blog.group-ib.com Open in urlscan Pro
185.129.100.113  Public Scan

37 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4443393%26time%3D1655757496593%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252Frostovtsev%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true&e_ipv6=AQIzSqFQO-mZwQAAAYGC1mKHhBg3_aPevNyUae5Gp0tOhCdGt2qUfxDgZlURPCjsjuL8aLgt4VQFXKgoleWO8r0DM0a-Tg

Request Chain 64

• https://mc.yandex.com/sync_cookie_image_check HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9675.1HzKZ9P5TngoUKB6ZXc3aIKz2zrmz_T_gmQQGwN8JC1I1O8xP7q69LQgtdDjc0Gj.BpWAOcmY02Wa2FmHm-DaSkJj1yo%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide?token=9675.pBiuNY4a2SNeuBVZBTzCmpUD52ZitE4rHHEI9Cj3P43_etI2Bd4u7vKi8iOqlE_iaVndMkwe2-zd65w3FfePQQ%2C%2C.q-7rjPvtsybxBuERy4bksisxDHo%2C

Request Chain 71

• https://mc.yandex.com/watch/25634039?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A821%3Acn%3A1%3Adp%3A0%3Als%3A36265597847%3Ahid%3A960424379%3Az%3A0%3Ai%3A20220620203816%3Aet%3A1655757497%3Ac%3A1%3Arn%3A895586074%3Arqn%3A1%3Au%3A1655757497392175543%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655757496008%3Ads%3A9%2C36%2C68%2C3%2C0%2C0%2C%2C340%2C10%2C%2C%2C%2C535%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1655757497%3At%3A%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&t=gdpr(14)aw(1)rqnt(1)ti(2) HTTP 302
• https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A821%3Acn%3A1%3Adp%3A0%3Als%3A36265597847%3Ahid%3A960424379%3Az%3A0%3Ai%3A20220620203816%3Aet%3A1655757497%3Ac%3A1%3Arn%3A895586074%3Arqn%3A1%3Au%3A1655757497392175543%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655757496008%3Ads%3A9%2C36%2C68%2C3%2C0%2C0%2C%2C340%2C10%2C%2C%2C%2C535%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1655757497%3At%3A%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request rostovtsev Show response blog.group-ib.com/	99 KB 20 KB	114ms 68ms	Document text/html	185.129.100.113 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.113 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash 430462d77a85a62c56e9ff6392d031307f79459c222f0dbc520a614f5ce7c058 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control max-age=0 public content-encoding gzip content-length 20059 content-type text/html; charset=UTF-8 date Mon, 20 Jun 2022 20:38:16 GMT etag "18dbd-5e19fd4ee1183-gzip" last-modified Fri, 17 Jun 2022 07:37:51 GMT server ddos-guard vary Accept-Encoding x-frame-options SAMEORIGIN x-host blog.group-ib.com
GET H2	200	tilda-fallback-1.0.min.js Show response stat.tildacdn.com/js/	2 KB 970 B	271ms 61ms	Script application/javascript	193.3.17.197 TILDAPUBLISHING-RU-1
General Check archive.org Show headers Download Go to Full URL https://stat.tildacdn.com/js/tilda-fallback-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.3.17.197 , Russian Federation, ASN210753 (TILDAPUBLISHING-RU-1, RU), Reverse DNS Software nginx / Resource Hash 97c4295276ccf01b335e1b9299904f189b6bbf06fa370f8202e64d84812070fd Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding gzip last-modified Sun, 12 Jun 2022 21:05:35 GMT server nginx etag W/"62a6551f-70a" content-type application/javascript cache-control max-age=604800 expires Mon, 27 Jun 2022 20:38:16 GMT
GET H2	200	tilda-grid-3.0.min.css static.tildacdn.com/css/	4 KB 1 KB	261ms 82ms	Stylesheet text/css	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/css/tilda-grid-3.0.min.css Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash f5c301b8769579afae9deb4eda7659df32661229039c6b7a37cfabd1827317ce Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 11 last-modified Thu, 18 Mar 2021 12:08:37 GMT server nginx etag W/"605342c5-1010" vary Accept-Encoding x-cached-since 2022-04-05T13:56:28+00:00, 2022-06-01T12:10:10+00:00 content-type text/css cache HIT, HIT
GET H/1.1	200 OK	tilda-blocks-page28394058.min.css ws.tildacdn.com/project200703/	26 KB 6 KB	196ms 161ms	Stylesheet text/css	178.248.236.28 QRATOR
General Check archive.org Show headers Download Go to Full URL https://ws.tildacdn.com/project200703/tilda-blocks-page28394058.min.css?t=1655451471 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU), Reverse DNS Software QRATOR / Resource Hash c0fc852111b81e733b791c038de86d61544a7795161a42982a94fa717d315062 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT Content-Encoding gzip Last-Modified Fri, 17 Jun 2022 07:37:52 GMT Server QRATOR Transfer-Encoding chunked Content-Type text/css cache-control max-age=0, public X-Host ws.tildacdn.com Connection keep-alive Keep-Alive timeout=15
GET H2	200	tilda-cover-1.0.min.css static.tildacdn.com/css/	4 KB 753 B	274ms 97ms	Stylesheet text/css	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/css/tilda-cover-1.0.min.css Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 74bcacf05084912a5515513a323993746432f885e36536a524eb991b9883e73b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc52, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 12 last-modified Sun, 25 Apr 2021 08:12:17 GMT server nginx etag W/"60852461-e71" vary Accept-Encoding x-cached-since 2022-05-30T18:22:54+00:00, 2022-06-20T09:08:49+00:00 content-type text/css cache-control max-age=86400 cache HIT, HIT
GET H2	200	jquery-1.10.2.min.js Show response static.tildacdn.com/js/	91 KB 31 KB	266ms 89ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/jquery-1.10.2.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc52, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 13 last-modified Sun, 25 Apr 2021 08:11:36 GMT server nginx etag W/"60852438-16b88" vary Accept-Encoding x-cached-since 2022-05-05T17:14:30+00:00, 2022-06-20T15:12:05+00:00 content-type application/javascript; charset=utf-8 cache-control max-age=86400 cache HIT, HIT x-cdn-edge-id 150 x-cdn-request-id 8bb9737d3cb836b381ca160cefc2bd59 x-cdn-edge-cache HIT
GET H2	200	tilda-scripts-3.0.min.js Show response static.tildacdn.com/js/	13 KB 4 KB	276ms 100ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-scripts-3.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 3cafc24a22219c8cd5457a3c67b1adb119ee1fc0bdf5c0372f2adb22a1a0af9e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc66, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 13 last-modified Fri, 10 Jun 2022 08:27:16 GMT server nginx etag W/"62a30064-33f2" vary Accept-Encoding x-cached-since 2022-06-10T08:27:21+00:00, 2022-06-10T08:27:21+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H/1.1	200 OK	tilda-blocks-page28394058.min.js Show response ws.tildacdn.com/project200703/	4 KB 2 KB	203ms 171ms	Script application/javascript	178.248.236.28 QRATOR
General Check archive.org Show headers Download Go to Full URL https://ws.tildacdn.com/project200703/tilda-blocks-page28394058.min.js?t=1655451471 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU), Reverse DNS Software QRATOR / Resource Hash 5d69b98010d60d3dd8ae74887ae19d45744130feab64ca1a74359f519c66f933 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT Content-Encoding gzip Last-Modified Fri, 17 Jun 2022 07:37:51 GMT Server QRATOR Transfer-Encoding chunked Content-Type application/javascript cache-control max-age=0, public X-Host ws.tildacdn.com Connection keep-alive Keep-Alive timeout=15
GET H2	200	lazyload-1.3.min.js Show response static.tildacdn.com/js/	19 KB 6 KB	85ms 84ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/lazyload-1.3.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 03c7fe88326cde7781417885f664b034a5a2759e8476a736494f7e49c74bf141 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc53, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 13 last-modified Mon, 20 Jun 2022 14:43:36 GMT server nginx etag W/"62b08798-4c26" vary Accept-Encoding x-cached-since 2022-06-20T14:43:41+00:00, 2022-06-20T14:43:45+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-cover-1.0.min.js Show response static.tildacdn.com/js/	12 KB 3 KB	103ms 103ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-cover-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 9e628ff57cc2e65ed5679528f9513f8aeeba2b25c38e0552caf1e65fcd669312 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 12 last-modified Fri, 20 May 2022 07:52:57 GMT server nginx etag W/"628748d9-2f1e" vary Accept-Encoding x-cached-since 2022-05-20T09:09:35+00:00, 2022-05-20T09:09:37+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	hammer.min.js Show response static.tildacdn.com/js/	20 KB 7 KB	111ms 109ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/hammer.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 090a7068a2209545279f858c6f41ff7ae42815e11c3d69463a2a2ea835282bd9 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 8 last-modified Thu, 18 Mar 2021 12:08:37 GMT server nginx etag W/"605342c5-50f6" vary Accept-Encoding x-cached-since 2022-04-05T13:56:30+00:00, 2022-05-31T09:05:56+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-slds-1.4.min.js Show response static.tildacdn.com/js/	23 KB 5 KB	107ms 105ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-slds-1.4.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 991fd9f48c3eac1fa25424b8b2ffc27a7fa74eaf3ac66b66b4d92f57a242fb6d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc57, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 13 last-modified Wed, 25 May 2022 09:19:29 GMT server nginx etag W/"628df4a1-5a57" vary Accept-Encoding x-cached-since 2022-05-25T09:24:50+00:00, 2022-05-25T09:24:53+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-zero-1.0.min.js Show response static.tildacdn.com/js/	28 KB 7 KB	113ms 111ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-zero-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 868d2f2d58cf4c2147616d484db201b1d04a87108dc4661301be29bd8b58516a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 9 last-modified Tue, 07 Jun 2022 14:23:20 GMT server nginx etag W/"629f5f58-7048" vary Accept-Encoding x-cached-since 2022-06-07T14:23:40+00:00, 2022-06-07T14:23:41+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-events-1.0.min.js Show response static.tildacdn.com/js/	13 KB 3 KB	107ms 105ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-events-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash f0ce20fc1dd605ff20a1f19e623cdc7498f1f5156e3602e4085523f6edea6c00 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc66, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 10 last-modified Thu, 03 Feb 2022 11:03:57 GMT server nginx etag W/"61fbb69d-328f" vary Accept-Encoding x-cached-since 2022-05-05T18:00:44+00:00, 2022-06-20T15:12:05+00:00 content-type application/javascript; charset=utf-8 cache-control max-age=86400 cache HIT, HIT x-cdn-edge-id 94 x-cdn-request-id d82c11941bd20ef4f7e93e3315d938b9 x-cdn-edge-cache HIT
GET H2	200	image.png static.tildacdn.com/tild6433-3565-4662-b364-386566303731/-/empty/	237 B 292 B	186ms 185ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6433-3565-4662-b364-386566303731/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 6bd2a801a5c0bc9ce2c8269d6ac62af0b3a2d7896f3b7c64e15018aba725913c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc53, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 10 server nginx x-cached-since 2022-06-19T14:16:07+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild3433-6161-4563-b638-643336373835/-/empty/	835 B 871 B	186ms 184ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3433-6161-4563-b638-643336373835/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 39a95093d3f4fc5837d06da4fb51519e55e65fd49b48c5f0b95a3af152e14d38 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc52, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 11 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild3039-3666-4965-b865-623264363562/-/empty/	816 B 850 B	185ms 184ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3039-3666-4965-b865-623264363562/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash b2c5bfeb33e409eba8b2d6d90857a687d68993bb0b596fddfd75c47dca1c2df2 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc66, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 10 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild3862-3139-4538-a634-363636633532/-/empty/	677 B 712 B	188ms 186ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3862-3139-4538-a634-363636633532/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash b3f43179b676b22ce24cb184f5a8e92c5c1fde207b4216d3aed8ab489c683553 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc66, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 11 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild6161-3733-4665-b937-633139306563/-/empty/	956 B 991 B	189ms 188ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6161-3733-4665-b937-633139306563/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 22bde5c3b1334bb98f2c91b8ed0359f80585ef6b7860983abf4aa9605b595e14 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc57, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 13 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild3763-3266-4161-a534-366133323035/-/empty/	599 B 683 B	172ms 170ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3763-3266-4161-a534-366133323035/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 16a6a66f832eadd359889ed524cf1ca29873c9c05d516763f3484b4dfbecb281 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc66, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 10 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	image.png static.tildacdn.com/tild6639-3965-4366-a464-623031613433/-/empty/	769 B 804 B	212ms 211ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6639-3965-4366-a464-623031613433/-/empty/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 29cd0cdc159016240321251f12ed808a30fb2ccde1235d73f5ac458cb8d0b022 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc57, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 13 server nginx x-cached-since 2022-06-20T08:27:32+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	ya-share.js Show response static.tildacdn.com/js/	82 KB 25 KB	128ms 127ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/ya-share.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 2e59794c9e506814df50c2fe349d9fc8d6418a5959ba5a5b18cbc4742ebba1de Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9p-up-gc10, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 10 last-modified Thu, 18 Mar 2021 12:08:37 GMT server nginx etag W/"605342c5-147ff" vary Accept-Encoding x-cached-since 2022-05-05T20:45:24+00:00, 2022-05-06T15:10:14+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H2	200	tilda-slds-1.4.min.css static.tildacdn.com/css/	11 KB 2 KB	133ms 132ms	Stylesheet text/css	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/css/tilda-slds-1.4.min.css Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 0b23825a0a5844e61f738a7511e3958309a9f28b29db6c6b6e623f63e6cab584 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc52, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br tserver 11 last-modified Thu, 16 Jun 2022 10:34:02 GMT server nginx etag W/"62ab071a-2c8f" vary Accept-Encoding x-cached-since 2022-06-16T13:54:37+00:00, 2022-06-16T13:54:41+00:00 content-type text/css cache HIT, HIT
GET H2	200	gtm.js Show response www.googletagmanager.com/	231 KB 77 KB	52ms 31ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash cb2c3be2e8b8b48586fe510c8b295e98488c847922bd7beed7a7106a987246b7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 78315 x-xss-protection 0 last-modified Mon, 20 Jun 2022 18:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 20 Jun 2022 20:38:16 GMT
GET H2	200	__2022-06-16__131209.png static.tildacdn.com/tild3636-6635-4338-b765-616139633366/-/resize/20x/	1 KB 1 KB	200ms 199ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3636-6635-4338-b765-616139633366/-/resize/20x/__2022-06-16__131209.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 5853a0c06f2cd3ed4c8badb12a3eff07f2238d5239494f702e9bb3f1fb2cb269 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc53, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 8 server nginx x-cached-since 2022-06-19T14:16:07+00:00 content-type image/png cache-control public cache HIT, MISS expires Sat, 16 Jul 2022 23:59:59 GMT
GET H2	200	SFUIDisplayMedium.woff static.tildacdn.com/tild3239-3033-4235-a566-376533383664/	71 KB 71 KB	342ms 173ms	Font application/x-font-woff	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/tild3239-3033-4235-a566-376533383664/SFUIDisplayMedium.woff Requested by Host: ws.tildacdn.com URL: https://ws.tildacdn.com/project200703/tilda-blocks-page28394058.min.css?t=1655451471 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 19cc6e4b03f164ccb8d68121c3dfc374926bc9eaab12a4216306963bdefd76de Request headers Referer https://ws.tildacdn.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc53, fr5-up-gc29 date Mon, 20 Jun 2022 20:38:16 GMT age 1 x-cached-since 2022-05-05T21:48:57+00:00, 2022-05-16T23:02:43+00:00 content-length 72492 tserver 8 last-modified Tue, 18 Apr 2017 12:57:08 GMT server nginx etag "3ba1b30b31cc1d325b305f3951058787" content-type application/x-font-woff access-control-allow-origin * x-timestamp 1492520227.30915 cache-control public cache HIT, HIT accept-ranges bytes access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
GET H2	200	SFUIDisplayLight.woff static.tildacdn.com/tild6463-6361-4432-b234-333934313939/	71 KB 71 KB	265ms 95ms	Font application/x-font-woff	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/tild6463-6361-4432-b234-333934313939/SFUIDisplayLight.woff Requested by Host: ws.tildacdn.com URL: https://ws.tildacdn.com/project200703/tilda-blocks-page28394058.min.css?t=1655451471 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 07cc9932ed0e2c7a958c6bf6e3a928847b9fe3f271832767ec89ee34e78f5227 Request headers Referer https://ws.tildacdn.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc53, fr5-up-gc29 date Mon, 20 Jun 2022 20:38:16 GMT age 0 x-cached-since 2022-04-14T12:10:05+00:00, 2022-05-16T23:02:43+00:00 content-length 72608 tserver 12 last-modified Tue, 18 Apr 2017 12:57:03 GMT server nginx etag "08edc0015cdeec9e755f0ce361281b27" content-type application/x-font-woff access-control-allow-origin * x-timestamp 1492520222.13412 cache-control public cache HIT, HIT accept-ranges bytes access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
GET H2	200	image.png static.tildacdn.com/tild3738-3537-4962-a538-323139306339/-/resizeb/20x/	441 B 555 B	85ms 84ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3738-3537-4962-a538-323139306339/-/resizeb/20x/image.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 5bfbef1b344b2a471bd5153d55921da6be93cc08ffe83042033d15eb0f27453b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc52, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 11 server nginx x-cached-since 2022-06-03T18:05:06+00:00, 2022-06-19T17:01:12+00:00 content-type image/png cache-control public cache HIT, HIT expires Mon, 27 Jun 2022 23:59:59 GMT
GET H2	200	blog-1.png static.tildacdn.com/tild3239-6332-4935-a462-326364353866/-/resizeb/20x/	687 B 768 B	100ms 100ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3239-6332-4935-a462-326364353866/-/resizeb/20x/blog-1.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 44088b979deca3170bc7d4f3835b01820f03fd892f7e27596d7bf9fb76a0d527 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 12 server nginx x-cached-since 2022-06-15T19:47:40+00:00, 2022-06-19T17:01:12+00:00 content-type image/png cache-control public cache HIT, HIT expires Fri, 15 Jul 2022 23:59:59 GMT
GET H2	200	blog_2.png static.tildacdn.com/tild6161-3166-4666-b732-663463393735/-/resizeb/20x/	627 B 707 B	98ms 98ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6161-3166-4666-b732-663463393735/-/resizeb/20x/blog_2.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 824a266831220d90517406b5174c6389babefcab45d47d25e571064c6318d6b3 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc58, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 13 server nginx x-cached-since 2022-06-15T19:47:39+00:00, 2022-06-19T17:01:12+00:00 content-type image/png cache-control public cache HIT, HIT expires Wed, 13 Jul 2022 23:59:59 GMT
GET H2	200	newheader.jpg static.tildacdn.com/tild3264-3738-4233-a136-363733363635/-/resizeb/20x/	324 B 391 B	100ms 99ms	Image image/jpeg	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild3264-3738-4233-a136-363733363635/-/resizeb/20x/newheader.jpg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash e887cf8d73d370b4719b64e7f434240690c9d826ecde8eb2895ec33c2f91600e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9p-up-gc10, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:16 GMT tserver 11 server nginx x-cached-since 2022-06-13T12:18:49+00:00, 2022-06-19T17:01:12+00:00 content-type image/jpeg cache-control public cache HIT, HIT expires Wed, 13 Jul 2022 23:59:59 GMT
GET H/1.1	200 OK	6si.min.js Show response j.6sc.co/	31 KB 10 KB	38ms 7ms	Script application/javascript	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT Content-Encoding gzip X-Content-Type-Options nosniff Connection keep-alive Vary Accept-Encoding Content-Length 9715 Pragma no-cache Last-Modified Thu, 05 May 2022 03:45:17 GMT Server nginx/1.14.0 (Ubuntu) ETag "6273484d-7b02" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type application/javascript Access-Control-Allow-Origin Cache-Control private, no-cache, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Mon, 20 Jun 2022 20:38:16 GMT
GET H2	200	optimize.js Show response www.googleoptimize.com/	101 KB 39 KB	43ms 23ms	Script application/javascript	2a00:1450:4001:801::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleoptimize.com/optimize.js?id=OPT-MG8BP56 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 45109878ad42f82333c73d2c9aa0d2715b9261b1e053d9012b488f1de63c8866 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39969 x-xss-protection 0 expires Mon, 20 Jun 2022 20:38:16 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	55 KB 15 KB	271ms 11ms	Script application/javascript	199.232.188.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash aa6959acd3d64822ef7379e437fce6b84a5cd3169003e955e2fffbdb2526d086 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding gzip last-modified Thu, 16 Jun 2022 16:20:35 GMT etag "f345fa1999011d396bda3b2c6fafc302+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 15166 x-served-by cache-iad-kjyo7100066-IAD, cache-muc13921-MUC
GET H2	200	tag.js Show response mc.yandex.ru/metrika/	203 KB 70 KB	196ms 70ms	Script application/javascript	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.ru/metrika/tag.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 70cd5366e26d943884b899bbb472b0b4660928d04c457fb45045339312fb5e41 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br last-modified Fri, 17 Jun 2022 12:16:07 GMT etag "62ac4657-11654" strict-transport-security max-age=31536000 content-type application/javascript access-control-allow-origin * cache-control max-age=3600 content-length 71252 expires Mon, 20 Jun 2022 21:38:16 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	8 KB 3 KB	61ms 14ms	Script application/x-javascript	2a02:26f0:f7::5c7b:e00b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e00b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 662 Date Mon, 20 Jun 2022 20:38:16 GMT Content-Encoding gzip Last-Modified Wed, 13 Apr 2022 23:25:22 GMT X-CDN AKAM X-EdgeConnect-MidMile-RTT 0 Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=75810 Connection keep-alive Accept-Ranges bytes Content-Length 3085
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	100 KB 27 KB	22ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 26344 x-xss-protection 0 pragma public x-fb-debug EEr+OapoPBH/Yq6kR8Lx8llznZo7Sz97eU8XOGEgCIoqXqHnNtwDkOyOGnf4pgBL7h4w9OQqHUNNkVCgGkNDDQ== x-fb-trip-id 686109401 x-frame-options DENY date Mon, 20 Jun 2022 20:38:16 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 976 B	87ms 31ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bf15562b0635ee2a5140060afd393994b5f00126e57f57ab72be92ad9d3b0515 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 20 Jun 2022 20:04:36 GMT server cloudflare x-hubspot-correlation-id 0e234df4-9fa1-4ef8-819c-32bd4062c44a x-trace 2B3AD03399D6D756C2596FB3F749343551BFFE5358000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.group-ib.com access-control-max-age 3600 cache-control public, max-age=30 access-control-allow-credentials true cf-ray 71e74ea19b409022-FRA
GET H2	200	htmlMediaElementsTracker.min.js Show response cdn.jsdelivr.net/npm/@analytics-debugger/html-media-elements@latest/dist/	9 KB 4 KB	53ms 26ms	Script application/javascript	2606:4700::6810:5914 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@analytics-debugger/html-media-elements@latest/dist/htmlMediaElementsTracker.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7bad5fe315f9cc904e9b2359ac8ae82bb77a049bc6aa6928a69bcc25ce292b6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 15208 x-jsd-version 0.0.2 x-cache HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19139-FRA timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"2552-QY5YDe2QAjm3BD4caHhXhH8nqww" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ietlywqh1SX%2FN%2FS7oTw7ItrRqHR5lA8IkcR73RMrbHGnQg5fEd9Dxspt633crZhpddmV50jIxAX90ea3hrhF3B8%2Fx%2BIbKeuMGSSPWTXrHERXBntGodEDFBeHiyJolmzVyxafpcpnMJbg0mqVSBw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 cf-ray 71e74ea17cb70204-ZRH
GET DATA	200 OK	truncated /	66 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Content-Type image/webp
GET H2	200	pixel.png thumb.tildacdn.com/	103 B 190 B	86ms 78ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://thumb.tildacdn.com/pixel.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 6b7b4ed93b0fa04c1797dfdc98167ff6c7babafbffa27fd1f703fc257f2aff0d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers access-control-allow-origin * x-id m9-up-gc52, fr5-up-gc29 date Mon, 20 Jun 2022 20:38:16 GMT cache HIT, HIT server nginx x-cached-since 2022-06-16T14:43:42+00:00, 2022-06-17T13:23:57+00:00 content-type image/png
GET H2	200	tilda-fallback-advanced-1.0.min.js Show response stat.tildacdn.com/js/	2 KB 983 B	248ms 61ms	XHR application/javascript	193.3.17.197 TILDAPUBLISHING-RU-1
General Check archive.org Show headers Download Go to Full URL https://stat.tildacdn.com/js/tilda-fallback-advanced-1.0.min.js Requested by Host: stat.tildacdn.com URL: https://stat.tildacdn.com/js/tilda-fallback-1.0.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.3.17.197 , Russian Federation, ASN210753 (TILDAPUBLISHING-RU-1, RU), Reverse DNS Software nginx / Resource Hash 6a2e06c3d699aa32682b9e79e7fa3369a5567d9fd8efd72351afbda64e41c109 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding gzip last-modified Sun, 12 Jun 2022 21:05:35 GMT server nginx etag W/"62a6551f-619" access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=3600 expires Mon, 20 Jun 2022 21:38:16 GMT
GET H/1.1	200 OK	getuidj Show response secure.adnxs.com/	11 B 823 B	49ms 13ms	XHR application/json	185.33.221.119 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.221.119 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.21.3 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Pragma no-cache Date Mon, 20 Jun 2022 20:38:16 GMT X-Proxy-Origin 217.64.151.68; 217.64.151.68; 917.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com AN-X-Request-Uuid 39fd7622-cabd-4f4c-9083-da9b389e8ead Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin https://blog.group-ib.com Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Accept-CH Sec-CH-UA-Full-Version-List, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Bitness Content-Type application/json; charset=utf-8 Content-Length 11 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	/ Show response c.6sc.co/	47 B 373 B	45ms 7ms	XHR text/plain	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software / Resource Hash 5e92111c43c44d2fddfbe9a72746354bf41a192393eedb30289406fbe1616e5e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type text/plain Access-Control-Allow-Origin https://blog.group-ib.com Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 47
GET H2	200	/ Show response ipv6.6sc.co/	36 B 283 B	85ms 16ms	XHR text/html	2a02:26f0:3500:890::1c91 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:890::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 8f258ff57c56622a5795df1373cf646f426e476de6dfeaaecf53e1e2d9857b18 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:16 GMT vary Origin content-type text/html access-control-allow-origin https://blog.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2001:ac8:20:3d00:1012:4a4d:f306:560c server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 36 expires Mon, 20 Jun 2022 20:38:16 GMT
GET H2	200	649324202964935 Show response connect.facebook.net/signals/config/	288 KB 83 KB	84ms 83ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.62&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ef27da8ee7269d6033bd6e0187f6ab5095658480efb7aac1d34545806584eea3 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug 4wjULbWuiWIhVczids/WrfMTNrH6Kvp054SZYOMHuAqQAG4dTdtLUUOwFu74mMq8pSBYYuQ04zskoZuyLz0bMw== x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Mon, 20 Jun 2022 20:38:16 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1655757496646 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	27ms 6ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 5607 date Mon, 20 Jun 2022 19:04:49 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Mon, 20 Jun 2022 21:04:49 GMT
GET DATA	200 OK	truncated /	280 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aaa53b7966f71ea94c27d3ec4f5598a616723c1576bbc707698f8fc2db4b54b4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	579 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9d005c1939236926ac6f06522f0a1e32eeffda988f6272efb8b7a698be2dfb9d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4443393%26time%3D1655757496593%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252F... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true&e_ipv6=AQIzSqFQO-mZwQAAAYGC1mKHhBg3_aPevNyUae5Gp0tOhCdGt2...	0 265 B	196ms 135ms	Image application/javascript	13.107.43.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true&e_ipv6=AQIzSqFQO-mZwQAAAYGC1mKHhBg3_aPevNyUae5Gp0tOhCdGt2qUfxDgZlURPCjsjuL8aLgt4VQFXKgoleWO8r0DM0a-Tg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Server 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: E2F85976A7634BC7995F5B4E324867FB Ref B: VIEEDGE1106 Ref C: 2022-06-20T20:38:17Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-proto http/2 content-length 0 x-li-uuid AAXh5xVzrDPphOQclO0T0w== x-li-fabric prod-lva1 Redirect headers date Mon, 20 Jun 2022 20:38:16 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 34335B8330CA4AE7899CE727949168F8 Ref B: VIEEDGE1907 Ref C: 2022-06-20T20:38:16Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1655757496593&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&liSync=true&e_ipv6=AQIzSqFQO-mZwQAAAYGC1mKHhBg3_aPevNyUae5Gp0tOhCdGt2qUfxDgZlURPCjsjuL8aLgt4VQFXKgoleWO8r0DM0a-Tg x-li-proto http/2 content-length 0 x-li-uuid AAXh5xVwsAxvph+LrpBtjw==
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	320ms 295ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A16%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	5 KB 3 KB	76ms 22ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7f77149b1beed108b3d3ad88b9170a8a27e1c6eedb0ed30c698492b4586372d3 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT via 1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront) cf-cache-status HIT age 217 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.280/bundles/pixels-release.js&cfRay=71e749529b0290c4-FRA x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 x-amz-replication-status COMPLETED content-encoding br last-modified Mon, 23 May 2022 07:52:59 UTC server cloudflare etag W/"b2851680cfd5ddf0808f77f92bc6969d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding x-amz-version-id LETuWsZMnftQGCDTSmAdJHQ8_upu6cZ6 cache-control max-age=600 x-hs-cache-status HIT x-amz-cf-pop FRA50-C1 cf-ray 71e74ea22e969097-FRA x-amz-cf-id PdMv8vF8pLiSvJ1uooEZhlFYPCWciuajM4XDw5PWvzN_9txk-Ggx3A== x-hs-target-asset adsscriptloaderstatic/static-1.280/bundles/pixels-release.js
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1655757300000/	62 KB 20 KB	117ms 70ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1655757300000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1ddeb304f3328dd12056df26d4041613ffcb210d8bc3a3645ed27a91fcb1c7c2 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br cf-cache-status MISS x-amz-request-id F2V0ZBFX4H0K00XF x-amz-server-side-encryption AES256 x-amz-id-2 mCII9dpY8PO3zbolVytWIvXAZLDz0GP2JgTorMDhhGg3Ro9oAalptejKq7fFeWNYVg4zCws2rcc= last-modified Tue, 14 Jun 2022 15:39:09 GMT server cloudflare etag W/"df5df51f4760b626612cc603aab727ad" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript cache-control max-age=300, public access-control-allow-credentials false cf-ray 71e74ea22f3d9b45-FRA expires Mon, 20 Jun 2022 20:43:16 GMT
GET H2	200	collectedforms.js Show response js-eu1.hscollectedforms.net/	72 KB 25 KB	81ms 26ms	Script application/javascript	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hscollectedforms.net/collectedforms.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8309531b6b2107c16edd77efa774374f935a7924a84c7bae72973f19b962e0e5 Request headers Referer https://blog.group-ib.com/ Origin https://blog.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT via 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront) cf-cache-status HIT age 13639 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.278/bundles/project.js&cfRay=71e601a1f8589ba6-FRA x-cache RefreshHit from cloudfront access-control-max-age 3000 x-amz-replication-status COMPLETED content-encoding br cf-ray 71e74ea22fba90e0-FRA last-modified Thu, 19 May 2022 12:56:36 UTC server cloudflare etag W/"9bdc82a581dc188ff306ce5ac3c3e170" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET x-amz-version-id w6kD440dVLHBLSxXlQNkz9NYzxhkbh3c access-control-allow-origin * cache-control s-maxage=86400, max-age=0 x-hs-cache-status MISS x-amz-cf-pop FRA50-C1 content-type application/javascript; charset=utf-8 x-amz-cf-id uSb2gxkxw4y_HeNAOmbR54PXnXxvWuVcnVwdWWOmJ3r4BTUjbfkWWg== x-hs-target-asset collected-forms-embed-js/static-1.278/bundles/project.js
GET H2	200	25755956.js Show response js-eu1.hs-banner.com/	59 KB 16 KB	105ms 52ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1e241acfb4d8475b7e8592fcf39827cd3767187d357afaa936882a9a95608d0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br cf-cache-status REVALIDATED x-amz-request-id ATPXYTVH30B5TVKQ x-amz-server-side-encryption AES256 content-type text/javascript; charset=UTF-8 access-control-max-age 604800 x-amz-id-2 eimHqaRlLfyq1Y0G5N+JoaGL+hoCrG1J3wStNpH2O3lhrdx8ZJECdpMd4ydmIBEngXZjlrKMsss= timing-allow-origin * last-modified Fri, 27 May 2022 18:20:29 GMT server cloudflare etag W/"0ed659ae959e65af9055a29b074e4f07" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-amz-version-id UglY3Uv7ocTQqFP6WEONKCOavnju56fP access-control-allow-origin https://blog.group-ib.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true cf-ray 71e74ea22c388fc8-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id expires Mon, 20 Jun 2022 20:43:16 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 443 B	71ms 21ms	XHR text/plain	2a00:1450:400c:c08::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-25492706-2&cid=171748599.1655757497&jid=646648989&gjid=1024413971&_gid=1982137564.1655757497&_u=YGBAgEABQAAAAE~&z=1407736208 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Mon, 20 Jun 2022 20:38:16 GMT content-type text/plain access-control-allow-origin https://blog.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	21ms 6ms	Image image/gif	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=309392093&t=pageview&_s=1&dl=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&ul=en-us&de=UTF-8&dt=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABQ~&jid=646648989&gjid=1024413971&cid=171748599.1655757497&tid=UA-25492706-2&_gid=1982137564.1655757497&gtm=2wg6f0PW7265&cd1=171748599.1655757497&z=1862439227 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 02:11:56 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 66380 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	__2022-06-16__131209.png thumb.tildacdn.com/tild3636-6635-4338-b765-616139633366/-/format/webp/	70 KB 70 KB	83ms 82ms	Image image/webp	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://thumb.tildacdn.com/tild3636-6635-4338-b765-616139633366/-/format/webp/__2022-06-16__131209.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 038e398b73eb957b7d9edd86c0b157a0a7e9c6ae154eadd66b9c77aad57cf732 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc57, fr5-up-gc38 date Mon, 20 Jun 2022 20:38:16 GMT server nginx x-cached-since 2022-06-19T14:16:08+00:00, 2022-06-20T09:02:16+00:00 content-type image/webp access-control-allow-origin * cache-control max-age=2600000 cache HIT, HIT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	304ms 292ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3d00%3A1012%3A4a4d%3Af306%3A560c%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:16 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Sat, 05 Jun 2021 07:56:05 GMT Server nginx/1.14.0 (Ubuntu) ETag "60bb2e15-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 408 B	28ms 7ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&rl=&if=false&ts=1655757496672&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=30&fbp=fb.1.1655757496670.972465114&it=1655757496564&coo=false&rqm=GET Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Mon, 20 Jun 2022 20:38:16 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	69ms 43ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=171748599.1655757497&jid=646648989&_u=YGBAgEABQAAAAE~&z=1976283445 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	64ms 43ms	Image image/gif	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-25492706-2&cid=171748599.1655757497&jid=646648989&_u=YGBAgEABQAAAAE~&z=1976283445 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:16 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	json Show response forms-eu1.hubspot.com/collected-forms/v1/config/	116 B 1 KB	89ms 53ms	XHR application/json	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hubspot.com/collected-forms/v1/config/json?portalId=25755956&utk= Requested by Host: js-eu1.hscollectedforms.net URL: https://js-eu1.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT content-encoding br vary Accept-Encoding cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id ef563a9b-930e-4a69-8630-b3165a26212c access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 180 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wi%2BXYblwy2no4vJ38UqMzrf912yJqvPQRKURUM8R04Lax%2FIAfJ%2BZfZm4pVdVX32CJKgqJ7ucg4c6WjplP9Ptal7dtzhaHfEwDha97EopUCn6i17BGETB8ajrRHwyORxu56om86XbR2FGlnGbygj1zyuqGg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json;charset=utf-8 access-control-allow-origin https://blog.group-ib.com x-robots-tag none access-control-allow-credentials false cf-ray 71e74ea2ea07cc4e-ZRH access-control-allow-headers *
GET H2	200	adsct t.co/i/	43 B 337 B	144ms 123ms	Image image/gif	104.244.42.197 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=802a37be-a726-4a36-b5c6-569de9c9fb83&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=01e4810e-d726-4128-897d-354400e677be&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.4.12 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.197 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-response-time 116 date Mon, 20 Jun 2022 20:38:16 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash 054818f60b40510bb91da3979655f3d9c66ca7a90c08ab3b4bdbae2e4e1cc3e2 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 356 B	256ms 110ms	Image image/gif	104.244.42.131 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=802a37be-a726-4a36-b5c6-569de9c9fb83&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=01e4810e-d726-4128-897d-354400e677be&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.4.12 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.131 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-response-time 104 date Mon, 20 Jun 2022 20:38:16 GMT server tsa_o strict-transport-security max-age=631138519 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash d6fe402d02e60391946eb76d7ecd355ca4b9a08b7d03b4b3b9bb4e3ffaaaaa9f content-length 43
GET H2	400	sync_cookie_image_decide mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9675.1HzKZ9P5TngoUKB6ZXc3aIKz2zrmz_T_gmQQGwN8JC1I1O8xP7q69LQgtdDjc0Gj.BpWAOcmY02Wa2FmHm-DaSkJj1yo%2C https://mc.yandex.com/sync_cookie_image_decide?token=9675.pBiuNY4a2SNeuBVZBTzCmpUD52ZitE4rHHEI9Cj3P43_etI2Bd4u7vKi8iOqlE_iaVndMkwe2-zd65w3FfePQQ%2C%2C.q-7rjPvtsybxBuERy4bksisxDHo%2C	75 B 75 B	63ms 63ms	Image text/html	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide?token=9675.pBiuNY4a2SNeuBVZBTzCmpUD52ZitE4rHHEI9Cj3P43_etI2Bd4u7vKi8iOqlE_iaVndMkwe2-zd65w3FfePQQ%2C%2C.q-7rjPvtsybxBuERy4bksisxDHo%2C Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT strict-transport-security max-age=31536000 content-length 75 x-xss-protection 1; mode=block content-type text/html; charset=utf-8 Redirect headers location https://mc.yandex.com/sync_cookie_image_decide?token=9675.pBiuNY4a2SNeuBVZBTzCmpUD52ZitE4rHHEI9Cj3P43_etI2Bd4u7vKi8iOqlE_iaVndMkwe2-zd65w3FfePQQ%2C%2C.q-7rjPvtsybxBuERy4bksisxDHo%2C date Mon, 20 Jun 2022 20:38:16 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H2	200	advert.gif mc.yandex.com/metrika/	43 B 112 B	66ms 66ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/metrika/advert.gif Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:16 GMT last-modified Fri, 17 Jun 2022 12:16:07 GMT etag "62ac4657-2b" strict-transport-security max-age=31536000 content-type image/gif access-control-allow-origin * cache-control max-age=3600 accept-ranges bytes content-length 43 expires Mon, 20 Jun 2022 21:38:16 GMT
GET H2	200	Vector_1.svg static.tildacdn.com/tild6464-3039-4230-b436-316464656631/	2 KB 1 KB	78ms 77ms	Image image/svg+xml	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://static.tildacdn.com/tild6464-3039-4230-b436-316464656631/Vector_1.svg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9-up-gc57, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:17 GMT content-encoding br age 0 x-cached-since 2022-06-13T12:10:18+00:00, 2022-06-19T17:01:11+00:00 x-trans-id 16bd0ef74ccb5673 tserver 10 last-modified Thu, 02 Dec 2021 21:58:15 GMT server nginx etag W/"3bd0da92e08d20c93a26e4498db2a163" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-timestamp 1638482294.74620 cache-control public cache HIT, HIT access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
GET H2	200	1.png thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/	196 B 305 B	78ms 77ms	Image image/png	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Show image Full URL https://thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/1.png Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash bb9a3150006283c76a2f38e1a0e6dfaf3bbfced1e46755421911769bf1381554 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9p-up-gc10, fr5-up-gc33 date Mon, 20 Jun 2022 20:38:17 GMT server nginx x-cached-since 2022-05-16T13:49:08+00:00, 2022-06-05T04:47:13+00:00 content-type image/png access-control-allow-origin * cache-control max-age=2600000 cache HIT, HIT
GET		Vector_1.svg static.tildacdn.com/tild6135-3635-4134-b064-363630393233/	0 0
GET H2	200	Vector_1.svg static3.tildacdn.com/tild6464-3039-4230-b436-316464656631/	2 KB 2 KB	196ms 11ms	Image image/svg+xml	13.225.78.90 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static3.tildacdn.com/tild6464-3039-4230-b436-316464656631/Vector_1.svg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.90 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-90.fra2.r.cloudfront.net Software nginx / Resource Hash a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Thu, 02 Jun 2022 04:52:40 GMT content-encoding gzip age 1612008 x-cache Hit from cloudfront x-trans-id 16bd0ef74ccb5673 access-control-allow-origin * tserver 10 last-modified Thu, 02 Dec 2021 21:58:15 GMT server nginx etag W/"3bd0da92e08d20c93a26e4498db2a163" content-type image/svg+xml via 1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront) x-timestamp 1638482294.74620 cache-control public x-amz-cf-pop FRA2-C2 x-amz-cf-id nl3dC2BA5Si4121rsg1dOlOj3F6R3ZdZ8iag4eCWRShL0GeofcuXeg== access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
GET H2	200	Vector_1.svg static3.tildacdn.com/tild6135-3635-4134-b064-363630393233/	2 KB 2 KB	200ms 16ms	Image image/svg+xml	13.225.78.90 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static3.tildacdn.com/tild6135-3635-4134-b064-363630393233/Vector_1.svg Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.90 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-90.fra2.r.cloudfront.net Software nginx / Resource Hash a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Tue, 07 Jun 2022 02:13:49 GMT content-encoding gzip age 1189538 x-cache Hit from cloudfront x-trans-id 16bd0efcedc07eea access-control-allow-origin * tserver 10 last-modified Thu, 02 Dec 2021 21:58:39 GMT server nginx etag W/"3bd0da92e08d20c93a26e4498db2a163" content-type image/svg+xml via 1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront) x-timestamp 1638482318.95914 cache-control public x-amz-cf-pop FRA2-C2 x-amz-cf-id 8qvUTvyaCcl4nlB1Osr4aiO5p1mYyZue8zmXVn9NzwB4fp2KzyFIFw== access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
GET H2	200	1 Show response mc.yandex.com/watch/25634039/ Redirect Chain https://mc.yandex.com/watch/25634039?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8%3... https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8...	331 B 413 B	66ms 66ms	XHR application/json	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A821%3Acn%3A1%3Adp%3A0%3Als%3A36265597847%3Ahid%3A960424379%3Az%3A0%3Ai%3A20220620203816%3Aet%3A1655757497%3Ac%3A1%3Arn%3A895586074%3Arqn%3A1%3Au%3A1655757497392175543%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655757496008%3Ads%3A9%2C36%2C68%2C3%2C0%2C0%2C%2C340%2C10%2C%2C%2C%2C535%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1655757497%3At%3A%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 5f150fee0e08add69bee0565ca3216074fc18e8abbed94524cdd0dbce93168af Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT x-content-type-options nosniff last-modified Mon, 20-Jun-2022 20:38:17 GMT strict-transport-security max-age=31536000 content-type application/json; charset=utf-8 access-control-allow-origin https://blog.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 331 x-xss-protection 1; mode=block expires Mon, 20-Jun-2022 20:38:17 GMT Redirect headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT last-modified Mon, 20-Jun-2022 20:38:17 GMT location /watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1axv6s0ia3io6gzr3q60o%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A821%3Acn%3A1%3Adp%3A0%3Als%3A36265597847%3Ahid%3A960424379%3Az%3A0%3Ai%3A20220620203816%3Aet%3A1655757497%3Ac%3A1%3Arn%3A895586074%3Arqn%3A1%3Au%3A1655757497392175543%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1655757496008%3Ads%3A9%2C36%2C68%2C3%2C0%2C0%2C%2C340%2C10%2C%2C%2C%2C535%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1655757497%3At%3A%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&t=gdpr%2814%29aw%281%29rqnt%281%29ti%282%29 strict-transport-security max-age=31536000 access-control-allow-origin https://blog.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true x-xss-protection 1; mode=block expires Mon, 20-Jun-2022 20:38:17 GMT
GET H2	200	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 517 B	100ms 46ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT vary Accept-Encoding cf-cache-status DYNAMIC x-hubspot-correlation-id 6e724dc2-cb3b-4eb5-bafd-a0a36c73cc55 cf-ray 71e74ea5cc449b70-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 server cloudflare x-trace 2BEAD0906EE6AE2B13D5F5199DC8D1D83D12558154000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type image/gif access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none
POST H3	200	/ Show response www.facebook.com/tr/ Frame BC5B	0 18 B	15ms 7ms	Document text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://blog.group-ib.com Referer https://blog.group-ib.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://blog.group-ib.com alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Mon, 20 Jun 2022 20:38:17 GMT priority u=0 server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/	267 B 981 B	100ms 54ms	XHR application/json	2606:4700::6811:cbcc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=25755956 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9fa3265b1d0d9f0b5025c0e03cc82d7be49319063479d7d60ccb736b32a252a9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT content-encoding br vary Accept-Encoding cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 8be4d59c-dfed-4715-bb19-f067e4cfad93 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare x-trace 2BCAA48A0675CFD19957E2C5101E46F4B9D86DDA1C000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 180 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j16noZ6VcDd8SpOx1cZdmQKbw%2FjmHhy5yIM0CFKMlbDj62C5ptha8B3Y%2FqBpL7Cnl9NRi0eje7YMSfQpc09Lf%2FFF6WM5FbkYXRddSDyX%2BuphfLmP9%2BOX%2FO47YfgPanRhv8iHsCiCSUTa3rNMR6zjlA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json;charset=utf-8 access-control-allow-origin https://blog.group-ib.com access-control-allow-credentials false cf-ray 71e74ea689a40208-ZRH access-control-allow-headers *
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1004 B	109ms 66ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2153072566&v=1.1&a=25755956&rcu=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pu=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&t=%22We+find+many+things+that+others+do+not+even+see%22&cts=1655757497322&vi=57d8b0a670ae9efb8597f8df46ee06c7&nc=true&u=84897990.57d8b0a670ae9efb8597f8df46ee06c7.1655757497319.1655757497319.1655757497319.1&b=84897990.1.1655757497319&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT vary Accept-Encoding cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id b866ff81-e96d-4575-8907-9c1864f348d5 cf-ray 71e74ea69ea401f4-ZRH p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 45 last-modified Mon, 20 Jun 2022 20:38:17 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSO5FWPd5NPTSIRsnmMynMx154v5ov8z2PiwUvzea%2FKVKINL%2FzqHqQJ0hT%2BLvincCnTR094RwfyaWbmJuIdmhtgt%2BCxWBVVkrZjn7xlEejQZDVsHxDzF3SA0l2QKU0Yooxm4vJmeXGEL4v0i%2Felvd%2F3QYw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes x-robots-tag none
GET H3	204	a www.googletagmanager.com/	0 17 B	36ms 20ms	Image image/gif	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=OPT-MG8BP56&cv=2&t=ol&p=gtmo&l=150&q=376&f=51&e=13&i=31&d=34&c=-528&hc=0&sr=0.050000&ps=0.043934803736416894&cb=1419642080 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT server Google Tag Manager vary * content-type image/gif cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	153 KB 57 KB	25ms 24ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d0bc597a6d8867898ef5e8b7b5f0bfe3459e1e49c359318877686c02fa5e3201 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 58101 x-xss-protection 0 last-modified Mon, 20 Jun 2022 18:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 20 Jun 2022 20:38:17 GMT
GET H3	200	709834390277869 Show response connect.facebook.net/signals/config/	287 KB 83 KB	55ms 54ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/709834390277869?v=2.9.62&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 8b9ee138cb6749c23cb7486c7bda1a7bcd14729ba350d1426ee72e3a40261cb2 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug g/TN7IQCGm5OOd5j2ETGB645RNv/+wvJvtXZiSsZonGbMpLSOFnjx6fFuvlfpz88Ru6mIzt4gNpi85bR3Rgtsw== cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Mon, 20 Jun 2022 20:38:17 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1655757497471 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	8 KB 3 KB	21ms 20ms	Script application/x-javascript	2a02:26f0:f7::5c7b:e00b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e00b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 662 Date Mon, 20 Jun 2022 20:38:17 GMT Content-Encoding gzip Last-Modified Wed, 13 Apr 2022 23:25:22 GMT X-CDN AKAM X-EdgeConnect-MidMile-RTT 0 Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=75809 Connection keep-alive Accept-Ranges bytes Content-Length 3085
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	39 KB 15 KB	48ms 20ms	Script text/javascript	172.217.18.2 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.2 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s28-in-f2.1e100.net Software cafe / Resource Hash 33272713d84ffdaab3a61030b3c4cecca56a0f00485bd02767a96e61bc45452d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15000 x-xss-protection 0 server cafe etag 6069194915506431635 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Mon, 20 Jun 2022 20:38:17 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 88 B	7ms 7ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&rl=&if=false&ts=1655757497497&sw=1600&sh=1200&ud[external_id]=57d8b0a670ae9efb8597f8df46ee06c7&v=2.9.62&r=stable&ec=0&o=30&fbp=fb.1.1655757496670.972465114&it=1655757496564&coo=false&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:17 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Mon, 20 Jun 2022 20:38:17 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	2 KB 2 KB	50ms 22ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1655757497528&cv=9&fst=1655757497528&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3a667c7840d87bce1e110f7c3508b23b2e181f9f0a2de07a9709ff0d16e2650a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1068 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	293ms 293ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A16%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:17 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 64 B	35ms 18ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1655757497528&cv=9&fst=1655755200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&async=1&fmt=3&is_vtc=1&random=2380268196&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 64 B	36ms 20ms	Image image/gif	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1655757497528&cv=9&fst=1655755200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&async=1&fmt=3&is_vtc=1&random=2380268196&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:17 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 193 B	335ms 34ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 Requested by Host: js-eu1.hscollectedforms.net URL: https://js-eu1.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers date Mon, 20 Jun 2022 20:38:18 GMT vary Accept-Encoding cf-cache-status DYNAMIC x-hubspot-correlation-id dd92eb80-4519-4b8e-ad4a-439b552ae50e cf-ray 71e74eac69909b70-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35 server cloudflare x-trace 2BA9F09DE26B96DF8C4FF8416937E6D44C5968D2FA000000000000000000 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type image/gif access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none
POST H3	200	/ Show response www.facebook.com/tr/ Frame FCE1	0 15 B	8ms 7ms	Document text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://blog.group-ib.com Referer https://blog.group-ib.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://blog.group-ib.com alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Mon, 20 Jun 2022 20:38:18 GMT priority u=0 server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	2 KB 1 KB	36ms 21ms	Script text/javascript	2a00:1450:4001:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1655757498016&cv=9&fst=1655757498016&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c9feab346ecd1621cbb03c9d46c537558e9c71b88b474771ab71b9787912feec Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:18 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1068 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 64 B	21ms 20ms	Image image/gif	2a00:1450:4001:813::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1655757498016&cv=9&fst=1655755200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&async=1&fmt=3&is_vtc=1&random=1537434347&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:18 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 64 B	34ms 34ms	Image image/gif	2a00:1450:4001:82a::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1655757498016&cv=9&fst=1655755200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa6f0&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&tiba=%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%22&async=1&fmt=3&is_vtc=1&random=1537434347&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:18 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	tilda-stat-1.0.min.js Show response static.tildacdn.com/js/	8 KB 3 KB	77ms 77ms	Script application/javascript	2a03:90c0:41:2801::254 GCORE
General Check archive.org Show headers Download Go to Full URL https://static.tildacdn.com/js/tilda-stat-1.0.min.js Requested by Host: blog.group-ib.com URL: https://blog.group-ib.com/rostovtsev Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU), Reverse DNS Software nginx / Resource Hash 5daef6384e28a7e4ea9a31467fb07d4fb40b40f5257052c3eca6f4c4dda7266e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-id m9p-up-gc10, fr5-up-gc32 date Mon, 20 Jun 2022 20:38:18 GMT content-encoding br tserver 13 last-modified Sun, 12 Jun 2022 21:04:06 GMT server nginx etag W/"62a654c6-1f57" vary Accept-Encoding x-cached-since 2022-06-12T21:05:29+00:00, 2022-06-12T21:05:29+00:00 content-type application/javascript; charset=utf-8 cache HIT, HIT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	296ms 296ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A17%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:18 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	/ Show response stat.tildacdn.com/event/	16 B 128 B	65ms 65ms	XHR application/json	193.3.17.197 TILDAPUBLISHING-RU-1
General Check archive.org Show headers Download Go to Full URL https://stat.tildacdn.com/event/ Requested by Host: static.tildacdn.com URL: https://static.tildacdn.com/js/tilda-stat-1.0.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.3.17.197 , Russian Federation, ASN210753 (TILDAPUBLISHING-RU-1, RU), Reverse DNS Software nginx / Resource Hash fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers access-control-allow-origin https://blog.group-ib.com date Mon, 20 Jun 2022 20:38:19 GMT server nginx content-type application/json;charset=utf-8
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	300ms 300ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A18%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:19 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Fri, 21 Feb 2020 18:57:20 GMT Server nginx/1.14.0 (Ubuntu) ETag "5e502810-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	25634039 Show response mc.yandex.com/webvisor/	43 B 73 B	315ms 70ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/webvisor/25634039?wmode=0&wv-part=1&wv-hit=960424379&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&rn=880262967&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1655757500%3Aw%3A1600x1200%3Av%3A821%3Az%3A0%3Ai%3A20220620203819%3Au%3A1655757497392175543%3Avf%3A1axv6s0ia3io6gzr3q60o%3Awe%3A1%3Ast%3A1655757500&t=gdpr(14)ti(2) Requested by Host: mc.yandex.ru URL: https://mc.yandex.ru/metrika/tag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:19 GMT last-modified Mon, 20-Jun-2022 20:38:19 GMT strict-transport-security max-age=31536000 content-type image/gif access-control-allow-origin https://blog.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Mon, 20-Jun-2022 20:38:19 GMT
POST H2	200	25634039 Show response mc.yandex.com/webvisor/	43 B 145 B	249ms 66ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/webvisor/25634039?wmode=0&wv-part=1&wv-hit=960424379&page-url=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&rn=1005296286&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1655757500%3Aw%3A1600x1200%3Av%3A821%3Az%3A0%3Ai%3A20220620203819%3Au%3A1655757497392175543%3Avf%3A1axv6s0ia3io6gzr3q60o%3Awe%3A1%3Ast%3A1655757500&t=gdpr(14)ti(2) Requested by Host: mc.yandex.ru URL: https://mc.yandex.ru/metrika/tag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://blog.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 20 Jun 2022 20:38:19 GMT last-modified Mon, 20-Jun-2022 20:38:19 GMT strict-transport-security max-age=31536000 content-type image/gif access-control-allow-origin https://blog.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Mon, 20-Jun-2022 20:38:19 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	299ms 298ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A19%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:20 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	293ms 292ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A20%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:21 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Tue, 05 Oct 2021 22:17:52 GMT Server nginx/1.14.0 (Ubuntu) ETag "615ccf10-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	img.gif b.6sc.co/v1/beacon/	43 B 774 B	293ms 293ms	Image image/gif	104.89.35.64 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=7de17b5ce9290000b8dab06223020000b89c6e00&session=43c84f28-48e2-4984-8382-55fa02e6ead8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2020%20Jun%202022%2020%3A38%3A21%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%226009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nikita%20Rostovtsev%20on%20current%20cyber%20threats%20and%20his%20profession%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5C%22We%20find%20many%20things%20that%20others%20do%20not%20even%20see%5C%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2Frostovtsev&pageViewId=bb403f18-8411-4392-8d4c-a8622b481085&an_uid=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.89.35.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-89-35-64.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers Date Mon, 20 Jun 2022 20:38:22 GMT X-Content-Type-Options nosniff Connection keep-alive Content-Length 43 Pragma no-cache Last-Modified Sat, 05 Jun 2021 07:56:05 GMT Server nginx/1.14.0 (Ubuntu) ETag "60bb2e15-2b" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET,POST Content-Type image/gif Access-Control-Allow-Origin Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Access-Control-Allow-Credentials true Accept-Ranges bytes Access-Control-Allow-Headers * Expires Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

static.tildacdn.com

URL

https://static.tildacdn.com/tild6135-3635-4134-b064-363630393233/Vector_1.svg