www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.group-ib.com/blog/eldorado-ransomware/
Effective URL:
https://www.group-ib.com/blog/eldorado-ransomware/
Submission: On July 10 via api (July 10th 2024, 9:15:03 am UTC) from DE — Scanned from DE

Summary HTTP 52 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 52 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 1st 2024. Valid for: a year.

This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	3.72.181.255 3.72.181.255	16509 (AMAZON-02) (AMAZON-02)
2	195.201.183.123 195.201.183.123	24940 (HETZNER-AS) (HETZNER-AS)
52	3

50 3.72.181.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

www.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.201.183.123 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.123.183.201.195.clients.your-server.de

fhp-de-js.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	group-ib.com www.group-ib.com fhp-de-js.group-ib.com — Cisco Umbrella Rank: 991703	983 KB
52	1

	Domain	Requested by
50	www.group-ib.com	fhp-de-js.group-ib.com www.group-ib.com
2	fhp-de-js.group-ib.com	www.group-ib.com
52	2

This site contains links to these domains. Also see Links.

Domain
trebuchet.gibthf.com
github.com
sso.group-ib.com
twitter.com
www.facebook.com
t.me
www.linkedin.com
api.whatsapp.com
www.bleepingcomputer.com
pkg.go.dev
instagram.com
group-ib.medium.com

Subject Issuer	Validity	Valid
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-01` - `2025-07-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.group-ib.com/blog/eldorado-ransomware/
Frame ID: A381441EC6064C028E6CB41849BE74AC
Requests: 69 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Eldorado Ransomware: The New Golden Empire of Cybercrime?| Group-IB Blog

Page URL History Show full URLs

http://www.group-ib.com/blog/eldorado-ransomware/ HTTP 307
https://www.group-ib.com/blog/eldorado-ransomware/ Page URL
https://www.group-ib.com/blog/eldorado-ransomware/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Page Statistics

52
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

983 kB
Transfer

1972 kB
Size

10
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://trebuchet.gibthf.com/?tab=network
Title: Network Protection Assessment

Search URL Search Domain Scan URL

URL: https://github.com/Group-IB/cloud_sherlock
Title: Cloud Recon Tool

Search URL Search Domain Scan URL

URL: https://sso.group-ib.com/
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Eldorado%20Ransomware:%20The%20New%20Golden%20Empire%20of%20Cybercrime?&url=https://www.group-ib.com/blog/eldorado-ransomware/
Title: <img src="/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg">

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.group-ib.com/blog/eldorado-ransomware/&quote=Eldorado%20Ransomware:%20The%20New%20Golden%20Empire%20of%20Cybercrime?
Title: <img src="/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg">

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=https://www.group-ib.com/blog/eldorado-ransomware/&text=Eldorado%20Ransomware:%20The%20New%20Golden%20Empire%20of%20Cybercrime?
Title: <img src="/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg">

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.group-ib.com/blog/eldorado-ransomware/
Title: <img src="/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg">

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.group-ib.com/blog/eldorado-ransomware/
Title: <img src="/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg">

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/hosting-firms-vmware-esxi-servers-hit-by-new-sexi-ransomware/
Title: LIMPOPO

Search URL Search Domain Scan URL

URL: https://pkg.go.dev/github.com/hirochachacha/go-smb2
Title: library

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB
Title: <img src="/wp-content/themes/gib-theme/assets/images/twitter-icon.svg" alt="Group-IB on Twitter" />

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/1382013/
Title: <img src="/wp-content/themes/gib-theme/assets/images/linkedin-icon.svg" alt="Group-IB on LinkedIn"/>

Search URL Search Domain Scan URL

URL: https://instagram.com/groupibhq/
Title: <img src="/wp-content/themes/gib-theme/assets/images/instagram-icon.svg" alt="Group-IB on Instagram"/>

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groupibHQ
Title: <img src="/wp-content/themes/gib-theme/assets/images/facebook-icon.svg" alt="Group-IB on Facebook"/>

Search URL Search Domain Scan URL

URL: https://t.me/Group_IB
Title: <img src="/wp-content/themes/gib-theme/assets/images/telegram-icon.svg" alt="Group-IB on Telegram"/>

Search URL Search Domain Scan URL

URL: https://group-ib.medium.com/
Title: <img src="/wp-content/themes/gib-theme/assets/images/medium-icon.svg" alt="Group-IB on Medium"/>

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.group-ib.com/blog/eldorado-ransomware/ HTTP 307
https://www.group-ib.com/blog/eldorado-ransomware/ Page URL
https://www.group-ib.com/blog/eldorado-ransomware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.group-ib.com/blog/eldorado-ransomware/ HTTP 307
https://www.group-ib.com/blog/eldorado-ransomware/

52 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

/ Show response
www.group-ib.com/blog/eldorado-ransomware/
Redirect Chain

http://www.group-ib.com/blog/eldorado-ransomware/
https://www.group-ib.com/blog/eldorado-ransomware/

7 KB
7 KB

76ms
9ms

Document
text/html

3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/blog/eldorado-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3fd292ad17d49b8ea8a712f1d0f444ea9a4c14f72572a1719fa1e3f7ef54d780

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-type: text/html
date: Wed, 10 Jul 2024 09:14:58 GMT

Redirect headers

Location: https://www.group-ib.com/blog/eldorado-ransomware/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 65ms
27ms Script
text/javascript 195.201.183.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.201.183.123 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.183.201.195.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 10 Jul 2024 09:14:58 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Methods: GET, POST, OPTIONS
x-envoy-upstream-service-time: 0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
DATA 200
OK truncated
/ 484 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce7b2d2acf41e3d456b077e8dd909318bed0bca771d3f408458d14da1eaea749

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eddb18b6d8d1476091e64c33c20c7f4310eee6547732a5ab24b32a7601d7c4c9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 205 B
654 B 17ms
16ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d7aff03f29591199cb7da4f8f63a8dc2e397c8768e957c008ca5a6108573e2d9

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-cfids: -

Response headers

date: Wed, 10 Jul 2024 09:14:58 GMT
content-encoding: gzip
server: nginx
etag: W/"bNTLCT/erMdoD1YdN6mzR/ks87bHiU93U5sUPTfcB3tyPoFTZVq5Dq/QRqZqCTRmU8YcaVYbjZas5yoSN8jHpNiwapaaDRB1QWfqQWopGlBBMc/pd7P4ruACj4V18z4DTVRMjP3Es6tC9gqxakU/kChW"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache
x-envoy-upstream-service-time: 1

GET
H2 200 favicon.ico
www.group-ib.com/ 7 KB
3 KB 21ms
21ms Other
image/vnd.microsoft.icon 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2882
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 29 Jun 2022 11:31:28 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/vnd.microsoft.icon
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=2592000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Fri, 09 Aug 2024 09:14:58 GMT

POST
H2 200 fl Show response
www.group-ib.com/api/ 689 B
1 KB 199ms
191ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=bNTLCT%2FerMdoD1YdN6mzR%2Fks87bHiU93U5sUPTfcB3tyPoFTZVq5Dq%2FQRqZqCTRmU8YcaVYbjZas5yoSN8jHpNiwapaaDRB1QWfqQWopGlBBMc%2Fpd7P4ruACj4V18z4DTVRMjP3Es6tC9gqxakU%2FkChW
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a0d3836300d5cc1f198d7347776414a0e94eda6a2f2726ddfbb6e962405659a7

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jul 2024 09:14:59 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 93
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 Primary Request / Show response
www.group-ib.com/blog/eldorado-ransomware/ 227 KB
43 KB 47ms
47ms Document
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/blog/eldorado-ransomware/

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5b61fd1476a090d41666e148fd5af6df4d0d72ed9df38d795452a2bddf1d6357

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=0 private, max-age=3600
content-encoding: gzip
content-length: 43723
content-security-policy: frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Wed, 10 Jul 2024 09:14:59 GMT
expires: Wed, 10 Jul 2024 09:14:59 GMT
last-modified: Wed, 10 Jul 2024 09:10:31 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: X-Forwarded-Proto,Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

POST
H2 200 fl
www.group-ib.com/api/ 689 B
1 KB 47ms
44ms Ping
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=lZmrJOJ1FRHAU%2BAUTQLkgm%2FLy8dL6TUEnbetz%2B%2F1cHwB7ZC%2BaKzCE9f10vUJafcG7wTiD5dnPMNUTiTJc8p5BjV6EwmwRGUsg3jjT1CVLGXPXzQB4sFymCzkiWc7fw7rFqKoXJt9%2BQD9Iv%2FzM3tCNNQgII0kYVmKlJod
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jul 2024 09:14:59 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 27
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 40ms
40ms Script
text/javascript 195.201.183.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.201.183.123 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.183.201.195.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 10 Jul 2024 09:14:59 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Methods: GET, POST, OPTIONS
x-envoy-upstream-service-time: 0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 swiper-bundle.min.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 140 KB
39 KB 93ms
92ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 39504
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Sep 2022 07:41:14 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 classic-themes.min.css
www.group-ib.com/wp-includes/css/ 217 B
307 B 111ms
110ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-includes/css/classic-themes.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 189
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 11 Nov 2022 11:58:50 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 dashicons.min.css
www.group-ib.com/wp-content/cache/min/1/wp-includes/css/ 58 KB
35 KB 114ms
113ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/cache/min/1/wp-includes/css/dashicons.min.css?ver=1720602320

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 35769
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 Jul 2024 09:05:20 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 frontend.min.css
www.group-ib.com/wp-content/plugins/post-views-counter/css/ 1 KB
801 B 113ms
112ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 440
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 26 Jun 2024 10:01:02 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 single-blog-post.css
www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/ 214 KB
33 KB 109ms
109ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dd7721ed6c1d2f7d515000cb45c8a258edbac2bbc3aa7de6ad97d6f5950b7528

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 33933
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 Jul 2024 09:06:05 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 lazyload.min.js Show response
www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 31ms
31ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3053
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 11:28:03 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
H2 200 lcp-beacon.min.js Show response
www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/ 6 KB
2 KB 20ms
20ms Script
application/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/wp-rocket/assets/js/lcp-beacon.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

45d9031a4b947a9d6c199cf2ef0ea44286be44ccbc1c1ed03252829d5740c07a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:14:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2272
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 11:28:03 GMT
server: nginx
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=31536000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 10 Jul 2025 09:14:59 GMT

GET
DATA 200
OK truncated
/ 487 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4414e4f6317983ed6c64b23c79797f5c7054bb32531214d26bc24cf34570f331

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e33f54316465fc5e7217d6d93224ef719d2d6214c47f3e909eea4fb19f012c7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 217 B
684 B 22ms
22ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5717bd24af317981d5c042b496de7cddc8fe8ca57c9e0331ef631aab03a14e17

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 51lAtd5Ank5p8l/E0gf4GrBY1FBLBY5E7Vmt/+5fv8DbBE98sfrX8SEQAXmi1uW2RZxsLRdadW3PlHAQjDA/j7Gnrpk9rYAh6Uv8sqn3nMS3du08Uw8skKhEksSxXSDh4F9zZ23DuRyHwIKskiyNnxZ7T2Mh0v4LvVVOGFTsa/nxrSbtqu79CpChEkPO3H+ldcMUaEfCuYlcC0D2ryaK359F6TmjRoqQnOrGj5Njp62E5qMSPn6r/A09J/2E/xcYFBtojcnupxVeMQ/8LloyWHs=
Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: Szq0ddc7a7223600d42cb6df880a47a13815d430
x-cfids: lZmrJOJ1FRHAU+AUTQLkgm/Ly8dL6TUEnbetz+/1cHwB7ZC+aKzCE9f10vUJafcG7wTiD5dnPMNUTiTJc8p5BjV6EwmwRGUsg3jjT1CVLGXPXzQB4sFymCzkiWc7fw7rFqKoXJt9+QD9Iv/zM3tCNNQgII0kYVmKlJod

Response headers

date: Wed, 10 Jul 2024 09:14:59 GMT
content-encoding: gzip
server: nginx
etag: W/"w1jI9bP7ZAnXgG3wG9oQKbe9kTcYHmQQER/Uk1YFqrezMKOPP5tyiTqrqIkAC0tZwASqoDLoDpr3bnZDlR3AyW1Imc1vxKJKttLYURCINCZyoCvhgoiUX3rDJVNM+mHBczf3RZhI7EIlU2tkUbrEZHcN1gVFchapZNgu"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache
x-envoy-upstream-service-time: 0

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56e8c6f3436e89ff3abe897de4aa841fc329aec9acfda851e4f02a2ea9a2334b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fca53ff0ed16c1f5d35b5042a91ba5cb2bed97a8a132a468229acc0518e9459

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95994fb67303ef76b44dbcbba5dc1188449bd28182bfc13fde954adf3bb196f7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9437fef714c5b4f9c123edc6693998d228cdabbcd9d48ef802c30701bc3c4152

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: becb9e84a9ad240f359e54fddd90f64ebe13d8a6be3483fcf539f736ea723d29

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5261130c1d574dbd26ec5e81a67d9f6fdfb9addda33ce5b4b67846a7c9a9bd74

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9257ee0cf5efca003165012098984b6aae65c99281dc9a8c7c56e14beaf07f9a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa25a6ed0b31748e0306351d2642e91a8f2eaa7fe383eae656a76980dedc69c5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 cross.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 342 B
342 B 41ms
41ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 207
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 success.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 386 B
319 B 40ms
40ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/success.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 254
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 11:07:05 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 G-font-Medium.otf
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 60 KB
35 KB 36ms
35ms Font
font/otf 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
Origin: https://www.group-ib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 35382
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Nov 2023 11:44:59 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: font/otf
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 G-font-Regular.otf
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 47 KB
30 KB 64ms
63ms Font
font/otf 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
Origin: https://www.group-ib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 30798
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Nov 2023 11:44:59 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: font/otf
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 G-font-Bold.otf
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 49 KB
31 KB 63ms
62ms Font
font/otf 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.otf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
Origin: https://www.group-ib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 31918
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Nov 2023 11:44:59 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: font/otf
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 Material-Icons.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/ 125 KB
126 KB 61ms
61ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/Material-Icons.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
Origin: https://www.group-ib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Nov 2023 16:09:12 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: font/woff2
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76c15dc90724edaae03612620f19857035033b05c4626ed3c768749104264876

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb11f1b920c07f88d2702b12de9cb637eb2cd6077552cbb427d2a7a08c3e186e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23d73a04358f739502f52a0aa757cf916c0e55fa10dcfdcb798d97dc44f8678b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d750f94ff486d2fb3eb8b3593a5b342be3b4f49a417b4d3b90713df0b8d537a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 main-logo.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 3 KB
2 KB 58ms
54ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1527
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Apr 2024 10:01:09 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 ti.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 59ms
55ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5942
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 asm.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 56ms
53ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5964
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 fp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 8 KB
8 KB 66ms
62ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7840
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 drp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 5 KB
5 KB 65ms
61ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5421
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 mxdr.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 78ms
75ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6529
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 bep.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 76ms
72ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6275
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 search-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 982 B
527 B 73ms
70ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/search-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 410
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 14 Mar 2024 09:08:51 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 twitter-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
596 B 77ms
74ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 554
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 facebook-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 627 B
442 B 70ms
67ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 376
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 telegram-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
834 B 69ms
66ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 787
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 linkedin-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 919 B
512 B 69ms
66ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 470
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 whatsapp-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 2 KB
1 KB 68ms
66ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1046
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 share-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 1 KB
564 B 72ms
70ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/share-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 500
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 wb_sunny-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 724 B
427 B 72ms
70ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/wb_sunny-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 385
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 moon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 627 B
497 B 124ms
122ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/moon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 361
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 24 Nov 2022 12:37:03 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 el-dorado-blog-min-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 145 KB
145 KB 84ms
82ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/el-dorado-blog-min-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

56f007081ac7bb12d486a48f25a773e1c84ab4ed94b9c5903e812d484d297f01

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 14:27:16 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 threat-actor-profile-min.png.webp
www.group-ib.com/wp-content/uploads/ 88 KB
88 KB 86ms
85ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/threat-actor-profile-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4d7bd3f1f81c6fd3591ba0c716df9982e30213772f8aa77a9fed8c3642520bc0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 14:40:39 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 kichatov-min.png.webp
www.group-ib.com/wp-content/uploads/ 7 KB
7 KB 124ms
123ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/kichatov-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7483
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 21 Jun 2024 09:47:00 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 sharmine.png.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 80ms
79ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/sharmine.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4967
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 16 May 2024 00:15:04 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 patch-or-peril-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 16 KB
16 KB 82ms
81ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/patch-or-peril-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

815b5cccfbd24b7139961c19bae6228020a597e698c099c153098d16a26a5b04

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 16015
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 07 Jul 2024 15:16:41 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 breaking-silos_-the-convergence-of-cybersecurity-and-fraud-prevention-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 72ms
70ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/breaking-silos_-the-convergence-of-cybersecurity-and-fraud-prevention-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

96be894b00f45693a8ae9bac674209dbf6d1136988993cd099753eb8c7617e43

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4747
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 04 Jul 2024 13:16:36 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 boost-your-mssps-competitive-edge-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 4 KB
4 KB 122ms
121ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/boost-your-mssps-competitive-edge-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/eldorado-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8beda3d33f7703220da17ab92ddf5fd605dd08251c1aa6f8005451bb12db0fdc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3633
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 26 Jun 2024 10:37:18 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/webp
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

GET
H2 200 dropdown_before.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 154 B
191 B 68ms
67ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 150
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 link-arrow.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 409 B
332 B 116ms
115ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 267
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 Close.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 227 B
244 B 112ms
112ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 180
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 29 Nov 2022 12:14:21 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 file_copy.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 668 B
417 B 111ms
111ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/file_copy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/wp-content/cache/background-css/www.group-ib.com/wp-content/cache/min/1/wp-content/themes/gib-theme/assets/css/single-blog-post.css?ver=1720602365&wpr_t=1720613431
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 352
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 28 Nov 2022 13:01:55 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/svg+xml
access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=10368000, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Thu, 07 Nov 2024 09:15:00 GMT

GET
H2 200 96x96.png
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 140ms
140ms Other
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/uploads/96x96.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 09:15:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2164
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 27 Jul 2023 07:36:53 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: image/png
access-control-allow-origin: https://www.group-ib.com
cache-control: no-cache, private, max-age=3600
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:14:59 GMT

POST
H2 200 fl Show response
www.group-ib.com/api/ 689 B
1 KB 115ms
108ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=w1jI9bP7ZAnXgG3wG9oQKbe9kTcYHmQQER%2FUk1YFqrezMKOPP5tyiTqrqIkAC0tZwASqoDLoDpr3bnZDlR3AyW1Imc1vxKJKttLYURCINCZyoCvhgoiUX3rDJVNM%2BmHBczf3RZhI7EIlU2tkUbrEZHcN1gVFchapZNgu
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 830bc92a19660c22e35d221fff67edc89c3171bbd51c9abab36fccc5f7f03e79

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: 51lAtd5Ank5p8l/E0gf4GrBY1FBLBY5E7Vmt/+5fv8DbBE98sfrX8SEQAXmi1uW2RZxsLRdadW3PlHAQjDA/j7Gnrpk9rYAh6Uv8sqn3nMS3du08Uw8skKhEksSxXSDh4F9zZ23DuRyHwIKskiyNnxZ7T2Mh0v4LvVVOGFTsa/nxrSbtqu79CpChEkPO3H+ldcMUaEfCuYlcC0D2ryaK359F6TmjRoqQnOrGj5Njp62E5qMSPn6r/A09J/2E/xcYFBtojcnupxVeMQ/8LloyWHs=
Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: UiCfecedb193fabc64744ff232f5c1fae786204d
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jul 2024 09:15:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 63
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

POST
H2 200 fl Show response
www.group-ib.com/api/ 689 B
1 KB 98ms
95ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=OIP7NYP6S9UZWYbqYDbkLJr2iM%2B4CNpKOByqotKrMi1iIXKobJpxXs8Juo%2BqxgdjOj%2FUSYm7d8VQ2iV%2F1liegTTR%2BGr%2BHfVMyBPaHEPKlQSaUeNfvduK%2BoZcsIBp%2FQjeOShOotZglEDKDyaMPJDNc5qkPu2JhlmGM7aX
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: eb8e722ce28bc689681a738cd269f6ee05afac3732fa8f7571b58d7cef618cc4

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: qY3xVEaBFB5rjBd0kP14US6TuZ0dSfEyRowZ/PLFc6i8wP3VPKaCT0bqk6TMzpZy1iTAchZ+0WM4CMXndgiXeqpTjPdPmMTUpnuyFQjGwBtOiOzh3gVKd8GbvkeyrsAdihOMBz7VgXhBciSvMEdFwxP75NQHnuGYv5EtMEi1dW1qOqgX0Yr6LVcE4D+IXlMcyL4NBMgiwlAVzeughpS0UdWvH+vbAil0tt7ACw/+9AN++H8UKXT7xM0KdDxdw7XgxrEIInvZdUlo6ogKceWgD2k=
Referer: https://www.group-ib.com/blog/eldorado-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: HUh30a4551cc660c77802fcfd8e9f7669b9312ae
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 10 Jul 2024 09:15:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.group-ib.com
cache-control: no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 78
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.group-ib.com/	1970-01-21 06:42:18	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
.group-ib.com/	1970-01-21 06:42:18	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
www.group-ib.com/	1970-01-21 06:42:18	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: qY3xVEaBFB5rjBd0kP14US6TuZ0dSfEyRowZ/PLFc6i8wP3VPKaCT0bqk6TMzpZy1iTAchZ+0WM4CMXndgiXeqpTjPdPmMTUpnuyFQjGwBtOiOzh3gVKd8GbvkeyrsAdihOMBz7VgXhBciSvMEdFwxP75NQHnuGYv5EtMEi1dW1qOqgX0Yr6LVcE4D+IXlMcyL4NBMgiwlAVzeughpS0UdWvH+vbAil0tt7ACw/+9AN++H8UKXT7xM0KdDxdw7XgxrEIInvZdUlo6ogKceWgD2k=
www.group-ib.com/	1970-01-21 06:42:18	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: OIP7NYP6S9UZWYbqYDbkLJr2iM+4CNpKOByqotKrMi1iIXKobJpxXs8Juo+qxgdjOj/USYm7d8VQ2iV/1liegTTR+Gr+HfVMyBPaHEPKlQSaUeNfvduK+oZcsIBp/QjeOShOotZglEDKDyaMPJDNc5qkPu2JhlmGM7aX
.www.group-ib.com/	1970-01-21 06:42:18	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: OIP7NYP6S9UZWYbqYDbkLJr2iM+4CNpKOByqotKrMi1iIXKobJpxXs8Juo+qxgdjOj/USYm7d8VQ2iV/1liegTTR+Gr+HfVMyBPaHEPKlQSaUeNfvduK+oZcsIBp/QjeOShOotZglEDKDyaMPJDNc5qkPu2JhlmGM7aX
.group-ib.com/	1970-01-21 06:42:18	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: OIP7NYP6S9UZWYbqYDbkLJr2iM+4CNpKOByqotKrMi1iIXKobJpxXs8Juo+qxgdjOj/USYm7d8VQ2iV/1liegTTR+Gr+HfVMyBPaHEPKlQSaUeNfvduK+oZcsIBp/QjeOShOotZglEDKDyaMPJDNc5qkPu2JhlmGM7aX
.www.group-ib.com/	1970-01-21 06:42:18	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: qY3xVEaBFB5rjBd0kP14US6TuZ0dSfEyRowZ/PLFc6i8wP3VPKaCT0bqk6TMzpZy1iTAchZ+0WM4CMXndgiXeqpTjPdPmMTUpnuyFQjGwBtOiOzh3gVKd8GbvkeyrsAdihOMBz7VgXhBciSvMEdFwxP75NQHnuGYv5EtMEi1dW1qOqgX0Yr6LVcE4D+IXlMcyL4NBMgiwlAVzeughpS0UdWvH+vbAil0tt7ACw/+9AN++H8UKXT7xM0KdDxdw7XgxrEIInvZdUlo6ogKceWgD2k=
.group-ib.com/	1970-01-21 06:42:18	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: qY3xVEaBFB5rjBd0kP14US6TuZ0dSfEyRowZ/PLFc6i8wP3VPKaCT0bqk6TMzpZy1iTAchZ+0WM4CMXndgiXeqpTjPdPmMTUpnuyFQjGwBtOiOzh3gVKd8GbvkeyrsAdihOMBz7VgXhBciSvMEdFwxP75NQHnuGYv5EtMEi1dW1qOqgX0Yr6LVcE4D+IXlMcyL4NBMgiwlAVzeughpS0UdWvH+vbAil0tt7ACw/+9AN++H8UKXT7xM0KdDxdw7XgxrEIInvZdUlo6ogKceWgD2k=
.www.group-ib.com/	1970-01-21 06:42:18	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Kwhl75cafca6f8e2a5d468cdba9f6b9bb7cca22b
.group-ib.com/	1970-01-21 06:42:18	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Kwhl75cafca6f8e2a5d468cdba9f6b9bb7cca22b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.group-ib.com/blog/eldorado-ransomware/ Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fhp-de-js.group-ib.com
www.group-ib.com
195.201.183.123
3.72.181.255
0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9
15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9
1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63
1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4
23d73a04358f739502f52a0aa757cf916c0e55fa10dcfdcb798d97dc44f8678b
2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0
2e33f54316465fc5e7217d6d93224ef719d2d6214c47f3e909eea4fb19f012c7
31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a
3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880
3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17
3fd292ad17d49b8ea8a712f1d0f444ea9a4c14f72572a1719fa1e3f7ef54d780
4414e4f6317983ed6c64b23c79797f5c7054bb32531214d26bc24cf34570f331
45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee
45d9031a4b947a9d6c199cf2ef0ea44286be44ccbc1c1ed03252829d5740c07a
4d7bd3f1f81c6fd3591ba0c716df9982e30213772f8aa77a9fed8c3642520bc0
4fca53ff0ed16c1f5d35b5042a91ba5cb2bed97a8a132a468229acc0518e9459
518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc
5261130c1d574dbd26ec5e81a67d9f6fdfb9addda33ce5b4b67846a7c9a9bd74
56e8c6f3436e89ff3abe897de4aa841fc329aec9acfda851e4f02a2ea9a2334b
56f007081ac7bb12d486a48f25a773e1c84ab4ed94b9c5903e812d484d297f01
5717bd24af317981d5c042b496de7cddc8fe8ca57c9e0331ef631aab03a14e17
574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced
589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5b61fd1476a090d41666e148fd5af6df4d0d72ed9df38d795452a2bddf1d6357
6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061
6d750f94ff486d2fb3eb8b3593a5b342be3b4f49a417b4d3b90713df0b8d537a
7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6
76c15dc90724edaae03612620f19857035033b05c4626ed3c768749104264876
7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2
815b5cccfbd24b7139961c19bae6228020a597e698c099c153098d16a26a5b04
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832
830bc92a19660c22e35d221fff67edc89c3171bbd51c9abab36fccc5f7f03e79
8beda3d33f7703220da17ab92ddf5fd605dd08251c1aa6f8005451bb12db0fdc
8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0
9257ee0cf5efca003165012098984b6aae65c99281dc9a8c7c56e14beaf07f9a
9437fef714c5b4f9c123edc6693998d228cdabbcd9d48ef802c30701bc3c4152
95994fb67303ef76b44dbcbba5dc1188449bd28182bfc13fde954adf3bb196f7
96be894b00f45693a8ae9bac674209dbf6d1136988993cd099753eb8c7617e43
997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab
a0d3836300d5cc1f198d7347776414a0e94eda6a2f2726ddfbb6e962405659a7
a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f
aa25a6ed0b31748e0306351d2642e91a8f2eaa7fe383eae656a76980dedc69c5
ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc
b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
becb9e84a9ad240f359e54fddd90f64ebe13d8a6be3483fcf539f736ea723d29
c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade
cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a
cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb
ce7b2d2acf41e3d456b077e8dd909318bed0bca771d3f408458d14da1eaea749
d7aff03f29591199cb7da4f8f63a8dc2e397c8768e957c008ca5a6108573e2d9
dd7721ed6c1d2f7d515000cb45c8a258edbac2bbc3aa7de6ad97d6f5950b7528
dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708
dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c
e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632
eb8e722ce28bc689681a738cd269f6ee05afac3732fa8f7571b58d7cef618cc4
eddb18b6d8d1476091e64c33c20c7f4310eee6547732a5ab24b32a7601d7c4c9
f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba
f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314
f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28
fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43
fb11f1b920c07f88d2702b12de9cb637eb2cd6077552cbb427d2a7a08c3e186e

www.group-ib.com Open in urlscan Pro 3.72.181.255 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

3 IPs

1 Countries

983 kBTransfer

1972 kBSize

10 Cookies

16 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

983 kB
Transfer

1972 kB
Size

10
Cookies

52 HTTP transactions
17 data transactions