikNdYRvfFHQncNYXNyymHPGlWyrE0GV0mr7XbnKiHRUMSY/JviqeyRq23NtOKXBnwLD1EoBv5dIdWzjaXfm0zaAr/85LY2AdBA4G2SjEH20m8hi9VjbjwYezMH8TfKZ5FsQY9VIwGfaDGkMZg+DvLH2kx1TgEJf0LdBpBOhnQ== Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 7F3i3c94eeb2c7c26efc2a1bcfbcc3cee7e0c65c Content-Type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 19:58:18 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 3 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 108 B	54ms 53ms	Image image/gif	2a00:1450:4001:82b::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1696881498462&cv=11&fst=1696878000000&bg=ffffff&guid=ON&async=1&gtm=45be3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=910523886&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 108 B	52ms 52ms	Image image/gif	2a00:1450:4001:80b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1696881498462&cv=11&fst=1696878000000&bg=ffffff&guid=ON&async=1&gtm=45be3a40&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&frm=0&tiba=Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=910523886&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	sync_cookie_image_decide_secondary mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check_secondary https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10151.irOg1YxcswOD7F_OY8WaqlZwOQxDYcNH6P8jo0-mXpLQn--KX5RzV3A9keLlo_qq.eztNvWvIOsxypRPUC1yaOSkRDuc%2C https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10151.zClsGfXG9xyO2z-tu2tdQZeknoF9grGuCiyGjaCgx4ciYAg6ZBYZGFtCvyOtAylP38dadBZdCMyh0vKfWb66QJLkB3mm9XtCwgZ6r8QeTZ4%2C.mKaL4K1d1DNN1RB10...	43 B 79 B	81ms 80ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10151.zClsGfXG9xyO2z-tu2tdQZeknoF9grGuCiyGjaCgx4ciYAg6ZBYZGFtCvyOtAylP38dadBZdCMyh0vKfWb66QJLkB3mm9XtCwgZ6r8QeTZ4%2C.mKaL4K1d1DNN1RB106zhUxXOhPo%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10151.zClsGfXG9xyO2z-tu2tdQZeknoF9grGuCiyGjaCgx4ciYAg6ZBYZGFtCvyOtAylP38dadBZdCMyh0vKfWb66QJLkB3mm9XtCwgZ6r8QeTZ4%2C.mKaL4K1d1DNN1RB106zhUxXOhPo%2C date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
POST H2	200	1 Show response mc.yandex.com/watch/26812653/	43 B 74 B	79ms 79ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?page-url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&charset=utf-8&hittoken=1696881498_5066b8f451d7aa602b920cf0221fe1368c8bf74ab9fe6f0bc58fd34f21d5f3e6&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1135%3Acn%3A1%3Adp%3A1%3Als%3A16686736319%3Ahid%3A638796307%3Az%3A120%3Ai%3A20231009215818%3Aet%3A1696881499%3Ac%3A1%3Arn%3A481370203%3Arqn%3A2%3Au%3A1696881498753666158%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1696881497167%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1696881499&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(2)lt(5700)aw(1)ti(2) Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 09 Oct 2023 19:58:18 GMT strict-transport-security max-age=31536000 last-modified Mon, 09-Oct-2023 19:58:18 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type image/gif access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Mon, 09-Oct-2023 19:58:18 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	249ms 249ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=c3668724-4d4b-4508-8d70-b7f331a5411c&session=545a353a-7f32-46fc-8afe-7478c5005367&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20discovers%20more%20than%203%2C200%20fake%20Facebook%20profiles%20in%20ongoing%20phishing%20campaign%20that%20sees%20scammers%20impersonate%20Meta%20support%20staff.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&pageViewId=4b191936-a3f1-4101-8137-f81a44b80c8e&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	234ms 234ms	Image image/gif	2.17.100.184 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=c3668724-4d4b-4508-8d70-b7f331a5411c&session=545a353a-7f32-46fc-8afe-7478c5005367&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Oct%202023%2019%3A58%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Oct%202023%2019%3A58%3A18%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%221007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20discovers%20more%20than%203%2C200%20fake%20Facebook%20profiles%20in%20ongoing%20phishing%20campaign%20that%20sees%20scammers%20impersonate%20Meta%20support%20staff.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Tech%20(non)support%3A%20Scammers%20pose%20as%20Meta%20on%203%2C200-plus%20fake%20profiles%20in%20Facebook%20account%20takeover%20ploy%20%7C%20Group-IB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&pageViewId=4b191936-a3f1-4101-8137-f81a44b80c8e&v=1.1.7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-184.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 19:58:19 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 777 B	50ms 49ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=a00d6350-66c0-11ee-a8a5-2b520884db60&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=OZMMOluzWa0hqvcZ1fISRiHTQXLwJ5APx8R%2Ff3x2VMnHLBawLB%2F5c7LataQyb6uGPUp%2Fov7Ldx82hNQo45MQ3HN3KkOyvKqGTSJGvQA1xTIZnvSg9zkfOymh8o2xfTNAZM47hmfvHW1mZzV6jY0WQ6bdd4vgMhFn3msX Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 849c8bca06d0a7b20ddd3993f07e13f32e2f75b80136d787060f4e3ca98f1efa Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Aq47OvGWAkeEL467kEnNdZRR/f1V4eSH9xNqTQREqRtAGlfmS1W38kCX9pAknAUw0U3Trvp9yhBVQ7eSf8qxyjKfYtERz0ebsgkQyGaXr1RAndFyHddG9EUaslgMNfc9exzeTrl4Els2wfkAG2NPvsZKthhz5CzKI5srQu0VGwqbSb/DZiAuC3J/bGb7GtAcP2jCH8w2hcjSk5c1UpsA2A3eSGnPUEQ/e1Dfrhf/Yf7cA+Rj/9Th55C2/70v0Q== Referer https://www.group-ib.com/media-center/press-releases/meta-phishing-campaign/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 peABac0bf0823f190ff0d990f9d2c8b7e3a0d53c Content-Type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 19:58:19 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

px4.ads.linkedin.com

URL

https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1696881498159&url=https%3A%2F%2Fwww.group-ib.com%2Fmedia-center%2Fpress-releases%2Fmeta-phishing-campaign%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL-D0ZQP1xp7wAAAYsWBOAj0yRBX5qdSEJkgtcpqPVcjMB-VAB-ZGTMAl09WYoDrhSyua8