www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.group-ib.com/blog/dragonforce-ransomware/
Submission: On September 28 via api (September 28th 2024, 9:50:06 am UTC) from IN — Scanned from DE

Summary HTTP 216 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 34 IPs in 4 countries across 25 domains to perform 216 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 1st 2024. Valid for: a year.

This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
108	3.72.181.255 3.72.181.255	16509 (AMAZON-02) (AMAZON-02)
2	159.69.140.80 159.69.140.80	24940 (HETZNER-AS) (HETZNER-AS)
13	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.255.172 172.65.255.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	172.65.236.181 172.65.236.181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.219.229 172.65.219.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a06:98c1:320... 2a06:98c1:3200::90:3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.198.159 172.65.198.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
3	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.245.46.63 18.245.46.63	16509 (AMAZON-02) (AMAZON-02)
1	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
9	2606:4700::68... 2606:4700::6812:1eb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	216.58.212.168 216.58.212.168	15169 (GOOGLE) (GOOGLE)
2	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
5	35.171.0.110 35.171.0.110	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:710... 2a02:26f0:7100::210:180	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
16	172.65.193.34 172.65.193.34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
216	34

108 3.72.181.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

www.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.69.140.80 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.80.140.69.159.clients.your-server.de

fhp-de-js.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-au.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.236.181 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3200::90:3 (United States)

ASN13335 (CLOUDFLARENET, US)

api-eu1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.198.159 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-63.fra56.r.cloudfront.net

cdn.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:1eb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.171.0.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-0-110.compute-1.amazonaws.com

api.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:180 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.65.193.34 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
110	group-ib.com www.group-ib.com fhp-de-js.group-ib.com — Cisco Umbrella Rank: 832442	2 MB
27	hubspot.com js-eu1.hubspot.com — Cisco Umbrella Rank: 25306 cta-eu1.hubspot.com — Cisco Umbrella Rank: 25299 forms-eu1.hubspot.com — Cisco Umbrella Rank: 66419 track-eu1.hubspot.com — Cisco Umbrella Rank: 17938	40 KB
13	onetrust.com cdn-au.onetrust.com — Cisco Umbrella Rank: 18157 geolocation.onetrust.com — Cisco Umbrella Rank: 550	166 KB
10	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 31701 perf-eu1.hsforms.com — Cisco Umbrella Rank: 25925	75 KB
9	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 9712	4 KB
7	6sc.co j.6sc.co — Cisco Umbrella Rank: 6722 c.6sc.co — Cisco Umbrella Rank: 8242 ipv6.6sc.co — Cisco Umbrella Rank: 6895 b.6sc.co — Cisco Umbrella Rank: 4275	20 KB
6	neverbounce.com cdn.neverbounce.com — Cisco Umbrella Rank: 74897 api.neverbounce.com — Cisco Umbrella Rank: 144944	30 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	489 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 112	4 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 196	77 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 378	15 KB
3	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 358 px4.ads.linkedin.com — Cisco Umbrella Rank: 6989	2 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2277 alb.reddit.com — Cisco Umbrella Rank: 1488	761 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1249	13 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3476	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 9833	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 152	555 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4111
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5210	2 KB
1	hubapi.com api-eu1.hubapi.com — Cisco Umbrella Rank: 26969	851 B
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 17741	25 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 17466	26 KB
1	hsadspixel.net js-eu1.hsadspixel.net — Cisco Umbrella Rank: 25198	4 KB
1	hs-scripts.com js-eu1.hs-scripts.com — Cisco Umbrella Rank: 16852	849 B
1	hsforms.net js-eu1.hsforms.net — Cisco Umbrella Rank: 64179	157 KB
216	25

	Domain	Requested by
108	www.group-ib.com	fhp-de-js.group-ib.com www.group-ib.com
16	forms-eu1.hubspot.com	fhp-de-js.group-ib.com
12	cdn-au.onetrust.com	www.group-ib.com fhp-de-js.group-ib.com cdn-au.onetrust.com
9	track-eu1.hubspot.com
9	tracking.g2crowd.com	www.group-ib.com fhp-de-js.group-ib.com
9	forms-eu1.hsforms.com	fhp-de-js.group-ib.com www.group-ib.com js-eu1.hsforms.net
5	api.neverbounce.com	cdn.neverbounce.com
5	www.googletagmanager.com	www.group-ib.com www.googletagmanager.com js-eu1.hsadspixel.net
4	www.facebook.com	www.group-ib.com
4	b.6sc.co	www.group-ib.com
3	connect.facebook.net	www.group-ib.com connect.facebook.net
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.group-ib.com
2	www.redditstatic.com	www.googletagmanager.com fhp-de-js.group-ib.com
2	px.ads.linkedin.com	1 redirects www.group-ib.com
2	dev.visualwebsiteoptimizer.com	fhp-de-js.group-ib.com www.group-ib.com
2	fhp-de-js.group-ib.com	www.group-ib.com
1	ipv6.6sc.co	fhp-de-js.group-ib.com
1	c.6sc.co	fhp-de-js.group-ib.com
1	perf-eu1.hsforms.com	www.group-ib.com
1	www.google.de	www.group-ib.com
1	stats.g.doubleclick.net	fhp-de-js.group-ib.com
1	region1.analytics.google.com	fhp-de-js.group-ib.com
1	alb.reddit.com	www.group-ib.com
1	pixel-config.reddit.com	fhp-de-js.group-ib.com
1	px4.ads.linkedin.com	www.group-ib.com
1	ws.zoominfo.com	www.group-ib.com
1	cdn.neverbounce.com	www.googletagmanager.com
1	j.6sc.co	www.group-ib.com
1	cta-eu1.hubspot.com	fhp-de-js.group-ib.com
1	api-eu1.hubapi.com	fhp-de-js.group-ib.com
1	js-eu1.hs-analytics.net	js-eu1.hs-scripts.com
1	js-eu1.hs-banner.com	js-eu1.hs-scripts.com
1	js-eu1.hsadspixel.net	js-eu1.hs-scripts.com
1	js-eu1.hubspot.com	js-eu1.hs-scripts.com
1	geolocation.onetrust.com	fhp-de-js.group-ib.com
1	js-eu1.hs-scripts.com	www.group-ib.com
1	js-eu1.hsforms.net	www.group-ib.com
216	37

This site contains links to these domains. Also see Links.

Domain
trebuchet.gibthf.com
github.com
sso.group-ib.com
twitter.com
www.facebook.com
t.me
www.linkedin.com
api.whatsapp.com
learn.microsoft.com
www.txone.com
docs.google.com
instagram.com
group-ib.medium.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-01` - `2025-07-04`	a year	crt.sh
onetrust.com WE1	`2024-09-25` - `2024-12-25`	3 months	crt.sh
hsforms.net WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
hubspot.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
neverbounce.com Amazon RSA 2048 M03	`2024-01-29` - `2025-02-25`	a year	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-07` - `2024-10-05`	3 months	crt.sh
g2crowd.com WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google.de WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.group-ib.com/blog/dragonforce-ransomware/
Frame ID: A88595B35EE4FABAEA1DFDC974F1F9C2
Requests: 213 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DragonForce Ransomware Group | Group-IB Blog

Page URL History Show full URLs

https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL
https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

216
Requests

99 %
HTTPS

33 %
IPv6

25
Domains

37
Subdomains

34
IPs

4
Countries

3440 kB
Transfer

7220 kB
Size

38
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://trebuchet.gibthf.com/?tab=network&__hstc=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&__hssc=84897990.1.1727517005476&__hsfp=90950173
Title: Network Protection Assessment

Search URL Search Domain Scan URL

URL: https://github.com/Group-IB/cloud_sherlock
Title: Cloud Recon Tool

Search URL Search Domain Scan URL

URL: https://sso.group-ib.com/
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group&url=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.group-ib.com/blog/dragonforce-ransomware/&quote=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=https://www.group-ib.com/blog/dragonforce-ransomware/&text=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://github.com/gharty03/Conti-Ransomware/
Title: leaked

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
Title: Microsoft recommended driver block rules

Search URL Search Domain Scan URL

URL: https://www.txone.com/blog/malware-analysis-lockbit-3-0/
Title: other generic LockBit 3.0 variants

Search URL Search Domain Scan URL

URL: https://docs.google.com/document/d/1hAG_GpLjSmf4Sk2RKhjAtcDSBe_UFXSzcJsCIG7Ll0c/edit#heading=h.gbgnpqlngvdm
Title: provided in the builder

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/1382013/

Search URL Search Domain Scan URL

URL: https://instagram.com/groupibhq/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groupibHQ

Search URL Search Domain Scan URL

URL: https://t.me/Group_IB

Search URL Search Domain Scan URL

URL: https://group-ib.medium.com/

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL
https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 153

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQKGtwEDEhe7_AAAAZI4CZUrdfpa8bBJtFIDIpk19AOTMuDtz750znqEEjP-G3yVT2aoICDy_ulg

216 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 403 / Show response
www.group-ib.com/blog/dragonforce-ransomware/ 7 KB
7 KB 118ms
22ms Document
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 2db6d299a35f40008418236bfb5cc780d09f701b49a6c09a1fe9a747d26a2bed

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-type: text/html
date: Sat, 28 Sep 2024 09:50:01 GMT

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 129ms
52ms Script
text/javascript 159.69.140.80
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.69.140.80 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.80.140.69.159.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
x-envoy-upstream-service-time: 1
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Date: Sat, 28 Sep 2024 09:50:01 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Server: nginx
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
DATA 200
OK truncated
/ 487 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6e5bd65f95c712037606fdb9eb996480a149d08ee7d347550584b98747f221b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b17adc058d04462cc64e23cbbc55f5fb1f74a7fb8e204445f8ed581a8840b16

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 205 B
662 B 33ms
32ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 631ebea670a5a3d38fe35c3f71393f18ae2c5b5996851ea434ea0b7eedf75c1c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
x-cfids: -
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-cache
content-encoding: gzip
etag: W/"W267fJ9ZpAJlUOq7nhMBsoTbP4cAPe/bN4kCVNjEAvQkE0wfvQaPcs7qTxkz6Q5VQ3ht3BlBpvOZr4H9QZ76++fS8SjZcTslF7ASXQKDV7RJoF9aVxUOk0kn1mD3YkmKqHJ2V/otH3CqwLxrg6Qz0b9q"
x-envoy-upstream-service-time: 1
date: Sat, 28 Sep 2024 09:50:01 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 favicon.ico
www.group-ib.com/ 7 KB
3 KB 31ms
30ms Other
image/vnd.microsoft.icon 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:02 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 29 Jun 2022 11:31:28 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2882
x-xss-protection: 1; mode=block
server: nginx

POST
H2 200 fl Show response
www.group-ib.com/api/ 685 B
1 KB 155ms
147ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=W267fJ9ZpAJlUOq7nhMBsoTbP4cAPe%2FbN4kCVNjEAvQkE0wfvQaPcs7qTxkz6Q5VQ3ht3BlBpvOZr4H9QZ76%2B%2BfS8SjZcTslF7ASXQKDV7RJoF9aVxUOk0kn1mD3YkmKqHJ2V%2FotH3CqwLxrg6Qz0b9q
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cabd6897fd26c14b971a9bbfcc9cefec95afef3fea23e19fe16e2d8571b4fbc9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 91
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 Primary Request / Show response
www.group-ib.com/blog/dragonforce-ransomware/ 184 KB
41 KB 217ms
216ms Document
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/blog/dragonforce-ransomware/

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7adbf75f6686d2ee8ea4182b11a6d5dcf23a8be04e25079f4d7a495742223965

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=0 private, max-age=3600
content-encoding: gzip
content-length: 42169
content-security-policy: frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Sat, 28 Sep 2024 09:50:03 GMT
expires: Sat, 28 Sep 2024 09:50:03 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: X-Forwarded-Proto,Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

POST
H2 200 fl
www.group-ib.com/api/ 685 B
1023 B 61ms
59ms Ping
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=M7RaAyG15Lq10RWGGQ8DUvtbNSmq24xTP6RSZyBXElrRpRpnSDfLLd2Rp7N6zGXTHdU0rV9ixfN%2B%2B8wf0UV9mbKDpb0AnKeZnWru%2Ffo3FJ95ovPu0C5rRS5ZhuhnoJ87QbCjrmkX8DwC0XvZdK4ff0WxLbN9JXZ2bALx
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 28
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 53ms
50ms Script
text/javascript 159.69.140.80
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.69.140.80 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.80.140.69.159.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
x-envoy-upstream-service-time: 1
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Date: Sat, 28 Sep 2024 09:50:03 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Server: nginx
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 swiper-bundle.min.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 140 KB
39 KB 145ms
140ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 05 Sep 2022 07:41:14 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 39504
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 otSDKStub.js Show response
cdn-au.onetrust.com/scripttemplates/ 21 KB
7 KB 102ms
45ms Script
application/javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/otSDKStub.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4D4FE7DA0
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 30456
expires: Sun, 29 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:11:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: a7c7c223-f01e-002e-2316-0928a3000000
cf-ray: 8ca2d3b8dde93a49-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6881
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 dashicons.min.css
www.group-ib.com/wp-includes/css/ 58 KB
35 KB 127ms
124ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-includes/css/dashicons.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 10 Jun 2022 07:03:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 35730
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 frontend.min.css
www.group-ib.com/wp-content/plugins/post-views-counter/css/ 1 KB
559 B 119ms
116ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 26 Jun 2024 10:01:02 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 440
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 front-css.css
www.group-ib.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 120ms
117ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/dist/css/front-css.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6207
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 new-flags.css
www.group-ib.com/wp-content/plugins/weglot/app/styles/ 86 KB
4 KB 122ms
119ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/app/styles/new-flags.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4425
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 frontend.min.js Show response
www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/ 4 KB
2 KB 118ms
115ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/frontend.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ab89ce5085f7176183ab9b4787cd956f1fb7c27ef7fd9038fa331bb04bb66a41

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Jul 2024 05:27:13 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1748
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 front-js.js Show response
www.group-ib.com/wp-content/plugins/weglot/dist/ 5 KB
2 KB 119ms
117ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/dist/front-js.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1762
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 jquery.min.js Show response
www.group-ib.com/wp-includes/js/jquery/ 86 KB
30 KB 127ms
124ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 16 Sep 2024 11:16:14 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 30368
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 single-blog-post.css
www.group-ib.com/wp-content/themes/gib-theme/assets/css/ 285 KB
40 KB 148ms
146ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6a2b455a20536682c2edca15dc93e6c90fea86dd43afc281eccace6b352335a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 16 Sep 2024 10:15:17 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 40830
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 v2.js Show response
js-eu1.hsforms.net/forms/ 483 KB
157 KB 109ms
32ms Script
application/javascript 172.65.255.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsforms.net/forms/v2.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-request-id: 32c955b4-271f-439f-a4ae-c5064246cfa9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6baa082bb753a0d6d6e8a595ed1a8003"
x-amz-version-id: AFaf8mWb39Qooe1K5qzICbDOfESNQB7s
age: 242
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQSohhhvsfBU%2Bp9mZtHzNjUJZI68CaNbbegHIPvrp3LzsTlRYBk91DYdMIq5UaMppYZGdKRa02O9BWVBbJB5CzshNTDNTgwVCN3IWfAQG5fSuiXl7tEtxN6fSyIYuWJiQhVQsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: EUr17jFpa0DKb1sEbvO1cOnhfavvgAuEPnSiz98vvBlaU-M2QUEfaQ==
x-hubspot-correlation-id: 32c955b4-271f-439f-a4ae-c5064246cfa9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 03 Sep 2024 14:36:36 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-4lhcx
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.5999/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Sat, 28 Sep 2024 09:50:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8c8759376c18d36c-FRA
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
cf-ray: 8ca2d3b8fa99d36a-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: FRA56-P2

GET
H2 200 main-logo.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 3 KB
2 KB 336ms
309ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 10:01:09 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1527
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 ti.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 45ms
43ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5942
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 asm.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 45ms
44ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5964
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 fp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 8 KB
8 KB 58ms
57ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7840
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 drp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 5 KB
5 KB 56ms
56ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5421
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 mxdr.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 61ms
61ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6529
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 bep.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 340ms
313ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6275
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 search-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 982 B
474 B 339ms
313ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/search-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Thu, 14 Mar 2024 09:08:51 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 410
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 close-24.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 225 B
265 B 336ms
310ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/close-24.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

09db0fe5456fc4d29ab545243f6d9904eee2adc91cc78c426d8c756644bbf5d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Wed, 20 Mar 2024 13:15:58 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 177
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 twitter-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
619 B 336ms
311ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 554
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 facebook-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 627 B
418 B 340ms
314ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 376
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 telegram-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
829 B 340ms
314ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 787
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 linkedin-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 919 B
512 B 343ms
318ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 470
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 whatsapp-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 2 KB
1 KB 340ms
315ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1046
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 share-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 1 KB
541 B 210ms
184ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/share-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 500
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 wb_sunny-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 724 B
450 B 201ms
176ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/wb_sunny-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 385
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 moon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 627 B
422 B 212ms
187ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/moon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Nov 2022 12:37:03 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 361
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 kichatov-min.png.webp
www.group-ib.com/wp-content/uploads/ 7 KB
7 KB 341ms
316ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/kichatov-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Fri, 21 Jun 2024 09:47:00 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7483
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 sharmine.png.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 340ms
315ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/sharmine.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Thu, 16 May 2024 00:15:04 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 GIB-round-white.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 3 KB
3 KB 341ms
317ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/GIB-round-white.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3b63b449bde0f2c40eb23801ac24bd82666bd3a766c77b953ff75e6f3e257460

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/png
last-modified: Thu, 08 Dec 2022 15:23:27 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2889
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce_blog_banner_v3-without-title-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 36 KB
36 KB 570ms
546ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce_blog_banner_v3-without-title-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c54b46a6d8501defea137078e46cd33f6909f82f13ea7d6a932e82c92692a293

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 36415
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce_threat_actor_profile_v3-min.png.webp
www.group-ib.com/wp-content/uploads/ 115 KB
114 KB 573ms
550ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce_threat_actor_profile_v3-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4d69b5aed9d96213ce06eabd9950773f25ae231f1b2d4342dd4be518ac1092f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:28:56 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-map-min.png.webp
www.group-ib.com/wp-content/uploads/ 75 KB
74 KB 340ms
317ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-map-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1c42cc3e161604efbbc20532ddccb1cec17e851d976aed4cdb5e34ccc231743f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:43 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-graphics-min.png.webp
www.group-ib.com/wp-content/uploads/ 50 KB
50 KB 576ms
553ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-graphics-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e78b1bd1973a13096c199cc127f58ee4d668fa4941fab67f13192f09e5e0c4ed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:41 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 51000
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-1-min.png.webp
www.group-ib.com/wp-content/uploads/ 109 KB
108 KB 570ms
548ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-1-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

50f4aaaa34cd420a1c2adafc2635638f788d452117fdd30fdde1890a1a3aca5d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:28:58 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-2-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
32 KB 571ms
548ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-2-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d505ecf731cb1f1b2d550f08b41a13df96a12cf07fe66f49768999f411feb658

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:00 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 32756
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-3-min.png.webp
www.group-ib.com/wp-content/uploads/ 91 KB
91 KB 579ms
556ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-3-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9668d6d9155b3caac05d4cc54c31b6e9ca0c762859172bfe0725460a6f01ca36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:01 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-4-min.png.webp
www.group-ib.com/wp-content/uploads/ 12 KB
11 KB 211ms
189ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-4-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c68c7de30de112566d9a2ad9c9ce06fe8d2f93a248cdad15cd11c3e645b82e75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:02 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 10933
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-5-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 211ms
190ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-5-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:03 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-6-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 208ms
187ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-6-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:04 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-7-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 291ms
271ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-7-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d08917ee9a7352d19e36c6302d54b0f0f0ed9964922b5ce70ed515d7bd063f3d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:06 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25727
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-8-min.png.webp
www.group-ib.com/wp-content/uploads/ 50 KB
50 KB 570ms
549ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-8-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

eb5af5d1c611fbdd45ea3dc270086670dac3313626762f825b7aa474802c1db1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:07 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 50879
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-9-min.png.webp
www.group-ib.com/wp-content/uploads/ 17 KB
16 KB 290ms
270ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-9-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e50b9bcce7b923f8719844c7f2278c24a7e0ec00d3ebaae363406d399da39565

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:08 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 16569
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-10-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
32 KB 291ms
272ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-10-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

42f8ae7816a449a44dd99e7865a42fe4463f764f799a3e61359df235c1782d65

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:09 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 33128
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-11-min.png.webp
www.group-ib.com/wp-content/uploads/ 32 KB
32 KB 221ms
202ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-11-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9808516d4a0f431afaf27866437518e89a721feef756cc0b17177c41198a6983

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:11 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 32540
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-12-min.png.webp
www.group-ib.com/wp-content/uploads/ 30 KB
30 KB 294ms
275ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-12-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2943fd9aa8881ee3a8613d2c208283a69b2999766e9de63d3f003671bb8511a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:12 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 30304
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-13-min.png.webp
www.group-ib.com/wp-content/uploads/ 22 KB
22 KB 293ms
274ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-13-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d06188c468fc5214bdbb7d4fcb4652f41c4af966096d2ebd6c46559967654fb0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:13 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 21952
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-14-min.png.webp
www.group-ib.com/wp-content/uploads/ 22 KB
22 KB 288ms
270ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-14-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7d98c4ca6b4e1892a8ffd1a607c3572a40bba081085aa0d91c7bf2f897cfb94b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:14 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 22390
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-15-min.png.webp
www.group-ib.com/wp-content/uploads/ 19 KB
18 KB 319ms
301ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-15-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a8a40caba915702cafb7883ed43843037d764bbb3de17d33ce4f857eefa83aed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:15 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 18444
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-16-min.png.webp
www.group-ib.com/wp-content/uploads/ 29 KB
28 KB 294ms
276ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-16-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

936e5030c302893c0f74af6f60c91d63b067c21c1a4b7d34619a1174cb5aa82f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:17 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 28667
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-17-min.png.webp
www.group-ib.com/wp-content/uploads/ 21 KB
21 KB 290ms
272ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-17-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4c1d8a42eb027a778323b8948b43bf5c0a601c657bebe638de1c7c464512cbc3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:18 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 20926
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-18-min.png.webp
www.group-ib.com/wp-content/uploads/ 95 KB
95 KB 321ms
303ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-18-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b70b5a246856b4e8244f70c1fa5d264100b7f7e94d3b2253e0b5a6169f26c083

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:20 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-19-min.png.webp
www.group-ib.com/wp-content/uploads/ 23 KB
22 KB 294ms
277ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-19-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

16ef9d7fffa0550d6b807e6b82b5ae76163c4e987cc9366819c46a12e0878b89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:22 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 22901
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-20-min.png.webp
www.group-ib.com/wp-content/uploads/ 42 KB
42 KB 315ms
298ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-20-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fbfbd51bada8d11a20dfa3b6318b6d2ddb904ef69bfebb79e38b7a767b371f42

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:23 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 43076
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-21-min.png.webp
www.group-ib.com/wp-content/uploads/ 45 KB
44 KB 300ms
283ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-21-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

70176ace76e79121f930335748d60f4961bb7ff798138ed18641289cce7bea82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:24 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 45465
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-22-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
13 KB 201ms
188ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-22-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2c40cb4807931447e5eb747f8a377d6cbb1411eb77fe8270f27b70f231979afc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:25 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13624
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-23-min.png.webp
www.group-ib.com/wp-content/uploads/ 10 KB
11 KB 318ms
305ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-23-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

eb7bf6bbacaae386ac920d2969be3d206bc0db02221ea3aaa39cd2f4b0f98f9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 10742
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-24-min.png.webp
www.group-ib.com/wp-content/uploads/ 90 KB
90 KB 314ms
301ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-24-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

079dc50032bcdf9591a24e84a20fb2a153ddfeac7d03319bdc51a773b4f6bdbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:27 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-25-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
24 KB 290ms
278ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-25-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

41af6ca7def064fa2ce4a86622e9fb7579f898469a4391d1960ffc6123b97a2c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:28 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 24550
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-26-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
13 KB 564ms
552ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-26-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f7db205ec53d93b89166d00a5d9c7b0eff354e2cfcaba0fd462a69c4b8ced4a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:29 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13537
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-27-min.png.webp
www.group-ib.com/wp-content/uploads/ 37 KB
37 KB 294ms
282ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-27-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1c612435907b5a4f2ba43308921684f36ba0d3ec2eebea40710b8f7550077599

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:30 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 37436
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-28-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
26 KB 206ms
195ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-28-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

276c9585f4fbfa24a7e59ae054280eab5da26f01118130ad16237a877903ffed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:31 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 26065
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-29-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
25 KB 208ms
198ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-29-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

27c04cd78f087a504697af9601c1163b685f6c567e75dace0c2908635e8a7038

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:31 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25561
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-30-min.png.webp
www.group-ib.com/wp-content/uploads/ 14 KB
14 KB 316ms
305ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-30-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7c380423028a4b3142bdbd89f4c0e6d494a06f6769e05e08650a18ee1a4f27a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:32 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 14163
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-31-min.png.webp
www.group-ib.com/wp-content/uploads/ 83 KB
83 KB 198ms
188ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-31-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5782ae81826e28a0a467926074e8c75837f1b84436bef5520da5550e299a0f22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:33 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-32-min.png.webp
www.group-ib.com/wp-content/uploads/ 11 KB
11 KB 568ms
558ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-32-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9895985e4fb0de1e39dca698498039d1c947f9930e602a97f1ce158635fc09a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:34 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 11408
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-33-min.png.webp
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 206ms
196ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-33-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dea3a1ac67802edfef8af9575158682efa15eae5f544adca975b39ed1d3ddf98

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:34 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1761
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-34-min.png.webp
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 186ms
176ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-34-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

04452c63f7ce00819a3e4bf65d13817040260b07ed35704e4a55b6cb631cba75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:35 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2027
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-35-min.png.webp
www.group-ib.com/wp-content/uploads/ 4 KB
4 KB 205ms
196ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-35-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c3ab0cc61266897fa76332f097a74f52e2c3f9466804dfe2db65721433316118

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:35 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4425
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-36-min.png.webp
www.group-ib.com/wp-content/uploads/ 8 KB
8 KB 159ms
149ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-36-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f5546ee46a0b362477196972ee397b7c8d752ab9e0636d49c356fbc756e6dba5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:36 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7921
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-37-min.png.webp
www.group-ib.com/wp-content/uploads/ 41 KB
41 KB 168ms
159ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-37-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

99c55d3786782a49155bcf562182de9cb77a6c8197d824774f6c08fffa86f6cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:37 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 41441
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-38-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
14 KB 207ms
198ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-38-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

af5bddb24166ffcd3da8e70f00190acf77ae492bc17ae4ae8c057443184806c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:37 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13724
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-39-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
33 KB 168ms
160ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-39-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

bf76f17a774da58d4f67bf49cbf77f1bce6aee5d1631124bf532b5662c8cb335

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:38 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 33467
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-40-min.png.webp
www.group-ib.com/wp-content/uploads/ 12 KB
12 KB 127ms
118ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-40-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

30c5354141381a351f9d81e5d831e6277c2827a28b0e1b958c9694eb5d704238

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:39 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 12078
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 teamtnt-blog-banner-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 9 KB
9 KB 177ms
169ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/teamtnt-blog-banner-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9e42c23990614da64388cadca9ef91eba5206043593c40912f18ee55b3af35d4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Tue, 17 Sep 2024 22:08:46 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 8793
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 concealed-networks-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 176ms
168ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/concealed-networks-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

987f4042b286e1268acc17f999801c4be1e375d878697059bb4444cdbc0559a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Thu, 12 Sep 2024 13:31:39 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5175
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 ajina-blog-cover-small-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 158ms
150ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/ajina-blog-cover-small-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a8f7546b7ca2530ad7a185aa8ffc9a838fbad735afe69acdfcbc4b18d5f18dc3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:02 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/webp
last-modified: Wed, 21 Aug 2024 06:29:55 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4735
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Arrow_Forward_Up.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 425 B
379 B 124ms
116ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Arrow_Forward_Up.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cdfabceb7ae1940f42d871a2ee6a2f092de52f73db37b1bc5b01a87379106401

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/svg+xml
last-modified: Sun, 21 Aug 2022 10:10:53 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 266
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 twitter-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 1 KB
566 B 178ms
171ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/twitter-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a0da28e8bd00bbe274035dfe6c59a30984ddc71202c69842f84f0b4d04689674

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 524
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 linkedin-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 588 B
391 B 565ms
558ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/linkedin-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6cb3c6cb78253a7cfafea392e581f5f2ce0ee177c24e53ea31e68f7aee569238

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 349
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 instagram-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 923 B
473 B 166ms
159ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/instagram-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

100a79b22a580f1698a9950e8c18aefa79de0fd88e81a0a145e90fc4e8a59a2c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 408
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 facebook-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 415 B
342 B 176ms
169ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/facebook-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2952e22cc927982fa938a6fb0d5cd78316bb9b8e78872b27294a30addbfdc525

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 277
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 telegram-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 773 B
504 B 126ms
120ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/telegram-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5c7deb6b8db45580119b8192f45da9486bf6fd1694660e413ee57932305b5e55

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 462
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 medium-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 767 B
426 B 126ms
119ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/medium-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1912b691f446ed5b1da215a578b0658ffa03526efb75eb2ea28bcf0e7bfd4f92

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/svg+xml
last-modified: Wed, 05 Oct 2022 12:20:15 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 361
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 main.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 33 KB
5 KB 178ms
172ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

215c13199ec3ef950bd100031e13ae6efe6ad72c8b91c98fbdfed812fe2f4432

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 08 Aug 2024 07:25:08 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5081
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 fancybox.umd.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/ 103 KB
29 KB 60ms
60ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:03 GMT
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 05 Sep 2022 07:24:28 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 29634
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 25755956.js Show response
js-eu1.hs-scripts.com/ 2 KB
849 B 115ms
39ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/25755956.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d0b80f15229e98318d4704cf5c81bae1ba4a0b90bd73378ea8ca1a21ca4288

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 3600
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 5160
x-content-type-options: nosniff
cf-polished: origSize=2013
date: Sat, 28 Sep 2024 09:50:03 GMT
x-hubspot-correlation-id: af76d497-852d-4fab-9b60-6b94e5c0de1a
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sat, 28 Sep 2024 08:24:03 GMT
access-control-allow-credentials: true
cf-ray: 8ca2d3bab8eb65ad-FRA
access-control-allow-origin: https://www.group-ib.com
server: cloudflare

GET
DATA 200
OK truncated
/ 486 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92808d2c2daccca2659ed7eb3088bfb55a34d2175719eb42fb663ac62c7d19bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d682be8711c1be4039f480e94a6ef80d48ee8f566f3c4de3a8b830edf3eb357f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 217 B
641 B 31ms
31ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: dd72f8fea93e9f47926908769af2030b82df395cad9d041223bebc0f69a522fe

Request headers

x-cfids: M7RaAyG15Lq10RWGGQ8DUvtbNSmq24xTP6RSZyBXElrRpRpnSDfLLd2Rp7N6zGXTHdU0rV9ixfN++8wf0UV9mbKDpb0AnKeZnWru/fo3FJ95ovPu0C5rRS5ZhuhnoJ87QbCjrmkX8DwC0XvZdK4ff0WxLbN9JXZ2bALx
X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: p5BZAZGQMWC1+6L9NOG9Lsbiz55XFlBOr1zul8nETb/oIwxelCY1/G89ND8cugLuGbx4omRN94g1Kze23NtZXtSiPAS6348kX0T0HI5Z1N6e77rHIWxDWhEh1rzZfZgU4WEB1qSCD+/UI3Hmndcxc0G0MNFFA5c2YPHhces2SJ8IngEtF4Qh55yDOUE/LURhzFF45BMzInzhpCcayEpfPHcSHVmUtMQA5kAGzDSbDHXuQxPmFMUlXDknF8GMiTuKK41wMzIhjT5Zkka/zw==
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: LoBC6937e940cae8a4d912a03cf851cb390d6470

Response headers

cache-control: no-cache
content-encoding: gzip
etag: W/"JhMRkZRXNU2tK0r6le2WKvjMeZ/T0O5zOSKsYWNjNEc6abbAo6NBwx+EVZPNrUAuf/Br8CnCkayxXHiT0c7asTawh+7QKBdhB+p+EtPudqktSssHUCROKVqoVj/AwFeiUYRkItIjVNochDpunNJs8b1jlmkHZqEXQ31n"
x-envoy-upstream-service-time: 0
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 0191785e-a497-722c-b405-6b94787f2b40-test.json Show response
cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/ 5 KB
2 KB 106ms
55ms XHR
application/x-javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/0191785e-a497-722c-b405-6b94787f2b40-test.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83b41e48edf6ba0e7f1e20951122830f5dd7fb74cb8206f611a2bfc8deae32fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: gmWNW+LDJMagbQA/O1WZcw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCDE0E9E6D2AA2
age: 86337
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 09:35:54 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 7f843bf0-a01e-0023-5bf8-0fe077000000
cf-ray: 8ca2d3ba4973d25d-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1776
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 84ms
27ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=93623&u=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&vn=2.1&x=true
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: bd190a3b4396bb4bd38f05df34c22d00c00f7fa158b5658b38217e0b44c36e29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.group-ib.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gfra1

GET
H2 200 G-font-Medium.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
7 KB 160ms
158ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

71bdc449af5d61d21f5f6daab3f9b56189822beec3e5448e415f0ec7ee24e799

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7579
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 G-font-Regular.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
7 KB 154ms
153ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

53d389faf997ad6f58e74a17f4cd29b8455f0c97ddb3a93bb3aea262d273c56a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7091
x-xss-protection: 1; mode=block
server: nginx

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/ 9 KB
3 KB 144ms
54ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c80fcdbd8cc34c612a68166b44ef6f3e6eb42f9e87e5e8ca05f3635bc35a1879

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: f24a760e-e985-410f-846e-f2854cc97296
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: f24a760e-e985-410f-846e-f2854cc97296
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 13
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bb2a1dd26e-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 119ms
118ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=93623&d=group-ib.com&u=D13001736BC4D2794E31D8BD46C9D33FF&h=cda1b70f53a1cd438a65746fa360d24e&t=false

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv02c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: image/gif
server: gnv02c

GET
H2 200 cross.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 342 B
273 B 127ms
126ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 207
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
205 B 36ms
35ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ca2d3babab5d25d-FRA
access-control-allow-origin: *
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/ 112 KB
31 KB 139ms
65ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b229b46ecb47749bd57d6ae379b974d3e7123ccdbef458f32df80ffc2f7aa01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 934e27d8-df98-4837-b8b7-a04cb793d961
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 934e27d8-df98-4837-b8b7-a04cb793d961
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 24
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bb2bd2d2eb-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/ 105 KB
30 KB 147ms
87ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91ec4e822ed6844f31f38098d60dc096abd6f4765c5d7ab66f05e47d21cfee39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 1e7f15ee-4117-4f3e-a462-ee204041ae08
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 1e7f15ee-4117-4f3e-a462-ee204041ae08
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-envoy-upstream-service-time: 22
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bb2ac62c26-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 dropdown_before.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 154 B
191 B 112ms
111ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 150
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 link-arrow.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 409 B
332 B 119ms
119ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 267
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Close.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 227 B
244 B 118ms
115ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Close.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 12:14:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 180
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 file_copy.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 668 B
417 B 119ms
116ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/file_copy.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Mon, 28 Nov 2022 13:01:55 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 352
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 success.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 386 B
615 B 112ms
109ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/success.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 11:07:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 254
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 list-dot.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 313 B
292 B 117ms
115ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/list-dot.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 12:02:57 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 205
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Dropdown-right.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 503 B
372 B 111ms
110ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Dropdown-right.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4d4a484a100e469b6e3dcf880a37755086e246cc291bab46e3edd4529e3d5d6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 09:56:36 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 307
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 G-font-Bold.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
7 KB 64ms
62ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2f54cd32df1ecb5aac59038dcb70c3f83dfc2888fcb111687092df9e98c2fbeb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6955
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Material-Icons.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/ 125 KB
126 KB 65ms
63ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/Material-Icons.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: font/woff2
last-modified: Tue, 28 Nov 2023 16:09:12 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c239fbd2387ceff073b22f05559eb6a3a9425ccde003eccb22a998429465302f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 otBannerSdk.js Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/ 457 KB
111 KB 56ms
54ms Script
application/javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/otBannerSdk.js

Requested by

Host: cdn-au.onetrust.com
URL: https://cdn-au.onetrust.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: Mq8sWt7aN99kE/VZ97+T8Q==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4D1B2DE7D
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 28351
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:10:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: b1db5b7f-601e-004e-34a3-08543c000000
cf-ray: 8ca2d3bb38d53a49-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 113760
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/ 9 KB
3 KB 59ms
58ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00ff5fe987aa74c46a54f4482d8546d14fcde5c52c2c8c925b313388ff975cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: b9950f16-d41d-45dc-8567-30604b4c61f0
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: b9950f16-d41d-45dc-8567-30604b4c61f0
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 12
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bbdb622c26-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 354 KB
110 KB 295ms
52ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

353f14f190707cd26f76e24ec9d34e20641392b0707ce052a2227311dadff483

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Sat, 28 Sep 2024 09:50:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112323
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 8 KB
4 KB 234ms
233ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 15 Jul 2022 14:12:57 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 3085
x-xss-protection: 1; mode=block
server: nginx

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/ 8 KB
3 KB 230ms
230ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b8506b20afba114868df841492bd90c8b3ca8bc300215ee01526ec4cb93efb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 85ddc583-d8f6-462e-b843-453dad040171
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 85ddc583-d8f6-462e-b843-453dad040171
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 12
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bd9d0a2c26-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Content-Length: 1681
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 web-interactives-embed.js Show response
js-eu1.hubspot.com/ 83 KB
25 KB 260ms
51ms Script
application/javascript 172.65.236.181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hubspot.com/web-interactives-embed.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/

Response headers

x-request-id: b0ec7175-a040-4249-918c-05f12b597ac7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"edf91c1320ba2916398ed791b63187bc"
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
age: 282
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHbP1sZBTOjesMQO9ERSugXZXdxxCgkBJPuRlzAEsWS3zM9HCOEWR5SZ7XN2verOt50FUG6yrxp1qZCBQ9dfc9laBnpE5E5gHJ6QvKV%2FQv88pYcjnZZ5T0y625fZBPP7Y6r0vw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: iNEUuzJC0_7QrK3uQUj0Gt1d7KuqdI-6GQDD6tW6b88ZNIgJptySZw==
x-hubspot-correlation-id: b0ec7175-a040-4249-918c-05f12b597ac7
content-type: application/javascript; charset=utf-8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-m2kr7
x-envoy-upstream-service-time: 3
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Sat, 28 Sep 2024 09:50:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8ca2ccdcf911d34d-FRA
via: 1.1 104bdf965b5b1cb596af463b142160de.cloudfront.net (CloudFront)
cf-ray: 8ca2d3be0c9f2c1e-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: FRA60-P6

GET
H2 200 fb.js Show response
js-eu1.hsadspixel.net/ 6 KB
4 KB 234ms
32ms Script
application/javascript 172.65.219.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsadspixel.net/fb.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c17d765fc13ecfd2c661fa8378db855b59fceb2961ad34ed145e73961baf167

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 625df2da-0775-4ab2-bd3d-c160dad7f731
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f97b977feac068a21e89cfb81708a355"
x-amz-version-id: .arbvMEZAR_Ixa4j7ME.TG.XjHXm5mBs
age: 164
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: nc5w5ov1hNiUaqXJqs8UUxE6ghPa70A6PtXadLXIfE7VLyJ-dKuHNQ==
date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 625df2da-0775-4ab2-bd3d-c160dad7f731
content-type: application/javascript; charset=utf-8
last-modified: Fri, 27 Sep 2024 14:15:18 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-rrdc2
x-envoy-upstream-service-time: 4
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.601/bundles/pixels-release.js&cfRay=8ca2cfba0950a01b-FRA
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
cf-ray: 8ca2d3bdfd1b927d-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.601/bundles/pixels-release.js
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js-eu1.hs-banner.com/v2/25755956/ 72 KB
26 KB 245ms
38ms Script
text/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-banner.com/v2/25755956/banner.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8025ce08dc7d64baaf0aa3ed8492e292f590e5a5a5a90456ed4b0f8c4986f09

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 9c44b3c7-4cbb-4b10-94c1-0abfe481504a
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2466a9b7b3498c0bc71b9433d06ffdbe"
x-amz-version-id: Cv6szvKe2PC3ISsjldERJUjKjNJrZbHL
age: 1
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Sat, 28 Sep 2024 09:55:03 GMT
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 9c44b3c7-4cbb-4b10-94c1-0abfe481504a
content-type: text/javascript; charset=UTF-8
last-modified: Tue, 10 Sep 2024 11:14:51 GMT
vary: origin, Accept-Encoding
x-amz-id-2: VFdb5Fu8P/MQCIw5BKOlTP+xW7sUCPINSYXTkjiXWhkO9U9apDhMCZMxc2goODvTK6tY8/QvU5A=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-5cc6cdbf4d-497g6
x-envoy-upstream-service-time: 60
access-control-allow-credentials: true
x-amz-request-id: FF0C2T3GRBBKJJ2B
cf-ray: 8ca2d3be0fee698f-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 25755956.js Show response
js-eu1.hs-analytics.net/analytics/1727511600000/ 69 KB
25 KB 243ms
42ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1727511600000/25755956.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28834d5848fb9f5289a56f70f6563d4bce4259ca4edb43e60655f966b8ded258

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: a1541805-23f2-4d3f-bcb4-2661fa947aa6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"8ff9ca41f47175f0ce5e49431e5e308e"
age: 138
expires: Sat, 28 Sep 2024 09:52:46 GMT
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: a1541805-23f2-4d3f-bcb4-2661fa947aa6
content-type: text/javascript
last-modified: Tue, 24 Sep 2024 15:16:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: S9ATvxO4c0UwoE+TCY/KD8qkKQOiGKQrCvS/H0y8X+okduVuIjhxJXXSssF0qfKjfGZJmCxT+lg=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-688555d8bb-clv4l
x-envoy-upstream-service-time: 34
access-control-allow-credentials: false
x-amz-request-id: 6BWZ0XEKDN99N7QN
cf-ray: 8ca2d3bdfdfd2bae-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 en.json Show response
cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/01917861-b884-7320-bdec-f5c8d7fac8ee/ 64 KB
15 KB 180ms
180ms Fetch
application/x-javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/01917861-b884-7320-bdec-f5c8d7fac8ee/en.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1890f6f56fb39fc1763ec4a0531fdd18e42d48d3f28cdce128e7905902e662e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: dIWDaurSlqXwO6RyOOQ/vw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCDE0EA49113E5
age: 44825
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 09:36:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: af37da65-b01e-004d-629b-10b558000000
cf-ray: 8ca2d3bd9be0d25d-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15648
x-ms-blob-type: BlockBlob
server: cloudflare

POST
H2 403 ajax.php
www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ 0
0 114ms
112ms Fetch 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

date: Sat, 28 Sep 2024 09:50:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 177ms
43ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 9db64fbb-7423-4f1f-85ac-7b99eeb096ea
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 9db64fbb-7423-4f1f-85ac-7b99eeb096ea
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bdfc08d2b6-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 42ms
39ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 4bcf7e98-24d8-46e6-a15a-297306a157ff
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 4bcf7e98-24d8-46e6-a15a-297306a157ff
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3be3cc1d2b6-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
915 B 58ms
40ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: js-eu1.hsforms.net
URL: https://js-eu1.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: a8a1e8bb-37de-4f4b-be2e-a926f6bb0558
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: a8a1e8bb-37de-4f4b-be2e-a926f6bb0558
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3be7d8ad2b6-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 otFlat.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 13 KB
3 KB 44ms
43ms Fetch
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otFlat.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: RGlYb2KBTfdkPpxIxwwu0g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4C7AB3CD9
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79974
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 27c4b992-d01e-005b-2773-0e438f000000
cf-ray: 8ca2d3becf6ad25d-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3003
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/v2/ 62 KB
13 KB 43ms
42ms Fetch
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/v2/otPcCenter.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: vNMewq08o3u2s0ZPUoZf8g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4CB926D92
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79974
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 30d1bb2f-a01e-0041-3473-0e2250000000
cf-ray: 8ca2d3becf6cd25d-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12723
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCookieSettingsButton.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 5 KB
2 KB 46ms
45ms Fetch
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otCookieSettingsButton.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: fyGpUoUy0eZkGUgUg6MkZA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4CACA7FB0
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79974
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 3604289a-e01e-0050-6f74-0eb8e4000000
cf-ray: 8ca2d3becf6dd25d-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1738
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 24 KB
4 KB 52ms
51ms Fetch
text/css 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otCommonStyles.css

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79974
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/css
last-modified: Mon, 16 Sep 2024 23:11:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: f7931f97-a01e-0051-7373-0ee738000000
cf-ray: 8ca2d3becf70d25d-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 collect
px.ads.linkedin.com/ 0
666 B 251ms
196ms Image
application/javascript 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1727517004592&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: EF83003AB778455BAC8330C11B5912D8 Ref B: FRAEDGE1213 Ref C: 2024-09-28T09:50:04Z
x-li-fabric: prod-lor1
x-li-uuid: AAYjKuVpQsGbqC0D/iGRUg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
915 B 47ms
46ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: js-eu1.hsforms.net
URL: https://js-eu1.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 7b0e39bf-ca38-4b3e-bab1-56cc70f2335d
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 7b0e39bf-ca38-4b3e-bab1-56cc70f2335d
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 1
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3bece8dd2b6-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 250 B
851 B 100ms
43ms XHR
application/json 2a06:98c1:3200::90:3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3200::90:3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sMBBef9lf9ZJ81Ox0DB4X%2F1sVv7chbv0kXGqZpneUbcqhkPOBmGjqPW8rHWY%2FscLPaS50mmoAB%2FbkeboxT0N%2BXkhYlxMwCAb6%2B%2FFiPhy5svxkj5ZsKwjhxWD7McT%2FbgqiB7EjIgt2FxBSYVb7TuSrw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: 9bec525f-93de-4b02-bf27-9ab962b2184b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8ca2d3bf38a92bc7-FRA
access-control-allow-origin: https://www.group-ib.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-eu1.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 142ms
54ms Fetch
application/json 172.65.198.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: a8836dd6-b29f-4292-b1cd-d5c46d1e049a
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uk3kJURVdiq18TbebaZ3vAfC52AThvzPHVg9IKEih7oPbu7gBmAfEJx9nqK7SEYjh9zEows6HGjK0%2BWTNL3HDNzifFWgMUkP%2FI0dm7DBTepY6tE9i4vMjwJJXcQ14%2BMSyTBOrh8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:04 GMT
x-hubspot-correlation-id: a8836dd6-b29f-4292-b1cd-d5c46d1e049a
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 11
access-control-allow-credentials: true
cf-ray: 8ca2d3bf7d8118d6-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 336 KB
110 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

593669597f0540fbc608bfddf742c4e7456eb9afe16cfafed26911bbfca51368

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112048
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 233 KB
84 KB 43ms
42ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10897073384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1155b45a8fdec36a52d2d8a5d1d1290f4cf0ef5df50feccda4a1b5bf50f06f57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Sat, 28 Sep 2024 09:50:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 85715
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 80ms
21ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "bed9b675380c07edc84c03d0f362b192"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12103
date: Sat, 28 Sep 2024 09:50:04 GMT
last-modified: Mon, 23 Sep 2024 17:14:22 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
15 KB 123ms
46ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D3051B9B9224A4CB416227CE13A735F Ref B: FRA31EDGE0122 Ref C: 2024-09-28T09:50:04Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 97ms
23ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66f5de53-111c3"
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 12:50:04 GMT
accept-ranges: bytes
content-length: 18820
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Thu, 26 Sep 2024 22:21:07 GMT

GET
H2 200 NeverBounce.js Show response
cdn.neverbounce.com/widget/dist/ 96 KB
29 KB 103ms
26ms Script
application/javascript 18.245.46.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-63.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-amz-cf-pop: FRA56-P9
content-encoding: gzip
x-amz-version-id: null
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
age: 17274
via: 1.1 6c21a88f98dc05bf345d31b96407e6d0.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: l1sxhwMZMUkV5ZfVoYl6TAJqugGvwOdsfAeLN5FtPUv-W2dAvQgCzQ==
date: Sat, 28 Sep 2024 05:02:15 GMT
content-type: application/javascript
vary: Accept-Encoding
server: AmazonS3
last-modified: Mon, 02 Mar 2020 18:37:33 GMT

GET
H3 200 63e267f61a03d71ea3df5fe7 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 258ms
228ms Script
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d3b572f9d464cfba093f2cbaf069c1228c135d28f4e6cab3c54b69145c9f05a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8ca2d3bf5d011e14-FRA
access-control-allow-origin: *
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 57ms
23ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4445, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: P4CQ/C1GvYZFBGlRfEpsf3nRUgAv+OZFB6XhxBPvRR34pVnfxhn5gS5BgcGZzWNt1rp8UdVmOUPtdYfVXhzEHw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0

GET
H2 200 1010045.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
1 KB 103ms
46ms Script
text/javascript 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010045.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8530c3e4aab57792d2de601bf80edaf0f9280f5afa15e12b2ed2f26a34949b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3bf8e923688-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 1010056.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 99ms
43ms Script
text/javascript 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010056.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b36ece0a9b0dd3420befc70c4b96821f8a139177b78e1bac2670a9fc139857b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3bf8e933688-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 1010057.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
1 KB 100ms
43ms Script
text/javascript 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010057.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a961ed4a1958945c2340352071f6c00c848dc9c125fcf045efc40fab4062117

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3bf8e963688-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQKGtwEDEhe7_AAAAZI4CZUrdfpa8bBJ...

0
264 B

278ms
206ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQKGtwEDEhe7_AAAAZI4CZUrdfpa8bBJtFIDIpk19AOTMuDtz750znqEEjP-G3yVT2aoICDy_ulg
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 98E2350683C746878647D618965A1671 Ref B: FRAEDGE2022 Ref C: 2024-09-28T09:50:05Z
x-li-fabric: prod-lor1
x-li-uuid: AAYjKuVyuODg0ClGf77nYA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517004650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQKGtwEDEhe7_AAAAZI4CZUrdfpa8bBJtFIDIpk19AOTMuDtz750znqEEjP-G3yVT2aoICDy_ulg
x-msedge-ref: Ref A: E82135935E914EAAB8EAD919516E0E91 Ref B: FRAEDGE1213 Ref C: 2024-09-28T09:50:04Z
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYjKuVumNZDmnG0IP47Lg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:04 GMT

GET
H2 200 ot_close.svg
cdn-au.onetrust.com/logos/static/ 651 B
600 B 44ms
43ms Image
image/svg+xml 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/ot_close.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 68441
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 0a85ae8c-101e-0009-1d56-093f67000000
cf-ray: 8ca2d3bf5dd03a49-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_guard_logo.svg Show response
cdn-au.onetrust.com/logos/static/ 497 B
532 B 48ms
48ms Fetch
image/svg+xml 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/logos/static/ot_guard_logo.svg

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79973
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 0bf5a38e-b01e-0072-4d1e-0b7dfb000000
cf-ray: 8ca2d3bf6963d25d-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_company_logo.png
cdn-au.onetrust.com/logos/static/ 4 KB
4 KB 46ms
46ms Image
image/png 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/ot_company_logo.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8DCD6A4D842D1F7
age: 33422
cf-cache-status: HIT
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/png
last-modified: Mon, 16 Sep 2024 23:11:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 769ad0ad-b01e-0000-2e21-097ab4000000
cf-ray: 8ca2d3bfbe3d3a49-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4036
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 powered_by_logo.svg
cdn-au.onetrust.com/logos/static/ 5 KB
2 KB 48ms
48ms Image
image/svg+xml 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/powered_by_logo.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 68241
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 91dbc4cb-d01e-0039-7adf-0881a8000000
cf-ray: 8ca2d3bfbe433a49-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
92 KB 56ms
55ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Requested by

Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ff26d2fd611ddbeb103497978d7634f5d77748fd3c6d0846882552da03e356ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94645
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
92 KB 65ms
65ms Script
application/javascript 216.58.212.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d6aa253f20f74c705be27f19621a4ea75d3b1d949394f08f6fe4be3676172a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94616
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_du2owjr6f67j/ 3 B
124 B 90ms
24ms XHR
application/json 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_du2owjr6f67j/config
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/json

GET
H2 200 a2_du2owjr6f67j_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 80ms
32ms XHR
application/json 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_du2owjr6f67j_telemetry
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 97
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 86ms
21ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1727517004765&id=a2_du2owjr6f67j&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=d2fc5ee0-83ae-4019-9ef2-302e34d9f966&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_5afed25b&dpm=&dpcc=&dprc=
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/gif
server: Varnish

GET
H3 200 649324202964935 Show response
connect.facebook.net/signals/config/ 81 KB
16 KB 25ms
24ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649324202964935?v=2.9.169&r=stable&domain=www.group-ib.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

83ad6c734a5f5c3ef3af547883c69c0cc33a85dda24b4b3c86d6a585a5f8fe68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=74, mss=1232, tbw=67245, tp=62, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: 2trZk0bmsmJn12s/EN/m84g+w50ANY4CG3NTEK2fDC3kp4WdEfT7vQA2DQbsiE9p8bz/YCe5CnTQJYTsvOy/Bg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 15801
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 143ms
141ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryD6yMAxg9P3u16msG
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 145ms
143ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryI93lOjQWvfiCzglW
Referer: https://www.group-ib.com/

Response headers

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 382ms
125ms Script
application/javascript 35.171.0.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_595231

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.0.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-0-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

37810cbd53a1f238d5cd83770efdebe23e20888570dfb5dfe41235155c8dfac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 481ms
224ms Script
application/javascript 35.171.0.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_292040

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.0.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-0-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d02bdc4b215b7fee727e364d585c5016ae395786fe51c550eec4061f3842e803

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
281 B 384ms
128ms Script
application/javascript 35.171.0.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_37492

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.0.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-0-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

277d17805265709dfd33f10251d06537d8f37c96722e9686f268b823ebf04b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 383ms
127ms Script
application/javascript 35.171.0.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_777537

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.0.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-0-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b93c84af2d9cfbb9e6cc8ebee1323df4a9058b86ba0e5a642ef1347f3d861eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
282 B 380ms
124ms Script
application/javascript 35.171.0.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_230045

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.0.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-0-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ffa599bd9fbc86732928aa04d30328fc4effc39d65bcec25c29e05e45ea76191

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 113ms
41ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je49p0v9101996448z872040694za200zb72040694&_p=1727517004226&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&cid=1552793601.1727517005&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&sid=1727517004&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&dt=DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1521
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.group-ib.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
555 B 110ms
34ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=1552793601.1727517005&gtm=45je49p0v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.group-ib.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 114ms
65ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=1552793601.1727517005&gtm=45je49p0v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727&tag_exp=101671035~101686685~101747727&z=501524803

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sat, 28 Sep 2024 09:50:04 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 145ms
144ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypNhJQOupYcx0hUHt
Referer: https://www.group-ib.com/

Response headers

GET
H/1.1 200
OK counters.gif
perf-eu1.hsforms.com/embed/v3/ 35 B
997 B 163ms
97ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: eb8a649f-752e-43a3-926e-83c8536084c6
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: eb8a649f-752e-43a3-926e-83c8536084c6
Content-Type: image/gif
vary: origin, Accept-Encoding
Last-Modified: Sat, 28 Sep 2024 09:50:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c13c9739ec-FRA
Accept-Ranges: bytes
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 146ms
144ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVm3Yb7ozLKdSITMP
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 148ms
146ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryn1hyOnq3UgWPh4wY
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 132ms
130ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUmXgM2xybdZOnmEj
Referer: https://www.group-ib.com/

Response headers

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 33ms
23ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.group-ib.com
content-length: 7
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
315 B 109ms
22ms XHR
text/html 2a02:26f0:7100::210:180
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:180 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2001:1b60:2:240:3247::2
expires: Sat, 28 Sep 2024 09:50:05 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1727517005028_34603388_209422361_19_790_22_39_219";dur=1
access-control-allow-origin: https://www.group-ib.com
content-length: 23
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 147ms
139ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=eefd833b-21b0-402b-83ef-f07238de2d0f&session=09e9a528-5616-4bc1-8e4b-1cb3b4459044&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A04%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=a5c1c867-b746-4045-87ab-8befb97b933e&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:05 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 143ms
135ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=eefd833b-21b0-402b-83ef-f07238de2d0f&session=09e9a528-5616-4bc1-8e4b-1cb3b4459044&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=a5c1c867-b746-4045-87ab-8befb97b933e&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:05 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 fl Show response
www.group-ib.com/api/ 685 B
1 KB 122ms
112ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=JhMRkZRXNU2tK0r6le2WKvjMeZ%2FT0O5zOSKsYWNjNEc6abbAo6NBwx%2BEVZPNrUAuf%2FBr8CnCkayxXHiT0c7asTawh%2B7QKBdhB%2Bp%2BEtPudqktSssHUCROKVqoVj%2FAwFeiUYRkItIjVNochDpunNJs8b1jlmkHZqEXQ31n
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 13ab504c21ee50f97a267d52e8af54f2a23021c5175db323719a163944d27862

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: p5BZAZGQMWC1+6L9NOG9Lsbiz55XFlBOr1zul8nETb/oIwxelCY1/G89ND8cugLuGbx4omRN94g1Kze23NtZXtSiPAS6348kX0T0HI5Z1N6e77rHIWxDWhEh1rzZfZgU4WEB1qSCD+/UI3Hmndcxc0G0MNFFA5c2YPHhces2SJ8IngEtF4Qh55yDOUE/LURhzFF45BMzInzhpCcayEpfPHcSHVmUtMQA5kAGzDSbDHXuQxPmFMUlXDknF8GMiTuKK41wMzIhjT5Zkka/zw==
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: kBJn94cbc5e1597bd65486c77a88b79a6bc98e4e

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 53
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 343106030.js Show response
bat.bing.com/p/action/ 370 B
420 B 46ms
45ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/343106030.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C099CC2B283B410D91CEB8708E16BE95 Ref B: FRA31EDGE0122 Ref C: 2024-09-28T09:50:05Z
x-cache: CONFIG_NOCACHE
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 69ms
21ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D649324202964935%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26rl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26if%3Dfalse%26ts%3D1727517005008%26sw%3D1600%26sh%3D1200%26v%3D2.9.169%26r%3Dstable%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1727517004994.431328822184697369%26cs_est%3Dtrue%26cdl%3DAPI_unavailable%26it%3D1727517004785%26coo%3Dfalse%26exp%3Df1&rqm=GET

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1297, tbw=2797, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 246ms
199ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&if=false&ts=1727517005008&sw=1600&sh=1200&v=2.9.169&r=stable&ec=0&o=12318&fbp=fb.1.1727517004994.431328822184697369&cs_est=true&cdl=API_unavailable&it=1727517004785&coo=false&exp=f1&rqm=FGET

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419629041222236258"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: tU3Q6yRno3etRLyAE4xopIWkdxp2WKmWOIxq2nDWgSQbk6D4VF5hrUMwkjGltQi68fr8YYmdsMBuSO5eTKQCog==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419629041222236258", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=12, mss=1297, tbw=3115, tp=-1, tpl=-1, uplat=177, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 166ms
164ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=eefd833b-21b0-402b-83ef-f07238de2d0f&session=09e9a528-5616-4bc1-8e4b-1cb3b4459044&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A2%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=a5c1c867-b746-4045-87ab-8befb97b933e&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A2&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:05 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 204 0
bat.bing.com/action/ 0
286 B 65ms
64ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=343106030&tm=gtm002&Ver=2&mid=299a9a33-3d05-42b4-a5a2-058cbf853698&sid=09d276507d7f11efb090b5f9ba53c9ca&vid=09d276f07d7f11ef9c0a610bb71c9ab5&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog&p=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&lt=993&evt=pageLoad&sv=1&cdb=AQET&rn=443486

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1E02B64D72FA4282B7C5DDE0A6AA4B44 Ref B: FRA31EDGE0122 Ref C: 2024-09-28T09:50:05Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Sat, 28 Sep 2024 09:50:04 GMT

POST
H2 200 044e7558-8073-478a-ad3c-5807dd76840f Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
736 B 74ms
73ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: fdad77e0-b7f6-4660-94e3-20d85a3d3730
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cWObh9ZZVfvOn%2BLSrFz9jTkJjIBX4UsCinWqJdBfkgZ4U3gSaXb0bX7CuohsMIJMVCnHYLSLQFIGphCZLUEDuhC0AF%2BH4TUBvRIp%2BRJJ4B13JwBfF6o%2FK5IboqNkXG8Fx3RG5IF65Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: fdad77e0-b7f6-4660-94e3-20d85a3d3730
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 18
access-control-allow-credentials: false
cf-ray: 8ca2d3c47aba5ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 044e7558-8073-478a-ad3c-5807dd76840f
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 174ms
88ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea225ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MpD5%2BSdsfSDwAac1I2xarf4B2RcxYkShgmkO5VxQ9Tf9KgTVEwLy6%2BFvmpLe8m5K8bA0TJx%2BC9t7GqkGieI44SCjoA38AFiRLHgYV1MnYFVTIiFAtR7WDbtqmoeEPbJd2yNNiqtQ8w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 62615210-c046-4c2a-9dcb-92149b213eb3
x-request-id: 62615210-c046-4c2a-9dcb-92149b213eb3

OPTIONS
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 135ms
62ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea245ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfbiNfJQzKGT6Ytpz2d2fC6tCgHlJLWUYOZRDB7EulwsMcPRpXarX9SV87ia2or4lVereOrhtwstilf8XoA2p1cUgAwn%2FMm%2BJjWYIAu2B4z6XB828rORgPhiD1v%2BXF4awdjiWkKTLw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 9f3a1cbb-d01d-4a44-909d-d9ba6733af51
x-request-id: 9f3a1cbb-d01d-4a44-909d-d9ba6733af51

POST
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
750 B 66ms
65ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: b80e1d82-1a0d-45f5-b042-81a4c7eb7b88
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g1D47M6PQYLdD51wh0iQLiQWTvEPlS9crT3P8EbYKnI4AOLEIrUOYk8obN5ekkp%2FBiFC4xSTC2vckwf0u892b1dB8tBF%2BzbIC3lxAqgalwYL8jt4WS7WbEeZx7u6WJ3IqujC%2BRXTSg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: b80e1d82-1a0d-45f5-b042-81a4c7eb7b88
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 17
access-control-allow-credentials: false
cf-ray: 8ca2d3c44a9a5ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
666 B 64ms
62ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 09d1594a-67e7-46b3-a44b-bf3c7914c55b
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrCySYFm0qJXltAMLU%2Buj6lXSEGQVX41XIwrUk0VOzBA94DvGAb1Yb9DFEKw4ascHxsRPsiJbLM6CSHjNWVlutk4C7HUO3jllkR4J%2F1yD2vvkSQpystrp8FqZ76eDRfSsxaSYF%2B89w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 09d1594a-67e7-46b3-a44b-bf3c7914c55b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 17
access-control-allow-credentials: false
cf-ray: 8ca2d3c44a935ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 129ms
57ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea255ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaxgIa%2Bdr%2BdABx9TD5iKWZzuV4yptDShn2xWYiZZTyPZ4qSVwGTFWT5Tyw06LOubI1qGA%2FnYdsr9NSHmMSy0k3pTxB1QqlIeFnMST0QSPOhUGkLcd3mR3QPiMPDVQH91ecGQV2O4sg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 8cede624-4387-400d-9a71-5f72dc386d33
x-request-id: 8cede624-4387-400d-9a71-5f72dc386d33

POST
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
1 KB 67ms
65ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: e15d86c3-ffd2-47c6-b5d3-08572b5a7a8e
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5xoFkEf774PRFM%2FDGITd6Nri45Z2dH18saqa3If%2B7rH7gw2X3yZkDB1igai%2FeZ8l8%2FwWidjiyjm9xZh0XtcWQ9%2B1vjxpECSToeYiLVEki0AJ5arqAqaxpXVSBjDiKMqHWZJ5Hqnrg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: e15d86c3-ffd2-47c6-b5d3-08572b5a7a8e
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 16
access-control-allow-credentials: false
cf-ray: 8ca2d3c44a915ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 116ms
56ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea265ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iCL1ffK1lLBFc4KjyovCQnH%2FiZdjcNLFls4HPP3jYE0qTLy%2BSIPRPp3F%2FLNiHQLjChnLVi9shSHyasYAlyfvWoc7ujdZwVgVeVTKBBjJXxRHIns%2FOrvMZ53kf%2F7YPkjx8VaQ9ylAgA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: f77d764a-1ac7-4b3b-a983-ecd686ad26bc
x-request-id: f77d764a-1ac7-4b3b-a983-ecd686ad26bc

POST
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
740 B 59ms
57ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: c3b16883-520d-4b6b-ab7d-9ecb153174b1
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2FNd1S3tWjo%2FxlvTwx5eH1Aa74QRI4QqRhgS31SPWq8s3d6lo0orH12Q%2FdJhuEy8w7i7u53E3llWaqdLskt5vX0EdPGELe1mDQos7WiqV%2FRvbDaR0WWUAEA6pOcXdktJ4Ju54PBSTA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: c3b16883-520d-4b6b-ab7d-9ecb153174b1
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 18
access-control-allow-credentials: false
cf-ray: 8ca2d3c44a8e5ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 115ms
55ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea275ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QsrlNVxbeb4VtK2mY2F6FDV9xw%2FzKxJ4d5o7aPEaedI%2Fs51CDS%2BzuZVwPOlF1kA7%2F0pBQdsC6eueHxOjL565tykrdA06UIsjUDCqxDESn0GFu5w1iDwxpQQ3yq%2FtmifWse%2Bspfr8Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 98a751c8-997d-482e-9e8a-14c11654fa65
x-request-id: 98a751c8-997d-482e-9e8a-14c11654fa65

POST
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
706 B 68ms
66ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 5ff6c329-c3e4-44e0-a408-b97b5d82b463
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BLDXNkSml0RTSReKjPOr%2FajaSVV94gti7tOzMFa5qmtiWcIwe9mQQGxDHlNvbDobgPBBOASEu8M3Qi1NzPBI3vVTYnbhIWrI8kLM0ulSelOc%2F6gsiFNULz0dXTtT1jrJk1gBMrnOsw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 5ff6c329-c3e4-44e0-a408-b97b5d82b463
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 15
access-control-allow-credentials: false
cf-ray: 8ca2d3c45aa25ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 118ms
68ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea295ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BWfkUWixgW%2FKW5usi%2F211EfSCH8j15f4Z3gGEjXK4J%2B0BfTU3f%2FDjQxf0PcK8VFuuokCZFNZ70grWWQjkDLr85NdaTQC5ZCOkmWAfRAQbp3e4cuPm9RlnFOs0XFl1RqPhYcrXtK7g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 49ca2ef7-24af-4fd5-aeef-1f7e9c2628bf
x-request-id: 49ca2ef7-24af-4fd5-aeef-1f7e9c2628bf

POST
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
673 B 77ms
75ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 72ee2341-85df-46c6-8a72-7f5c4218a876
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMJ%2FmLl0EMKfAAVbF62SMoXI2zRiv7RgYduiz8fAc%2BNGgTko%2FC%2Fjuc%2B2VN5wQ1Ay%2FjDgX9UGljUlXPdsvUSMKFcn4u%2FQFJ3VRulVm%2BVmrZUcq6FFc7jgC8jVPxBHpWUlKYRaE6RK3w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 72ee2341-85df-46c6-8a72-7f5c4218a876
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 15
access-control-allow-credentials: false
cf-ray: 8ca2d3c48abf5ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 135ms
93ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c3ea2b5ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzKAPYPKpcmwg%2Fjrfa6ujdzMRPYkZ2sVsPWOChf9a0rrJISbXnLjFf8CurYI2LgIKskZlGx9eZbocuJPiaEzlYhUZFbCowhVOLWSvq9hLpJEMLhgfZlz4vWQVAy2mxZcsRzL%2BZzREg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: e26ce118-a5cf-4fed-804b-d84d861736de
x-request-id: e26ce118-a5cf-4fed-804b-d84d861736de

GET
H3 200 709834390277869 Show response
connect.facebook.net/signals/config/ 29 KB
3 KB 25ms
25ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/709834390277869?v=2.9.169&r=stable&domain=www.group-ib.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112%2C199%2C198%2C200%2C205%2C206%2C207%2C203%2C195%2C131%2C133%2C162%2C194%2C196%2C121%2C156%2C144%2C150%2C188%2C189%2C128%2C231%2C115%2C125%2C126%2C232%2C164%2C118%2C234%2C165%2C135%2C122%2C153%2C147%2C113%2C127

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

a8f14886acaa595928d480b75781a68feb94ffb5ad7e3cecbd1817e6914e564b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=87, mss=1232, tbw=83805, tp=79, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: DkpKDqGETUge43cgtkjdSRzE/T7Fbst66F2IHH2LPD3pel5rTxuy6tXmg49iLKPmL+Tec+2b/D8dwC0A4BBmnQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 3373
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 161ms
61ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005479&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: d00dfe97-ee45-4e91-8043-444a610ef0af
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcEHNDdYHT4WSa2%2BzhIQy5%2B%2FSsXPXAT4XO3A%2BUjPxuq69TlHh2SvrNPUcFtUwyuPR2bd0WLCIi94vjmEGTz%2B%2BB2rS2bXhdAJ34JXVKkdtlFp2laIqfKlRGFjemLvsMUnpdJRae6lMw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: d00dfe97-ee45-4e91-8043-444a610ef0af
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-wx7wd
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc8bd364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
743 B 147ms
64ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=96af3f75-43e7-45e5-b6be-fc4ab5ead9f4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005479&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: f1650a63-df4f-433a-9e40-2ca70b2d6f86
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PL4vKtyzjApxuYim6YcI053Jj45sPyIEmPsJi4BMFijvp6cjIrT7d%2B1igdpU2ipOPzhBxEMz5NwsXcQDBR8aT%2B52JQMtVrObJ31dty3q%2BHQ8dEgDP286I1Jb4z3eiZhvRoFqBzCsvg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: f1650a63-df4f-433a-9e40-2ca70b2d6f86
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-rnf58
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc88d364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 139ms
56ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=ca9aec42-ac5f-46e9-8840-71856f3bbe4a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 35c1a681-5686-4b1f-85e0-d79aa282f40d
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PtioLvX3ZqAkCKVYkYcENDHK73f1bQj2mvCgMRlBCG1ait1v%2BoZVUdaUtBu8YlVHs%2BcSir5vDVuzdACrJplsm1rAzzsd4ycCsaq30Ivr%2FuOhEiUK3yXqjND9VuOoQQW0dDvbBkPCPg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 35c1a681-5686-4b1f-85e0-d79aa282f40d
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-98sbh
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc82d364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
635 B 139ms
57ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=0000673d-a33f-43f6-8dba-b04b414eda44&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 7f2cef09-c5ca-4e94-9534-bb4984c1267f
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V0K%2B%2B5DtyxtctrlpLviSs1Mc0LSU0ssEo0BgE4by%2B6iut5THDaXB7nuCW1GryUEHkksmB4up4llNlyhQUnRvXfeM7gPsURU4wGwJ%2BSZCwXK3NXq6aeoHsxti9yseH33jbl9Gz7CtPw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 7f2cef09-c5ca-4e94-9534-bb4984c1267f
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-hm5t7
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc84d364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
741 B 141ms
59ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=25fddeb2-b89d-4d0a-b253-b3badf4ef465&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: d3f80269-6747-4428-9310-6376c262fa1e
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0RYEoWVxNZe6uxglMD1oF1r50pHseo3b2VICWzbGWWCIIetCgrNhDb%2BH%2FHYQHgNDZaqusynuWqfeIMLJfmcUeJtgv2S8IkOSd7AXARMqJsM9igixTyP7rwA15gsD5s6RwNI%2FejDqw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: d3f80269-6747-4428-9310-6376c262fa1e
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-lxmns
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc80d364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
768 B 182ms
107ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=eb903dab-0ef3-43b5-bdeb-71372e6ad0f0&fci=e6efaaa9-39e0-4bbf-bdbd-375a7b0c2125&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: f6bc801a-4359-48bb-9f7b-6a03dff41c9a
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YsPpM%2F8jbxuVk%2FM9jv8QIAsczm4yIFsOE%2FLXZFPG%2Fg1udaTy66sIpr3qbbkZ1uDGnxsCBdYiuJ%2FeTAh7mk8cV7RwlRVTG64gSFVpoWYf24UngImFjeS6T8kdweJXCtU4sibNIvdG7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: f6bc801a-4359-48bb-9f7b-6a03dff41c9a
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-skjq6
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc7ed364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 68ms
67ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=96af3f75-43e7-45e5-b6be-fc4ab5ead9f4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: b55a361e-c9c0-4689-9420-892e31abfe25
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zOz1EpvtDr%2FQy4UesmR59tNiTkaNs2MpgCscIHoxfPehBysgaCzVqpkjNXodnH8ShMP6TQxNLW8ezf7HOEMl738X9YjiyQV9rf1k%2FBMWQjkjV87AZn2MUJKhAIv4eBe1DSeBt8L%2FJg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: b55a361e-c9c0-4689-9420-892e31abfe25
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-4k6lr
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc8dd364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
652 B 62ms
61ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=0000673d-a33f-43f6-8dba-b04b414eda44&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 2b64b748-349e-44e8-b19a-37acfe735587
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pzd0naxOat49TVH7hsu4VN3rTrekRXs6w9T6ZzDB8S7lb0I4f%2FYpV8GL4%2Fge1d4Xsirkb3CqVj1JHoksknS86TrJ21dzD5TjJhEkXZLnEeGPIywezIQUdB4yponqhbvYJTEh10ldoA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 2b64b748-349e-44e8-b19a-37acfe735587
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-gv7j8
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3c4fc8fd364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET __ptq.gif
track-eu1.hubspot.com/ 0
0

GET
H2 200 __ptbe.gif
track-eu1.hubspot.com/ 45 B
739 B 69ms
68ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptbe.gif?n=form_abandonment&_formId=%7B%7B+event.properties.formId+%7D%7D&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005482&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: d34688c5-6c82-492b-97d3-4b36d8bc30ae
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axB%2B4tJQkqHyeYBh3G0uip24OIgknHg5Wp5aJDIccSx4nfjGUZmDVjyihtB8P50EdtqisJ2JedMiantdVlMZQNejX67%2F2qEb0uskphR7O5%2BKEAXIDRPrPOu6C9jiOhRf3cYfvMf2zg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: d34688c5-6c82-492b-97d3-4b36d8bc30ae
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:05 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-pzkzq
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ca2d3c51ce1d364-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 96x96.png
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 45ms
44ms Other
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/uploads/96x96.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Thu, 27 Jul 2023 07:36:53 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2164
x-xss-protection: 1; mode=block
server: nginx

POST
H2 200 eb903dab-0ef3-43b5-bdeb-71372e6ad0f0 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
1 KB 58ms
57ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 5d41e634-6d18-4846-a47b-2f2c9711526c
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWDvVgQTR%2BGimovGVTIkPbdwWrQLjskuRp9c2%2FfZtUfysldUzQg6ECNnphODAJAuSzvB0WD1cCbbTfD3SS82nWeX2GgJNU%2B6Orhkvv7cBJJQC%2Bv5e5TCO5girVv4mQaevwFU5FAEwA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 5d41e634-6d18-4846-a47b-2f2c9711526c
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-envoy-upstream-service-time: 15
access-control-allow-credentials: false
cf-ray: 8ca2d3c4eb225ca4-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 eb903dab-0ef3-43b5-bdeb-71372e6ad0f0
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 45ms
44ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3c4aad65ca4-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:05 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAejpZaXb8Cl4gbO1HZhP8yKUx2EPtWzEGhqNvTvuUnfBh0C22vSfWxqinVQg0qeF2GI0ubVhYS6zF0WnxDDlRslqdsHdKbiFRDCoaPUV40m%2B3AzProgLIBDsYywGvpHa0M%2BUGg5Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 757f0e64-36c0-4722-b4bc-4aff78011c9a
x-request-id: 757f0e64-36c0-4722-b4bc-4aff78011c9a

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 22ms
21ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D709834390277869%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26rl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26if%3Dfalse%26ts%3D1727517005526%26sw%3D1600%26sh%3D1200%26ud%5Bexternal_id%5D%3D36fd0f6f155ac593edde9385e56ca082%26v%3D2.9.169%26r%3Dstable%26a%3Dhubspot%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1727517004994.431328822184697369%26cs_est%3Dtrue%26cdl%3DAPI_unavailable%26it%3D1727517004785%26coo%3Dfalse%26exp%3Df3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1297, tbw=5982, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
845 B 126ms
126ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&if=false&ts=1727517005526&sw=1600&sh=1200&ud[external_id]=36fd0f6f155ac593edde9385e56ca082&v=2.9.169&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1727517004994.431328822184697369&cs_est=true&cdl=API_unavailable&it=1727517004785&coo=false&exp=f3&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419629040542551016"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 53As/RgNxgKgbmuMWRhOj8dkKhjcI05SQZa0oDTdGA02MHBgkQuftcC/zOOPQs7URBcJlOmayLrym+tbqCY/0g==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419629040542551016", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=10, mss=1297, tbw=6128, tp=-1, tpl=-1, uplat=105, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 161ms
160ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=eefd833b-21b0-402b-83ef-f07238de2d0f&session=09e9a528-5616-4bc1-8e4b-1cb3b4459044&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A04%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%221005%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=a5c1c867-b746-4045-87ab-8befb97b933e&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A2&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:06 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: track-eu1.hubspot.com
URL: https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=ca9aec42-ac5f-46e9-8840-71856f3bbe4a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517005480&vi=36fd0f6f155ac593edde9385e56ca082&nc=true&u=84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1&b=84897990.1.1727517005476&cc=15

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.group-ib.com/	1970-01-21 08:37:33	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
.group-ib.com/	1970-01-21 08:37:33	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
.hsforms.net/	1970-01-20 23:51:58	Name: __cf_bm Value: 6Fs5.UUFfdzmgVf000mQ_Ge9eZ0VQM0B8.wr4.6PeBw-1727517003-1.0.1.1-EiXbr.6GBY4FZ9zCQTXcVnzM9ug9UDisB_NTHuiM7IwoSniORuhDFsZ7MN3jFOJZoZFMNhTgRudXpVp9iftY5A
.group-ib.com/	1970-01-21 08:38:59	Name: _vwo_uuid_v2 Value: D13001736BC4D2794E31D8BD46C9D33FF\|cda1b70f53a1cd438a65746fa360d24e
.hsforms.com/	1970-01-20 23:51:58	Name: __cf_bm Value: Nu2ev3VhtdqQvc4VGufOJEzJvkNiHmEdurB8bzt2xL0-1727517004-1.0.1.1-PcWbTdiBi671jWI8eFkq92o75R5FSr48CNEd_p0OTfJdz8o1LlKEtwJJomJ4Dsf4mYJfG6VykqtX8dMp_KqTfg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: m5ucAUDAd8yljweLbTYm55BdBrYRgj7QPn1Ba9KKk.Y-1727517004533-0.0.1.1-604800000
.group-ib.com/	1970-01-21 02:01:33	Name: _gcl_au Value: 1.1.1903696660.1727517005
www.group-ib.com/	1970-01-21 08:37:33	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Sat+Sep+28+2024+11%3A50%3A04+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202409.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=c344ec9e-6fe1-4464-b154-63a1a52323d5&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.g2crowd.com/	1970-01-20 23:51:58	Name: __cf_bm Value: WpL3G_lmnTHp9L_akKiVcD7b0RbMCoZTVZtWfBswtwM-1727517004-1.0.1.1-P9mRKjHWNEyJ_ZdZgQQHKIvhgtx4gAADF3sT4yE5VtJKZq2hGBNBpZhGMvAMcoZXe4ox88NfkyQw0zB0EMZfNw
.group-ib.com/	1970-01-21 02:01:33	Name: _rdt_uuid Value: 1727517004764.d2fc5ee0-83ae-4019-9ef2-302e34d9f966
.group-ib.com/	1970-01-21 09:27:57	Name: _ga_QMES53K3Y2 Value: GS1.1.1727517004.1.0.1727517004.60.0.0
.group-ib.com/	1970-01-21 09:27:57	Name: _ga Value: GA1.1.1552793601.1727517005
.ws.zoominfo.com/	1970-01-21 08:37:33	Name: visitorId Value: a7f4e4074d3b2257206ad7e6103c4517bc696eba938f5e400570c7cd51b2aa3a
.zoominfo.com/	1970-01-20 23:51:58	Name: __cf_bm Value: fvhty9SMbqyJKquKilPJW5C5z0BumVQEtO0JL5XJYXo-1727517004-1.0.1.1-lBuwMnkm3n6e5tQnMGA1Fg4Nufx97MwUWlFW84VcrqGxC4BusCeD1aReEBm8.G9AQYycGOwgliaWuOKToiU4iA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: DJwZ.oz5CMvPtAAJbk4KbuZFyWK8AMbYojkICr28cJE-1727517004900-0.0.1.1-604800000
www.group-ib.com/	1970-01-21 09:27:57	Name: _gd_visitor Value: eefd833b-21b0-402b-83ef-f07238de2d0f
www.group-ib.com/	1970-01-20 23:52:11	Name: _gd_session Value: 09e9a528-5616-4bc1-8e4b-1cb3b4459044
.group-ib.com/	1970-01-21 02:01:33	Name: _fbp Value: fb.1.1727517004994.431328822184697369
.group-ib.com/	1970-01-20 23:53:23	Name: _uetsid Value: 09d276507d7f11efb090b5f9ba53c9ca
.group-ib.com/	1970-01-21 09:13:33	Name: _uetvid Value: 09d276f07d7f11ef9c0a610bb71c9ab5
www.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Y2teml6Wm6OMzrCllyGL/UREs+LxGXTTnjYJyXGkjDmPpajNPU1z8zR7VWBWxJjBtv/fXNI6FqWG+UKHtw/WXb5eig12JnM4hAHCJnfYUT7HO7SaHyQpy0/Q44bSGpFKxx0HbOjapyB8YIhBOMrNOiiQ5IIjctrCERhXQGw0KgeotgI/lJ03stSttMr2c3/raX2USIn6pAT+OBFvIy7VRBNvzr/jKNBqNF49ps2o7fRyjz7XX3kz8CAnRKZ4tY9orHOh16wu/RUY8qxnLA==
www.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: lTMQ0qy1bscX7IaD+TRDvcUXAsX98a2a1BKFny06uJzJELhFmbisYKwX8In+p8ZRFChn3OzOLrVjE58tnk/6cqU1idvCUrMAYld+1Ep0fxYPCwPYCmdo9EQIheBE25H/T+yj6M61QBOewj5jvCez5ibn1JlVpLnBEoNc
.www.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: lTMQ0qy1bscX7IaD+TRDvcUXAsX98a2a1BKFny06uJzJELhFmbisYKwX8In+p8ZRFChn3OzOLrVjE58tnk/6cqU1idvCUrMAYld+1Ep0fxYPCwPYCmdo9EQIheBE25H/T+yj6M61QBOewj5jvCez5ibn1JlVpLnBEoNc
.bing.com/	1970-01-21 09:13:33	Name: MUID Value: 34C98645D98E60972AA0934DD82261EF
.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: lTMQ0qy1bscX7IaD+TRDvcUXAsX98a2a1BKFny06uJzJELhFmbisYKwX8In+p8ZRFChn3OzOLrVjE58tnk/6cqU1idvCUrMAYld+1Ep0fxYPCwPYCmdo9EQIheBE25H/T+yj6M61QBOewj5jvCez5ibn1JlVpLnBEoNc
.www.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Y2teml6Wm6OMzrCllyGL/UREs+LxGXTTnjYJyXGkjDmPpajNPU1z8zR7VWBWxJjBtv/fXNI6FqWG+UKHtw/WXb5eig12JnM4hAHCJnfYUT7HO7SaHyQpy0/Q44bSGpFKxx0HbOjapyB8YIhBOMrNOiiQ5IIjctrCERhXQGw0KgeotgI/lJ03stSttMr2c3/raX2USIn6pAT+OBFvIy7VRBNvzr/jKNBqNF49ps2o7fRyjz7XX3kz8CAnRKZ4tY9orHOh16wu/RUY8qxnLA==
.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Y2teml6Wm6OMzrCllyGL/UREs+LxGXTTnjYJyXGkjDmPpajNPU1z8zR7VWBWxJjBtv/fXNI6FqWG+UKHtw/WXb5eig12JnM4hAHCJnfYUT7HO7SaHyQpy0/Q44bSGpFKxx0HbOjapyB8YIhBOMrNOiiQ5IIjctrCERhXQGw0KgeotgI/lJ03stSttMr2c3/raX2USIn6pAT+OBFvIy7VRBNvzr/jKNBqNF49ps2o7fRyjz7XX3kz8CAnRKZ4tY9orHOh16wu/RUY8qxnLA==
.www.group-ib.com/	1970-01-21 08:37:33	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: YMoKc7e56223320e5e41870926cbe47fd151c275
.group-ib.com/	1970-01-21 08:37:33	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: YMoKc7e56223320e5e41870926cbe47fd151c275
.linkedin.com/	1970-01-21 08:37:33	Name: bcookie Value: "v=2&72603af6-0c0e-4072-8e49-653a09009c62"
.linkedin.com/	1970-01-21 04:11:09	Name: li_gc Value: MTswOzE3Mjc1MTcwMDU7MjswMjGII0gYd2d7+Yay80QRUfkn3yiY/Yc7hkolbXOezJSIwQ==
.linkedin.com/	1970-01-20 23:53:23	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2939:u=1:x=1:i=1727517005:t=1727603405:v=2:sig=AQEyzRcuWgHUOLS-FyaoMGqI6Am3TVZY"
.group-ib.com/	1970-01-21 04:11:09	Name: __hstc Value: 84897990.36fd0f6f155ac593edde9385e56ca082.1727517005476.1727517005476.1727517005476.1
.group-ib.com/	1970-01-21 04:11:09	Name: hubspotutk Value: 36fd0f6f155ac593edde9385e56ca082
.group-ib.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.group-ib.com/	1970-01-20 23:51:58	Name: __hssc Value: 84897990.1.1727517005476
.hubspot.com/	1970-01-20 23:51:58	Name: __cf_bm Value: 2TAo3e7P4aU3L30IZZ3Vy6rYsno8MWMX2_BSWw1gDbE-1727517005-1.0.1.1-maXykABWZp1YYHUdx9dRcI6TZN9aVu1uQOfJTT0YxisNwPmi.nwtgTU9tYIUTWfOjc6W0w0azbiiqXh.NXpZqg
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: .F4rlZkwaaTiMAZ_IyvQV3GigBTUa26ZZmvJV1uoXhI-1727517005684-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.group-ib.com/blog/dragonforce-ransomware/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
api-eu1.hubapi.com
api.neverbounce.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn-au.onetrust.com
cdn.neverbounce.com
connect.facebook.net
cta-eu1.hubspot.com
dev.visualwebsiteoptimizer.com
fhp-de-js.group-ib.com
forms-eu1.hsforms.com
forms-eu1.hubspot.com
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hsforms.net
js-eu1.hubspot.com
perf-eu1.hsforms.com
pixel-config.reddit.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
stats.g.doubleclick.net
track-eu1.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google.de
www.googletagmanager.com
www.group-ib.com
www.redditstatic.com
track-eu1.hubspot.com
104.16.118.43
13.107.42.14
151.101.65.140
157.240.253.1
159.69.140.80
172.217.16.195
172.65.193.34
172.65.198.159
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.236.181
172.65.238.60
172.65.240.166
172.65.255.172
18.245.46.63
2.17.100.210
2001:4860:4802:34::36
216.58.212.168
2606:4700:4400::6812:2089
2606:4700::6812:1eb0
2620:1ec:21::14
2620:1ec:33::10
2a00:1450:4001:802::2008
2a00:1450:400c:c0c::9d
2a02:26f0:7100::210:180
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42::396
2a06:98c1:3200::90:3
3.72.181.255
34.96.102.137
35.171.0.110
00ff5fe987aa74c46a54f4482d8546d14fcde5c52c2c8c925b313388ff975cd6
04452c63f7ce00819a3e4bf65d13817040260b07ed35704e4a55b6cb631cba75
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
079dc50032bcdf9591a24e84a20fb2a153ddfeac7d03319bdc51a773b4f6bdbc
09db0fe5456fc4d29ab545243f6d9904eee2adc91cc78c426d8c756644bbf5d6
0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9
100a79b22a580f1698a9950e8c18aefa79de0fd88e81a0a145e90fc4e8a59a2c
1155b45a8fdec36a52d2d8a5d1d1290f4cf0ef5df50feccda4a1b5bf50f06f57
13ab504c21ee50f97a267d52e8af54f2a23021c5175db323719a163944d27862
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9
1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288
16ef9d7fffa0550d6b807e6b82b5ae76163c4e987cc9366819c46a12e0878b89
1912b691f446ed5b1da215a578b0658ffa03526efb75eb2ea28bcf0e7bfd4f92
1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb
1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63
1c42cc3e161604efbbc20532ddccb1cec17e851d976aed4cdb5e34ccc231743f
1c612435907b5a4f2ba43308921684f36ba0d3ec2eebea40710b8f7550077599
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
215c13199ec3ef950bd100031e13ae6efe6ad72c8b91c98fbdfed812fe2f4432
276c9585f4fbfa24a7e59ae054280eab5da26f01118130ad16237a877903ffed
277d17805265709dfd33f10251d06537d8f37c96722e9686f268b823ebf04b51
27c04cd78f087a504697af9601c1163b685f6c567e75dace0c2908635e8a7038
28834d5848fb9f5289a56f70f6563d4bce4259ca4edb43e60655f966b8ded258
2943fd9aa8881ee3a8613d2c208283a69b2999766e9de63d3f003671bb8511a2
2952e22cc927982fa938a6fb0d5cd78316bb9b8e78872b27294a30addbfdc525
2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0
2c40cb4807931447e5eb747f8a377d6cbb1411eb77fe8270f27b70f231979afc
2db6d299a35f40008418236bfb5cc780d09f701b49a6c09a1fe9a747d26a2bed
2f54cd32df1ecb5aac59038dcb70c3f83dfc2888fcb111687092df9e98c2fbeb
30c5354141381a351f9d81e5d831e6277c2827a28b0e1b958c9694eb5d704238
31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a
353f14f190707cd26f76e24ec9d34e20641392b0707ce052a2227311dadff483
3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880
37810cbd53a1f238d5cd83770efdebe23e20888570dfb5dfe41235155c8dfac0
3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a
3b63b449bde0f2c40eb23801ac24bd82666bd3a766c77b953ff75e6f3e257460
3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17
41af6ca7def064fa2ce4a86622e9fb7579f898469a4391d1960ffc6123b97a2c
42f8ae7816a449a44dd99e7865a42fe4463f764f799a3e61359df235c1782d65
43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013
45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4b17adc058d04462cc64e23cbbc55f5fb1f74a7fb8e204445f8ed581a8840b16
4b229b46ecb47749bd57d6ae379b974d3e7123ccdbef458f32df80ffc2f7aa01
4b8506b20afba114868df841492bd90c8b3ca8bc300215ee01526ec4cb93efb6
4c1d8a42eb027a778323b8948b43bf5c0a601c657bebe638de1c7c464512cbc3
4d4a484a100e469b6e3dcf880a37755086e246cc291bab46e3edd4529e3d5d6a
4d69b5aed9d96213ce06eabd9950773f25ae231f1b2d4342dd4be518ac1092f6
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50f4aaaa34cd420a1c2adafc2635638f788d452117fdd30fdde1890a1a3aca5d
518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc
53d389faf997ad6f58e74a17f4cd29b8455f0c97ddb3a93bb3aea262d273c56a
574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced
5782ae81826e28a0a467926074e8c75837f1b84436bef5520da5550e299a0f22
589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8
593669597f0540fbc608bfddf742c4e7456eb9afe16cfafed26911bbfca51368
5a961ed4a1958945c2340352071f6c00c848dc9c125fcf045efc40fab4062117
5c17d765fc13ecfd2c661fa8378db855b59fceb2961ad34ed145e73961baf167
5c7deb6b8db45580119b8192f45da9486bf6fd1694660e413ee57932305b5e55
5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
631ebea670a5a3d38fe35c3f71393f18ae2c5b5996851ea434ea0b7eedf75c1c
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
6a2b455a20536682c2edca15dc93e6c90fea86dd43afc281eccace6b352335a1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018
6cb3c6cb78253a7cfafea392e581f5f2ce0ee177c24e53ea31e68f7aee569238
70176ace76e79121f930335748d60f4961bb7ff798138ed18641289cce7bea82
71bdc449af5d61d21f5f6daab3f9b56189822beec3e5448e415f0ec7ee24e799
73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4
7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6
7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2
7adbf75f6686d2ee8ea4182b11a6d5dcf23a8be04e25079f4d7a495742223965
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7c380423028a4b3142bdbd89f4c0e6d494a06f6769e05e08650a18ee1a4f27a1
7d98c4ca6b4e1892a8ffd1a607c3572a40bba081085aa0d91c7bf2f897cfb94b
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9
81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ad6c734a5f5c3ef3af547883c69c0cc33a85dda24b4b3c86d6a585a5f8fe68
83b41e48edf6ba0e7f1e20951122830f5dd7fb74cb8206f611a2bfc8deae32fb
8530c3e4aab57792d2de601bf80edaf0f9280f5afa15e12b2ed2f26a34949b70
89d0b80f15229e98318d4704cf5c81bae1ba4a0b90bd73378ea8ca1a21ca4288
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
91ec4e822ed6844f31f38098d60dc096abd6f4765c5d7ab66f05e47d21cfee39
92808d2c2daccca2659ed7eb3088bfb55a34d2175719eb42fb663ac62c7d19bd
936e5030c302893c0f74af6f60c91d63b067c21c1a4b7d34619a1174cb5aa82f
9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297
942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72
9668d6d9155b3caac05d4cc54c31b6e9ca0c762859172bfe0725460a6f01ca36
9808516d4a0f431afaf27866437518e89a721feef756cc0b17177c41198a6983
987f4042b286e1268acc17f999801c4be1e375d878697059bb4444cdbc0559a8
9895985e4fb0de1e39dca698498039d1c947f9930e602a97f1ce158635fc09a7
997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab
99c55d3786782a49155bcf562182de9cb77a6c8197d824774f6c08fffa86f6cd
9e42c23990614da64388cadca9ef91eba5206043593c40912f18ee55b3af35d4
a0da28e8bd00bbe274035dfe6c59a30984ddc71202c69842f84f0b4d04689674
a1890f6f56fb39fc1763ec4a0531fdd18e42d48d3f28cdce128e7905902e662e
a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c
a8a40caba915702cafb7883ed43843037d764bbb3de17d33ce4f857eefa83aed
a8f14886acaa595928d480b75781a68feb94ffb5ad7e3cecbd1817e6914e564b
a8f7546b7ca2530ad7a185aa8ffc9a838fbad735afe69acdfcbc4b18d5f18dc3
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab89ce5085f7176183ab9b4787cd956f1fb7c27ef7fd9038fa331bb04bb66a41
ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc
af5bddb24166ffcd3da8e70f00190acf77ae492bc17ae4ae8c057443184806c5
b36ece0a9b0dd3420befc70c4b96821f8a139177b78e1bac2670a9fc139857b0
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe
b70b5a246856b4e8244f70c1fa5d264100b7f7e94d3b2253e0b5a6169f26c083
b93c84af2d9cfbb9e6cc8ebee1323df4a9058b86ba0e5a642ef1347f3d861eef
bd190a3b4396bb4bd38f05df34c22d00c00f7fa158b5658b38217e0b44c36e29
bf76f17a774da58d4f67bf49cbf77f1bce6aee5d1631124bf532b5662c8cb335
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c239fbd2387ceff073b22f05559eb6a3a9425ccde003eccb22a998429465302f
c3ab0cc61266897fa76332f097a74f52e2c3f9466804dfe2db65721433316118
c54b46a6d8501defea137078e46cd33f6909f82f13ea7d6a932e82c92692a293
c68c7de30de112566d9a2ad9c9ce06fe8d2f93a248cdad15cd11c3e645b82e75
c6e5bd65f95c712037606fdb9eb996480a149d08ee7d347550584b98747f221b
c80fcdbd8cc34c612a68166b44ef6f3e6eb42f9e87e5e8ca05f3635bc35a1879
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cabd6897fd26c14b971a9bbfcc9cefec95afef3fea23e19fe16e2d8571b4fbc9
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a
cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb
cdfabceb7ae1940f42d871a2ee6a2f092de52f73db37b1bc5b01a87379106401
d02bdc4b215b7fee727e364d585c5016ae395786fe51c550eec4061f3842e803
d06188c468fc5214bdbb7d4fcb4652f41c4af966096d2ebd6c46559967654fb0
d08917ee9a7352d19e36c6302d54b0f0f0ed9964922b5ce70ed515d7bd063f3d
d3b572f9d464cfba093f2cbaf069c1228c135d28f4e6cab3c54b69145c9f05a3
d505ecf731cb1f1b2d550f08b41a13df96a12cf07fe66f49768999f411feb658
d682be8711c1be4039f480e94a6ef80d48ee8f566f3c4de3a8b830edf3eb357f
d6aa253f20f74c705be27f19621a4ea75d3b1d949394f08f6fe4be3676172a2d
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd72f8fea93e9f47926908769af2030b82df395cad9d041223bebc0f69a522fe
dea3a1ac67802edfef8af9575158682efa15eae5f544adca975b39ed1d3ddf98
dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708
dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50b9bcce7b923f8719844c7f2278c24a7e0ec00d3ebaae363406d399da39565
e78b1bd1973a13096c199cc127f58ee4d668fa4941fab67f13192f09e5e0c4ed
e8025ce08dc7d64baaf0aa3ed8492e292f590e5a5a5a90456ed4b0f8c4986f09
e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632
eb5af5d1c611fbdd45ea3dc270086670dac3313626762f825b7aa474802c1db1
eb7bf6bbacaae386ac920d2969be3d206bc0db02221ea3aaa39cd2f4b0f98f9b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba
f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f
f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28
f5546ee46a0b362477196972ee397b7c8d752ab9e0636d49c356fbc756e6dba5
f7db205ec53d93b89166d00a5d9c7b0eff354e2cfcaba0fd462a69c4b8ced4a8
fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43
fbfbd51bada8d11a20dfa3b6318b6d2ddb904ef69bfebb79e38b7a767b371f42
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff26d2fd611ddbeb103497978d7634f5d77748fd3c6d0846882552da03e356ea
ffa599bd9fbc86732928aa04d30328fc4effc39d65bcec25c29e05e45ea76191

www.group-ib.com Open in urlscan Pro 3.72.181.255 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

216 Requests

99 %HTTPS

33 %IPv6

25 Domains

37 Subdomains

34 IPs

4 Countries

3440 kBTransfer

7220 kBSize

38 Cookies

19 Outgoing links

Page URL History

Redirected requests

216 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Screenshot
Live screenshot

Full Image

216
Requests

99 %
HTTPS

33 %
IPv6

25
Domains

37
Subdomains

34
IPs

4
Countries

3440 kB
Transfer

7220 kB
Size

38
Cookies

216 HTTP transactions
5 data transactions