blog.group-ib.com Open in urlscan Pro
185.129.100.113 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.group-ib.com/0ktapus
Submission: On November 15 via manual (November 15th 2022, 8:03:42 am UTC) from FR — Scanned from FR

Summary HTTP 108 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 32 IPs in 4 countries across 25 domains to perform 108 HTTP transactions. The main IP is 185.129.100.113, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is blog.group-ib.com.
TLS certificate: Issued by R3 on September 13th 2022. Valid for: 3 months.

This is the only time blog.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.129.100.113 185.129.100.113	57724 (DDOS-GUARD) (DDOS-GUARD)
1	162.55.188.142 162.55.188.142	24940 (HETZNER-AS) (HETZNER-AS)
47	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
2	178.248.236.28 178.248.236.28	197068 (QRATOR) (QRATOR)
3	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
9	184.24.7.242 184.24.7.242	16625 (AKAMAI-AS) (AKAMAI-AS)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:780... 2a02:26f0:780::5f65:3671	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:340... 2a02:26f0:3400:190::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
2	65.9.66.86 65.9.66.86	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	172.65.219.229 172.65.219.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.192.122 172.65.192.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:cacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.193.34 172.65.193.34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	193.3.17.197 193.3.17.197	210753 (TILDAPUBL...) (TILDAPUBLISHING-RU-1)
108	32

1 185.129.100.113 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

blog.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.188.142 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.142.188.55.162.clients.your-server.de

neo.tildacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

static.tildacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
thumb.tildacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.248.236.28 (Russian Federation)

ASN197068 (QRATOR, RU)

ws.tildacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 184.24.7.242 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-7-242.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::5f65:3671 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.82 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3400:190::1c91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-86.fra56.r.cloudfront.net

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)

api-eu1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.193.34 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.3.17.197 (Russian Federation)

ASN210753 (TILDAPUBLISHING-RU-1, RU)
PTR: 197-17.addr.tildacdn.net

stat.tildacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	tildacdn.com neo.tildacdn.com — Cisco Umbrella Rank: 90640 static.tildacdn.com — Cisco Umbrella Rank: 53035 ws.tildacdn.com — Cisco Umbrella Rank: 95102 thumb.tildacdn.com — Cisco Umbrella Rank: 85842 stat.tildacdn.com — Cisco Umbrella Rank: 83902	341 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 6507 c.6sc.co — Cisco Umbrella Rank: 9776 ipv6.6sc.co — Cisco Umbrella Rank: 6923 b.6sc.co — Cisco Umbrella Rank: 4655	14 KB
5	google.fr www.google.fr — Cisco Umbrella Rank: 14781	757 B
5	google.com www.google.com — Cisco Umbrella Rank: 2	757 B
5	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	5 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	233 B
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 355 www.linkedin.com — Cisco Umbrella Rank: 576 px4.ads.linkedin.com — Cisco Umbrella Rank: 6256	3 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 139	196 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 53	219 KB
2	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 38773	630 B
2	hubspot.com forms-eu1.hubspot.com — Cisco Umbrella Rank: 33179 track-eu1.hubspot.com — Cisco Umbrella Rank: 24346	2 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1409	376 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	20 KB
1	hubapi.com api-eu1.hubapi.com — Cisco Umbrella Rank: 46720	879 B
1	hscollectedforms.net js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 34543	24 KB
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 22907	20 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 22391	16 KB
1	hsadspixel.net js-eu1.hsadspixel.net — Cisco Umbrella Rank: 45390	3 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 528	396 B
1	t.co t.co — Cisco Umbrella Rank: 475	378 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 426	701 B
1	hs-scripts.com js-eu1.hs-scripts.com — Cisco Umbrella Rank: 21032	907 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 716	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 603	15 KB
1	group-ib.com blog.group-ib.com	21 KB
108	25

	Domain	Requested by
43	static.tildacdn.com	blog.group-ib.com ws.tildacdn.com
7	b.6sc.co	blog.group-ib.com
5	www.google.fr	blog.group-ib.com
5	www.google.com	blog.group-ib.com
4	googleads.g.doubleclick.net	www.googletagmanager.com
4	www.facebook.com	blog.group-ib.com
4	thumb.tildacdn.com	blog.group-ib.com
3	connect.facebook.net	blog.group-ib.com connect.facebook.net
3	www.googletagmanager.com	blog.group-ib.com js-eu1.hsadspixel.net www.googletagmanager.com
2	forms-eu1.hsforms.com	blog.group-ib.com js-eu1.hscollectedforms.net
2	px.ads.linkedin.com	2 redirects
2	cdn.linkedin.oribi.io	snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com blog.group-ib.com
2	ws.tildacdn.com	blog.group-ib.com
1	stat.tildacdn.com	static.tildacdn.com
1	track-eu1.hubspot.com
1	forms-eu1.hubspot.com	js-eu1.hscollectedforms.net
1	api-eu1.hubapi.com	js-eu1.hsadspixel.net
1	js-eu1.hscollectedforms.net	js-eu1.hs-scripts.com
1	js-eu1.hs-analytics.net	js-eu1.hs-scripts.com
1	js-eu1.hs-banner.com	js-eu1.hs-scripts.com
1	js-eu1.hsadspixel.net	js-eu1.hs-scripts.com
1	analytics.twitter.com	blog.group-ib.com
1	t.co	blog.group-ib.com
1	px4.ads.linkedin.com	blog.group-ib.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	js-eu1.hs-scripts.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	blog.group-ib.com
1	neo.tildacdn.com	blog.group-ib.com
1	blog.group-ib.com
108	36

This site contains links to these domains. Also see Links.

Domain
www.group-ib.com
support.signal.org
www.twilio.com
blog.cloudflare.com
www.bleepingcomputer.com
mailchimp.com
www.digitalocean.com
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
blog.group-ib.com R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
*.tildacdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-21` - `2023-03-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-08-24` - `2022-11-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-01` - `2023-10-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2022-05-07` - `2023-05-07`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://blog.group-ib.com/0ktapus
Frame ID: 9A4BAF9E24C272224FD694EA2C902E68
Requests: 108 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1DF18C05FD8C4B765957F2F9443E8248
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A6E13E882569F367695A77FE2848383F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Detected technologies

Tilda (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+tilda(?:cdn|\.ws|-blocks)
tilda(?:cdn|\.ws|-blocks)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hammer.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

hammer(?:\.min)?\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

108
Requests

98 %
HTTPS

41 %
IPv6

25
Domains

36
Subdomains

32
IPs

4
Countries

906 kB
Transfer

2388 kB
Size

30
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://www.group-ib.com/

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/blog/

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/resources/threat-research/2021-reports.html#report-5
Title: well-documented

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/products/threat-intelligence/
Title: Group-IB Threat Intelligence

Search URL Search Domain Scan URL

URL: https://support.signal.org/hc/en-us/articles/4850133017242
Title: reported

Search URL Search Domain Scan URL

URL: https://www.twilio.com/blog/august-2022-social-engineering-attack
Title: Twilio

Search URL Search Domain Scan URL

URL: https://blog.cloudflare.com/2022-07-sms-phishing-attacks/
Title: Cloudflare

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/
Title: Klaviyo

Search URL Search Domain Scan URL

URL: https://mailchimp.com/en-gb/august-2022-security-incident/
Title: Mailchimp

Search URL Search Domain Scan URL

URL: https://www.digitalocean.com/blog/digitalocean-response-to-mailchimp-security-incident
Title: DigitalOcean

Search URL Search Domain Scan URL

URL: https://support.signal.org/hc/en-us/articles/4850133017242-Twilio-Incident-What-Signal-Users-Need-to-Know-
Title: Signal

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/careers.html
Title: our vacancies

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?src=sp&u=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&title=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&utm_source=share2
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&utm_source=share2
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/security-assessment.html
Title: Security Assessment

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/red-teaming.html
Title: Red Teaming

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/pre-ir.html
Title: Pre-IR Assessment

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/compromise-assessment.html
Title: Compromise Assessment

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/cyberschool.html
Title: Cyber Education

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/investigation.html
Title: Investigations

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/digital-forensics.html
Title: Digital Forensics

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/ediscovery.html
Title: eDiscovery

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/products/managed-xdr/
Title: Managed XDR

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/products/fraud-protection/
Title: Fraud Protection

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/products/attack-surface-management/
Title: Attack Surface Management

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/antipiracy.html
Title: Digital Risk Protection

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/products/business-email-protection/
Title: Business Email Protection

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/about.html
Title: About Group-IB

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/media/
Title: Media Center

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/leadership.html
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/contacts.html
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groupibHQ

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB_GIB

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC9dl4udfrq8IqHKkETt86QQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/organization/1382013/

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/blog/rss.xml

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/cert.html
Title: CERT-GIB

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/incident-response.html
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.group-ib.com/incident-response/retainer.html
Title: Incident Response Retainer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1668499416481%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252F0ktapus%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true&e_ipv6=AQKN5yXNEHXPKwAAAYR6UKeY4pEGa_w6EpNR5U3rb7qCiIqAts5YugYmtheaG8Zfa4QvR34

108 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 0ktapus Show response
blog.group-ib.com/ 123 KB
21 KB 1248ms
185ms Document
text/html 185.129.100.113
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.129.100.113 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

49ebff8ad9788f8ba82dd1ad34dd21dcd89348267823c444c9457c3682d5e814

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=0 public
content-encoding: gzip
content-length: 21446
content-type: text/html; charset=UTF-8
date: Tue, 15 Nov 2022 08:03:35 GMT
etag: "1ec57-5e829146a27c8-gzip"
last-modified: Thu, 08 Sep 2022 11:53:37 GMT
server: ddos-guard
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-host: blog.group-ib.com

GET
H2 200 tilda-fallback-1.0.min.js Show response
neo.tildacdn.com/js/ 2 KB
1013 B 139ms
33ms Script
application/javascript 162.55.188.142
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://neo.tildacdn.com/js/tilda-fallback-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.55.188.142 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.142.188.55.162.clients.your-server.de
Software: nginx /
Resource Hash: cdf65e26b905a653bce60df182886b032b606940391badb1e3a655f434ca446c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: gzip
last-modified: Tue, 13 Sep 2022 15:15:31 GMT
server: nginx
etag: W/"63209e93-77e"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *

GET
H2 200 tilda-grid-3.0.min.css
static.tildacdn.com/css/ 4 KB
958 B 209ms
30ms Stylesheet
text/css 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/css/tilda-grid-3.0.min.css
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: f5c301b8769579afae9deb4eda7659df32661229039c6b7a37cfabd1827317ce

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc12
date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: br
tserver: 11
last-modified: Thu, 18 Mar 2021 12:08:37 GMT
server: nginx
etag: W/"605342c5-1010"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:53:13+00:00, 2022-11-10T10:18:59+00:00
content-type: text/css
cache: HIT, HIT

GET
H/1.1 200
OK tilda-blocks-page29841334.min.css
ws.tildacdn.com/project200703/ 29 KB
7 KB 355ms
294ms Stylesheet
text/css 178.248.236.28
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.tildacdn.com/project200703/tilda-blocks-page29841334.min.css?t=1662638017
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software: QRATOR /
Resource Hash: 2a378b4ed3895941ec42567225d22febc913f525739d165731e7c0ec37c06115

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Tue, 15 Nov 2022 08:03:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Sep 2022 11:53:37 GMT
Server: QRATOR
Transfer-Encoding: chunked
Content-Type: text/css
cache-control: max-age=0, public
X-Host: ws.tildacdn.com
Connection: keep-alive
Keep-Alive: timeout=15

GET
H2 200 tilda-cover-1.0.min.css
static.tildacdn.com/css/ 3 KB
742 B 207ms
28ms Stylesheet
text/css 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/css/tilda-cover-1.0.min.css
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a75252f44345abab620ab96d0d7339fcd3ce8aabd3caff7641ffb1da28233035

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc52, fr5-up-gc17
date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: br
tserver: 12
last-modified: Tue, 30 Aug 2022 09:22:13 GMT
server: nginx
etag: W/"630dd6c5-a62"
vary: Accept-Encoding
x-cached-since: 2022-10-03T09:02:12+00:00, 2022-10-05T14:01:29+00:00
content-type: text/css
cache: HIT, HIT

GET
H2 200 jquery-1.10.2.min.js Show response
static.tildacdn.com/js/ 91 KB
31 KB 203ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/jquery-1.10.2.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc52, fr5-up-gc16
date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: br
tserver: 13
last-modified: Sun, 25 Apr 2021 08:11:36 GMT
server: nginx
etag: W/"60852438-16b88"
vary: Accept-Encoding
x-cached-since: 2022-08-15T13:49:29+00:00, 2022-09-28T11:14:11+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-scripts-3.0.min.js Show response
static.tildacdn.com/js/ 14 KB
4 KB 209ms
31ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-scripts-3.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 7856e0e7783ca9eecff9b1bbda287b6d75be114a052e7405049db2f952ab7e27

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc29
date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: br
tserver: 13
last-modified: Wed, 21 Sep 2022 11:45:44 GMT
server: nginx
etag: W/"632af968-3618"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:48:32+00:00, 2022-11-03T12:08:44+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H/1.1 200
OK tilda-blocks-page29841334.min.js Show response
ws.tildacdn.com/project200703/ 1 KB
889 B 295ms
233ms Script
application/javascript 178.248.236.28
QRATOR

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.tildacdn.com/project200703/tilda-blocks-page29841334.min.js?t=1662638017
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software: QRATOR /
Resource Hash: 76ff7b9032801e8f6d14315a1c8a86165d80e0d318de34ef87748b004378d8ce

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Tue, 15 Nov 2022 08:03:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Sep 2022 11:53:37 GMT
Server: QRATOR
Transfer-Encoding: chunked
Content-Type: application/javascript
cache-control: max-age=0, public
X-Host: ws.tildacdn.com
Connection: keep-alive
Keep-Alive: timeout=15

GET
H2 200 lazyload-1.3.min.js Show response
static.tildacdn.com/js/ 19 KB
6 KB 25ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/lazyload-1.3.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e61ad1d7815af24fe8fa9d94b02e25517c314ea3030d615d96dbd2e2f7283b3a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:35 GMT
content-encoding: br
tserver: 13
last-modified: Wed, 09 Nov 2022 13:47:45 GMT
server: nginx
etag: W/"636baf81-4d91"
vary: Accept-Encoding
x-cached-since: 2022-11-09T13:47:52+00:00, 2022-11-10T10:02:11+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-cover-1.0.min.js Show response
static.tildacdn.com/js/ 12 KB
3 KB 25ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-cover-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: d4ae9a515e5200b13d9cf4da3a0a8768bbaffaf610a6854b6a1209d521b8e79e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc32
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 12
last-modified: Mon, 07 Nov 2022 11:31:02 GMT
server: nginx
etag: W/"6368ec76-2f1e"
vary: Accept-Encoding
x-cached-since: 2022-11-08T09:59:09+00:00, 2022-11-08T09:59:09+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-zoom-2.0.min.js Show response
static.tildacdn.com/js/ 26 KB
6 KB 25ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-zoom-2.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b303e78523856ff04c85507a78179f03507146941a551beff8b0d141e6310613

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc28
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 13
last-modified: Mon, 14 Nov 2022 11:27:16 GMT
server: nginx
etag: W/"63722614-66a6"
vary: Accept-Encoding
x-cached-since: 2022-11-14T11:27:22+00:00, 2022-11-14T11:27:23+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 hammer.min.js Show response
static.tildacdn.com/js/ 20 KB
7 KB 26ms
26ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/hammer.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 090a7068a2209545279f858c6f41ff7ae42815e11c3d69463a2a2ea835282bd9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc58, fr5-up-gc32
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 8
last-modified: Thu, 18 Mar 2021 12:08:37 GMT
server: nginx
etag: W/"605342c5-50f6"
vary: Accept-Encoding
x-cached-since: 2022-10-02T14:00:23+00:00, 2022-10-24T16:30:40+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-t431-table-1.0.min.js Show response
static.tildacdn.com/js/ 6 KB
2 KB 24ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-t431-table-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 8dfcbd7085c9bd097557529d6fa20b50aad20de04190e7bc22c6b2f20984d6a0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc16
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 8
last-modified: Wed, 18 May 2022 12:23:09 GMT
server: nginx
etag: W/"6284e52d-1764"
vary: Accept-Encoding
x-cached-since: 2022-10-30T20:25:59+00:00, 2022-11-02T10:56:02+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-zero-1.0.min.js Show response
static.tildacdn.com/js/ 31 KB
7 KB 27ms
27ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-zero-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b41fcf98b7650ce5971b01efefd38a9ae4b42d83b3c551a8362e0ec7620aa7be

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc32
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 9
last-modified: Fri, 02 Sep 2022 09:50:35 GMT
server: nginx
etag: W/"6311d1eb-7dc1"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:47:40+00:00, 2022-11-10T10:36:55+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-events-1.0.min.js Show response
static.tildacdn.com/js/ 13 KB
4 KB 30ms
30ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-events-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 521bd1fb3a256e1a6ce843a60daff90f021ed507019e1507524f435550cac474

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc34
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 10
last-modified: Fri, 07 Oct 2022 16:20:46 GMT
server: nginx
etag: W/"634051de-3590"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:51:05+00:00, 2022-11-10T11:19:21+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 tilda-zoom-2.0.min.css
static.tildacdn.com/css/ 6 KB
1 KB 48ms
38ms Stylesheet
text/css 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/css/tilda-zoom-2.0.min.css
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0037ace955e198e11485bec5320c8bbf620c5df5116299ff7616108bbe3d5570

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc35
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 9
last-modified: Tue, 28 Jun 2022 08:54:39 GMT
server: nginx
etag: W/"62bac1cf-1770"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:47:59+00:00, 2022-11-11T09:52:32+00:00
content-type: text/css
cache: HIT, HIT

GET
H2 200 ezgif-3-c0d73ecafa.jpg
static.tildacdn.com/tild6636-6535-4334-b833-323165613233/-/empty/ 90 B
222 B 27ms
27ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6636-6535-4334-b833-323165613233/-/empty/ezgif-3-c0d73ecafa.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: de435dc7afb9707f1d4f4f14735c1483f6608634e46185cf984611e40b4d855b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc33
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 9
server: nginx
x-cached-since: 2022-11-14T13:27:48+00:00, 2022-11-14T14:51:24+00:00
content-type: image/jpeg
cache-control: public
cache: HIT, HIT
expires: Sun, 27 Nov 2022 23:59:59 GMT

GET
H2 200 Rustam_Mirkasymov.jpg
static.tildacdn.com/tild6666-3735-4730-a465-623737363331/-/empty/ 242 B
338 B 37ms
23ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6666-3735-4730-a465-623737363331/-/empty/Rustam_Mirkasymov.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6bc21fff3dcf843304f11b0573485efb56d1081c292792e79177203338584f95

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc28
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 12
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 blog_5.png
static.tildacdn.com/tild3936-3533-4862-b665-623261393032/-/empty/ 996 B
1 KB 42ms
24ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3936-3533-4862-b665-623261393032/-/empty/blog_5.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0338467bccccc4115d78dfc16b3f852927dc9ce4cd819c575ddfb6b93c945a37

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc38
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 10
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild6230-6136-4133-a634-383430613863/-/empty/ 157 B
201 B 50ms
32ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6230-6136-4133-a634-383430613863/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 8c6f549750ca5d76572bbff2b30da76ff221ff30742e3f841a9ab70ff1c85a28

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc29
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 13
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild6332-6563-4230-a666-633033616334/-/empty/ 616 B
690 B 48ms
31ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6332-6563-4230-a666-633033616334/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: dbf16ba3297cda836f144d15a3db25f70e28902f850dcf04aea5396f21b17128

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc35
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 10
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:22+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.png
static.tildacdn.com/tild6637-6364-4163-b733-643734386239/-/empty/ 600 B
666 B 43ms
26ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6637-6364-4163-b733-643734386239/-/empty/photo_2022-08-22_13-.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 58d8e61c301ef9b75bb69fb7bd4b8615e4bce81168202b454540fc308a0d3c99

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 11
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Sat, 26 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3435-3130-4133-b731-616630373434/-/empty/ 391 B
434 B 44ms
27ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3435-3130-4133-b731-616630373434/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ecbda16a65354685d3d805d4433b5b67fc15961ce0c2428a96c1c47eb9b44493

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc34
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 9
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 unnamed_2.png
static.tildacdn.com/tild3936-3438-4530-b234-323864346165/-/empty/ 368 B
422 B 45ms
29ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3936-3438-4530-b234-323864346165/-/empty/unnamed_2.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: d88ec1e3719ec8c732b485e55fd899e26b69de3c68b524398fbf501b751ad3d0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc36
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 8
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3633-6161-4662-b933-656432343165/-/empty/ 436 B
480 B 48ms
34ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3633-6161-4662-b933-656432343165/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: bcf9ed5860415795e784f2bc1307deb63fa7514d44137418675a9db67d012ffc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc38
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 13
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3366-6339-4765-b161-636162323462/-/empty/ 556 B
599 B 49ms
35ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3366-6339-4765-b161-636162323462/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 3b25c63a2c0c2b60c603a2569d0711c0c17a436d65a1dbaa626840142dbf0087

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc36
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 10
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 0ktapus_2_1.jpg
static.tildacdn.com/tild3831-3561-4764-b966-346563663931/-/empty/ 996 B
1 KB 50ms
36ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3831-3561-4764-b966-346563663931/-/empty/0ktapus_2_1.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0338467bccccc4115d78dfc16b3f852927dc9ce4cd819c575ddfb6b93c945a37

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc34
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 12
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 0ktapus_4_1.jpg
static.tildacdn.com/tild3936-3731-4338-b736-313762346164/-/empty/ 996 B
1 KB 54ms
41ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3936-3731-4338-b736-313762346164/-/empty/0ktapus_4_1.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0338467bccccc4115d78dfc16b3f852927dc9ce4cd819c575ddfb6b93c945a37

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc33
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 12
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 0ktapus_1.jpg
static.tildacdn.com/tild3963-3335-4265-b165-386331623166/-/empty/ 996 B
1 KB 58ms
45ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3963-3335-4265-b165-386331623166/-/empty/0ktapus_1.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0338467bccccc4115d78dfc16b3f852927dc9ce4cd819c575ddfb6b93c945a37

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc36
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 10
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3430-6330-4536-b234-303063643464/-/empty/ 113 B
158 B 66ms
53ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3430-6330-4536-b234-303063643464/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 07d5ddb6769c1e3f8b78f6db114478bc603c9edb512ac65716967a06bb7200c1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc28
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 12
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Thu, 24 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild6637-6131-4335-b731-643636303364/-/empty/ 591 B
635 B 65ms
52ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6637-6131-4335-b731-643636303364/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 5883a8181a1a780109a2f1c3d93851bb6d82d87bd451fcfe1c1f2023b8f3c2c3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc28
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 11
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Sat, 26 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3431-3132-4565-b730-343661366564/-/empty/ 201 B
254 B 55ms
43ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3431-3132-4565-b730-343661366564/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0ae290d9efb32ea1987dcf2c27dc12fc103febff2f97a5bce5306ca1cee2de31

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc8
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 8
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild3762-6336-4837-b539-626239616434/-/empty/ 163 B
208 B 63ms
51ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3762-6336-4837-b539-626239616434/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 8b2d64312ddb22046a518d9afc005eebb1576887b631ddd8a62adda00cc4f3f4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc32
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 12
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/jpeg
cache-control: public
cache: HIT, HIT
expires: Sun, 27 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild6463-6663-4830-b264-333461303638/-/empty/ 235 B
279 B 51ms
39ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6463-6663-4830-b264-333461303638/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ee4b3f2a143164a68fb93bbf5e78a0fd0da18f71cd3990ce038a635e23c84c6f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 13
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 photo_2022-08-22_13-.jpg
static.tildacdn.com/tild6537-3364-4334-b761-663930376631/-/empty/ 586 B
640 B 53ms
42ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6537-3364-4334-b761-663930376631/-/empty/photo_2022-08-22_13-.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b3ad208ee535c1e50d0f0d334fe9f461995d480a910aea73897b67381ca6d36d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc10
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 13
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Fri, 25 Nov 2022 23:59:59 GMT

GET
H2 200 ya-share.js Show response
static.tildacdn.com/js/ 82 KB
25 KB 60ms
49ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/ya-share.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 2e59794c9e506814df50c2fe349d9fc8d6418a5959ba5a5b18cbc4742ebba1de

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc36
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
tserver: 10
last-modified: Fri, 30 Sep 2022 13:13:50 GMT
server: nginx
etag: W/"6336eb8e-147ff"
vary: Accept-Encoding
x-cached-since: 2022-11-08T08:13:25+00:00, 2022-11-10T11:04:18+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 258 KB
85 KB 120ms
51ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da5d13a7f6b3621ae9cf0690e3f3bb3cf4382b411ac66036637a237a8f63538f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86565
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Nov 2022 08:03:36 GMT

GET
H2 200 blog.jpg
static.tildacdn.com/tild3032-3637-4362-a236-626564646133/-/resize/20x/ 392 B
459 B 64ms
54ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3032-3637-4362-a236-626564646133/-/resize/20x/blog.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 35d188d189d057100cedb905fdda5cbc3786e207a2d1d6355214b1463bf4fe53

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc28
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 8
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/jpeg
cache-control: public
cache: HIT, HIT
expires: Thu, 01 Dec 2022 23:59:59 GMT

GET
H2 200 SFUIDisplayMedium.woff
static.tildacdn.com/tild3239-3033-4235-a566-376533383664/ 71 KB
71 KB 94ms
29ms Font
application/x-font-woff 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/tild3239-3033-4235-a566-376533383664/SFUIDisplayMedium.woff
Requested by: Host: ws.tildacdn.com
URL: https://ws.tildacdn.com/project200703/tilda-blocks-page29841334.min.css?t=1662638017
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 19cc6e4b03f164ccb8d68121c3dfc374926bc9eaab12a4216306963bdefd76de

Request headers

Referer: https://ws.tildacdn.com/
Origin: https://blog.group-ib.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-container-storage-policy-name: Policy-0
x-id: m9p-up-gc37, fr5-up-gc38
date: Tue, 15 Nov 2022 08:03:36 GMT
age: 0
x-cached-since: 2022-11-14T13:05:13+00:00, 2022-11-14T13:30:04+00:00
content-length: 72492
tserver: 8
last-modified: Tue, 18 Apr 2017 12:57:08 GMT
server: nginx
etag: "3ba1b30b31cc1d325b305f3951058787"
content-type: application/x-font-woff
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
cache: HIT, HIT
x-timestamp: 1492520227.30915
x-container-storage-policy-index: 0
accept-ranges: bytes

GET
H2 200 SFUIDisplayLight.woff
static.tildacdn.com/tild6463-6361-4432-b234-333934313939/ 71 KB
71 KB 91ms
26ms Font
application/x-font-woff 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/tild6463-6361-4432-b234-333934313939/SFUIDisplayLight.woff
Requested by: Host: ws.tildacdn.com
URL: https://ws.tildacdn.com/project200703/tilda-blocks-page29841334.min.css?t=1662638017
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 07cc9932ed0e2c7a958c6bf6e3a928847b9fe3f271832767ec89ee34e78f5227

Request headers

Referer: https://ws.tildacdn.com/
Origin: https://blog.group-ib.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-container-storage-policy-name: Policy-0
x-id: m9-up-gc46, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:36 GMT
age: 0
x-cached-since: 2022-11-10T12:38:29+00:00, 2022-11-10T12:48:04+00:00
content-length: 72608
tserver: 12
last-modified: Tue, 18 Apr 2017 12:57:03 GMT
server: nginx
etag: "08edc0015cdeec9e755f0ce361281b27"
content-type: application/x-font-woff
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
cache: HIT, HIT
x-timestamp: 1492520222.13412
x-container-storage-policy-index: 0
accept-ranges: bytes

GET
H2 200 unnamed_1.png
static.tildacdn.com/tild3736-3535-4831-b732-626664323731/-/resize/20x/ 962 B
1005 B 25ms
24ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3736-3535-4831-b732-626664323731/-/resize/20x/unnamed_1.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: c10e693f8494d3dc0c52402ea400b0046e9086384974b43ed20950a4f5491fe4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc10
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 8
server: nginx
x-cached-since: 2022-11-14T13:27:49+00:00, 2022-11-14T14:51:24+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Sat, 26 Nov 2022 23:59:59 GMT

GET
H2 200 Frame3.png
static.tildacdn.com/tild6661-3430-4734-b066-336264656663/-/resizeb/20x/ 887 B
973 B 28ms
27ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6661-3430-4734-b066-336264656663/-/resizeb/20x/Frame3.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 433d9e9d1898c6d0694a38adba4d7c5ecc5bdbf1cd896bc58df51dcaedbe343b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc34
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 9
server: nginx
x-cached-since: 2022-10-28T00:44:36+00:00, 2022-10-28T05:57:20+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Sat, 26 Nov 2022 23:59:59 GMT

GET
H2 200 DRP_2.png
static.tildacdn.com/tild3666-3963-4334-a566-623331336233/-/resizeb/20x/ 734 B
826 B 27ms
26ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3666-3963-4334-a566-623331336233/-/resizeb/20x/DRP_2.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 751baf89cb4a39284c97a0cb6f03c1d420097d590a1a9ed34a537fb40ad2e20b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 9
server: nginx
x-cached-since: 2022-11-10T15:09:38+00:00
content-type: image/png
cache-control: public
cache: MISS, HIT
expires: Tue, 06 Dec 2022 23:59:59 GMT

GET
H2 200 1_URP_Cover_1680x900.jpg
static.tildacdn.com/tild6462-3339-4363-b365-363162643263/-/resizeb/20x/ 340 B
424 B 25ms
24ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6462-3339-4363-b365-363162643263/-/resizeb/20x/1_URP_Cover_1680x900.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 3c8478777e4714f32b67e7dff359ccd2ef2dc5ea0b3070573e408b70acb019e1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc10
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 9
server: nginx
x-cached-since: 2022-11-10T16:17:43+00:00, 2022-11-10T16:30:41+00:00
content-type: image/jpeg
cache-control: public
cache: HIT, HIT
expires: Sun, 27 Nov 2022 23:59:59 GMT

GET
H2 200 telegram-cloud-docum.jpg
static.tildacdn.com/tild3633-3131-4931-b363-323635633836/-/resizeb/20x/ 665 B
752 B 28ms
28ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild3633-3131-4931-b363-323635633836/-/resizeb/20x/telegram-cloud-docum.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: dc0b82d13fbd68066a65e7241087c2b93e0c6f75bfd300f79d955ec31366ed8c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc38
date: Tue, 15 Nov 2022 08:03:36 GMT
tserver: 11
server: nginx
x-cached-since: 2022-11-14T12:33:54+00:00, 2022-11-14T13:43:36+00:00
content-type: image/png
cache-control: public
cache: HIT, HIT
expires: Sun, 27 Nov 2022 23:59:59 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 280 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaa53b7966f71ea94c27d3ec4f5598a616723c1576bbc707698f8fc2db4b54b4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 579 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d005c1939236926ac6f06522f0a1e32eeffda988f6272efb8b7a698be2dfb9d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 blog.jpg
thumb.tildacdn.com/tild3032-3637-4362-a236-626564646133/-/format/webp/ 66 KB
67 KB 49ms
25ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.tildacdn.com/tild3032-3637-4362-a236-626564646133/-/format/webp/blog.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 4029a41debba25fa43d168cbf57ae94350d3b55dfd03b23d199ac265ab7397d2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc16
date: Tue, 15 Nov 2022 08:03:36 GMT
last-modified: Thu, 29 Sep 2022 20:31:41 GMT
server: nginx
etag: "633600ad-10922"
x-cached-since: 2022-11-14T19:03:20+00:00
content-type: image/jpeg
access-control-allow-origin: *
cache: MISS, HIT
x-tilda-server: 3
accept-ranges: bytes
content-length: 67874

GET
H2 200 6si.min.js Show response
j.6sc.co/ 30 KB
10 KB 109ms
25ms Script
application/javascript 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 29 Sep 2022 20:55:46 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63360652-7700"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 9869
expires: Tue, 15 Nov 2022 08:03:36 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 125ms
25ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230065-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 108ms
27ms Script
application/x-javascript 2a02:26f0:780::5f65:3671
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::5f65:3671 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9549e9deeeab6d3a9f6ab1347e1b859fd5791cec82ff1a4175757c28b3df78e7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Nov 2022 19:27:04 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=75690
accept-ranges: bytes
content-length: 4530

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 124ms
39ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 15 Nov 2022 08:03:36 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27340
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: +DWD81pb7e8HsmX/1wQdqUKIHB5a7YThUlANg+VhWSlH3W/wMQLfyvRITrF/UmLp8spNBjDZvjupGOjVunroXg==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 25755956.js Show response
js-eu1.hs-scripts.com/ 2 KB
907 B 169ms
84ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-scripts.com/25755956.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6055f7e5a6117d65af0fa848642bc49f5de8d207e84ba85edcbf14af6872275

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Tue, 15 Nov 2022 08:00:12 GMT
server: cloudflare
x-hubspot-correlation-id: c3f8a4b8-b6b4-4df4-9a84-0ed7408ad7c4
x-trace: 2BBBC11096FA352330D7562E00789C56FA88B7AC9F000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.group-ib.com
cache-control: public, max-age=30
access-control-allow-credentials: true
cf-ray: 76a678a8aa10d6a6-CDG

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 83ms
24ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 15 Nov 2022 07:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2862
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 15 Nov 2022 09:15:54 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
701 B 95ms
29ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Nov 2022 08:03:36 GMT
AN-X-Request-Uuid: ab983e5d-78d1-4770-94f1-3b1f775c752e
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://blog.group-ib.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 37.59.164.96; 37.59.164.96; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
203 B 120ms
77ms XHR
text/html 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-7-242.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://blog.group-ib.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
254 B 128ms
29ms XHR
text/html 2a02:26f0:3400:190::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400:190::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: df6137b7ef8a387e6691aa897daf74059c8778ec97a65584036e674eca507df1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:36 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://blog.group-ib.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:41d0:8:d154::5
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 19
expires: Tue, 15 Nov 2022 08:03:36 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 79ms
23ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-25492706-2&cid=939418237.1668499416&jid=1784447406&gjid=2016639250&_gid=704869938.1668499416&_u=YGBAgEABAAAAAEAEK~&z=616710765

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

533036bd37d4d87bd4e3cad3010f2a29d00f24ffc34bb5b22598951c44d91452

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.group-ib.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 15 Nov 2022 08:03:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.group-ib.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 27ms
26ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=469166092&t=pageview&_s=1&dl=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&ul=en-us&de=UTF-8&dt=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAAAAEK~&jid=1784447406&gjid=2016639250&cid=939418237.1668499416&tid=UA-25492706-2&_gid=704869938.1668499416&gtm=2wgb90PW7265&cd1=939418237.1668499416&z=999983339

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Nov 2022 19:43:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44424
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/ Frame 0
0 85ms
26ms Preflight 65.9.66.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-86.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://blog.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 22581
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Tue, 15 Nov 2022 01:47:15 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-id: 3aNKPR3yCGWsNSUCklCZWWXROkoXMxcTe_HiOozswLhhWBZX-AFTQg==
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/ 36 B
376 B 30ms
29ms XHR
application/json 65.9.66.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4496601/domain/blog.group-ib.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-86.fra56.r.cloudfront.net
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://blog.group-ib.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 15 Nov 2022 07:08:21 GMT
content-encoding: gzip
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3315
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: VBOJrHDUqNLiX-0M13PDdfbgD0ZA67NHB_u2i7jh3zDVXwuzhFxw_g==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1668499416481%26url%3Dhttps%253A%252F%252Fblog.group-ib.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true&e_ipv6=AQKN5yXNEHXPKwAAAYR6UKeY4pEGa_w6EpNR5U3rb7qC...

0
266 B

499ms
168ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true&e_ipv6=AQKN5yXNEHXPKwAAAYR6UKeY4pEGa_w6EpNR5U3rb7qCiIqAts5YugYmtheaG8Zfa4QvR34
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: E4EAF18C30F34A898DD887CE8B6CF064 Ref B: AMS04EDGE3005 Ref C: 2022-11-15T08:03:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXtfcsWGaLUQKdxC/xu/w==

Redirect headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9AF232AF1DA44B46B64FCC2996C61E61 Ref B: AMS04EDGE1605 Ref C: 2022-11-15T08:03:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1668499416481&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tm=gtmv2&liSync=true&e_ipv6=AQKN5yXNEHXPKwAAAYR6UKeY4pEGa_w6EpNR5U3rb7qCiIqAts5YugYmtheaG8Zfa4QvR34
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXtfcsOiVnOCLMOjYiGww==

GET
H2 200 adsct
t.co/i/ 43 B
378 B 195ms
114ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=9bd97c88-e1d8-4b3e-b9f8-b913a52b5b47&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5245d8e3-3cfb-4e61-82fa-d6511c14dd1f&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-response-time: 91
date: Tue, 15 Nov 2022 08:03:36 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 87bc7741381c86e7
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: dd8701f1b6afe3e9927fefe374d43dc7e59f6b1d5aed6be040b932339fd6b9d7
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
396 B 350ms
110ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=9bd97c88-e1d8-4b3e-b9f8-b913a52b5b47&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5245d8e3-3cfb-4e61-82fa-d6511c14dd1f&tw_document_href=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-response-time: 88
date: Tue, 15 Nov 2022 08:03:36 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 537d74a91418e37e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 87fe1942539a06f303e7fe6bd7eb9165c4f1c26a48c8b31515ad40fe23f5d56f
content-length: 43

GET
H2 200 fb.js Show response
js-eu1.hsadspixel.net/ 6 KB
3 KB 116ms
33ms Script
application/javascript 172.65.219.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hsadspixel.net/fb.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45f97a1f00cd5aaa7a0e2ae8a3a47031764054e46fa624f71043b618b4c2398b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-amz-version-id: aoUPWE.Bu9NRjxDy7F1Soox3yNWe2Us6
via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: FRA56-C2
age: 166
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.302/bundles/pixels-release.js&cfRay=76a674998b6bd3c8-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Mon, 14 Nov 2022 03:38:56 UTC
server: cloudflare
etag: W/"c32a10854f4ff995fc7198ba0324bcc6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
cache-control: max-age=600
cf-ray: 76a678a9c9f0d2f9-CDG
x-amz-cf-id: LmvUlzeDJwjgtmfJaLnLoF4Ru40Cnwvbi82Uz0s0R8vyHLCyHTarZA==
x-hs-target-asset: adsscriptloaderstatic/static-1.302/bundles/pixels-release.js

GET
H2 200 25755956.js Show response
js-eu1.hs-banner.com/ 60 KB
16 KB 121ms
32ms Script
text/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-banner.com/25755956.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db28ab3878434a2fde445b2e8d0cdf8cc8da3362cd4eb9c447da93f4e823cee4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-amz-version-id: EXr4cBbZXuSwdz.tfn0pm5QqQsWz0KqZ
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 85NFPCRG7BDH2TNX
age: 245
x-amz-server-side-encryption: AES256
x-amz-id-2: FhzKcUY8Brzj4ou3wNyxkXJ9otr7iJFhAa1insVmHVCVFzY5VaSh3evowXOI4I2m11Tf/WbobKM=
last-modified: Tue, 25 Oct 2022 21:34:44 GMT
server: cloudflare
etag: W/"d49f2f9aff78495656cd1b344deb50fc"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://blog.group-ib.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 76a678a9ca03d2f9-CDG
expires: Tue, 15 Nov 2022 08:04:31 GMT

GET
H2 200 25755956.js Show response
js-eu1.hs-analytics.net/analytics/1668499200000/ 63 KB
20 KB 234ms
163ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1668499200000/25755956.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e29ec5a0f4522dd0cf1f3f0c23cf251e54cba5064e44cc9f9603c3e318d6b3ca

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 07 Oct 2022 15:50:55 GMT
server: cloudflare
x-amz-request-id: 49AY8BYT6NDW5W2H
etag: W/"8473bdfb06bbcafa142f7425a7e48437"
x-amz-server-side-encryption: AES256
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 76a678a9aad3d51a-CDG
x-amz-id-2: dbeU7yJQ//DJOiVnEnNVrEhRDCEsU0wtPaFQIi9ewZBkMcrgBWR+sl0pZ7J6lQpvIWhPD8dhgpM=
expires: Tue, 15 Nov 2022 08:08:36 GMT

GET
H2 200 collectedforms.js Show response
js-eu1.hscollectedforms.net/ 67 KB
24 KB 105ms
33ms Script
application/javascript 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hscollectedforms.net/collectedforms.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b95756cd4df87f5e818b007ed61fff49f4d1b7aebad20c75414b989c094dc13

Request headers

Referer: https://blog.group-ib.com/
Origin: https://blog.group-ib.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-amz-version-id: YIxd1r9bbep8fOQ2eVcA14xr13cIsU0G
via: 1.1 28b0f9ae51406f70504a784d296a3a48.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: FRA56-C2
age: 75308
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.305/bundles/project.js&cfRay=769f4a182fa3cd7b-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Mon, 14 Nov 2022 10:58:43 UTC
server: cloudflare
etag: W/"c8071b5377e7beff6584664cac64fe96"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-control: s-maxage=86400, max-age=0
cf-ray: 76a678a9bab1cd83-CDG
x-amz-cf-id: ozxdlR-JGSL2QPVzSINFRISbtOY4siU2Iih0jTJWp-jU62JPC6KFag==
x-hs-target-asset: collected-forms-embed-js/static-1.305/bundles/project.js

GET
H2 200 649324202964935 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 42ms
40ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649324202964935?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

413e1dee06d191e9844ed3542f4dd43bf79f7c3b61efe5cd84bc31a20dda728a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 15 Nov 2022 08:03:36 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86042
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ZD/MIHL9H/I4TEcciZGONRoB81eCzi7pDPqGD1SN0kGPy+pqSKq6fg45U6VmCF7LZrNxyeNzmTjETuSBhtksmA==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 368ms
327ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A36%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 118ms
50ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-25492706-2&cid=939418237.1668499416&jid=1784447406&_u=YGBAgEABAAAAAEAEK~&z=1143645489

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.fr/ads/ 42 B
501 B 109ms
40ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-25492706-2&cid=939418237.1668499416&jid=1784447406&_u=YGBAgEABAAAAAEAEK~&z=1143645489

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 293ms
292ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=ipv6&q=%7B%22address%22%3A%222001%3A41d0%3A8%3Ad154%3A%3A5%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 132ms
37ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&rl=&if=false&ts=1668499416685&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668499416684.1433724441&it=1668499416523&coo=false&rqm=GET

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 15 Nov 2022 08:03:36 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 json Show response
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/ 202 B
879 B 110ms
52ms XHR
application/json 2606:4700::6811:cacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=25755956

Requested by

Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e5858ac3b77c03c946d9f6d58fab9185a5f90d993941b7bf97f9ce25014ce74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 981ddf25-3e75-415b-990a-c3a4fac3a6c0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2BCF849ADDBA57C716431EB3850F8D5D3DFB764B99000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.group-ib.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7dv6nzeZFs0%2F%2FbrtpVvRhaTNC2FRotQcTjZD2sE5BEyFky9Laoj6JrblTOcuLKJ0mh6U39DBCf1qPIT56haHArs66bPF0rvvKeuWqK261SzmZEHGss8u6tiBD5BMwQbQMO2zJ9%2BwK1CiAePdmOQ2w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
cf-ray: 76a678aadc7acdab-CDG
access-control-allow-headers: *

GET
H2 200 Vector_1.svg
static.tildacdn.com/tild6464-3039-4230-b436-316464656631/ 2 KB
1 KB 26ms
25ms Image
image/svg+xml 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6464-3039-4230-b436-316464656631/Vector_1.svg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-container-storage-policy-name: Policy-0
x-id: m9-up-gc46, fr5-up-gc33
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
age: 0
x-cached-since: 2022-11-10T18:49:08+00:00
x-trans-id: 16bd0ef74ccb5673
tserver: 10
last-modified: Thu, 02 Dec 2021 21:58:15 GMT
server: nginx
etag: W/"3bd0da92e08d20c93a26e4498db2a163"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
cache: MISS, HIT
x-timestamp: 1638482294.74620
x-container-storage-policy-index: 0

GET
H2 200 1.png
thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/ 180 B
328 B 27ms
26ms Image
image/png 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.tildacdn.com/tild6163-6536-4637-b636-616533643962/-/format/webp/1.png
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 61cca59ebb452e7e0707d856d513e780a5d67eae947dba2786aadf76460333ce

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc33
date: Tue, 15 Nov 2022 08:03:36 GMT
last-modified: Tue, 18 Oct 2022 00:17:59 GMT
server: nginx
etag: "634df0b7-b4"
x-cached-since: 2022-11-10T15:15:51+00:00, 2022-11-14T18:56:48+00:00
content-type: image/png
access-control-allow-origin: *
cache: HIT, HIT
x-tilda-server: 1
accept-ranges: bytes
content-length: 180

GET
H2 200 Vector_1.svg
static.tildacdn.com/tild6135-3635-4134-b064-363630393233/ 2 KB
1 KB 40ms
39ms Image
image/svg+xml 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tildacdn.com/tild6135-3635-4134-b064-363630393233/Vector_1.svg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc52, fr5-up-gc29
date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
age: 0
x-cached-since: 2022-10-14T22:21:16+00:00, 2022-10-24T13:23:42+00:00
x-trans-id: 16bd0efcedc07eea
tserver: 10
last-modified: Thu, 02 Dec 2021 21:58:39 GMT
server: nginx
etag: W/"3bd0da92e08d20c93a26e4498db2a163"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
cache: HIT, HIT
x-timestamp: 1638482318.95914

GET
H2 200 ezgif-3-c0d73ecafa.jpg
thumb.tildacdn.com/tild6636-6535-4334-b833-323165613233/-/resize/80x/-/format/webp/ 2 KB
2 KB 109ms
108ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.tildacdn.com/tild6636-6535-4334-b833-323165613233/-/resize/80x/-/format/webp/ezgif-3-c0d73ecafa.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 1e8edf0241801a32d847349fcc01f50dc1ad534def29980962ace7404fd1c39a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc29
date: Tue, 15 Nov 2022 08:03:36 GMT
last-modified: Thu, 06 Oct 2022 17:56:58 GMT
server: nginx
etag: "633f16ea-688"
x-cached-since: 2022-11-15T07:19:43+00:00
content-type: image/jpeg
access-control-allow-origin: *
cache: HIT, MISS
x-tilda-server: 3
accept-ranges: bytes
content-length: 1672

GET
H2 200 Rustam_Mirkasymov.jpg
thumb.tildacdn.com/tild6666-3735-4730-a465-623737363331/-/resize/80x/-/format/webp/ 1 KB
1 KB 66ms
65ms Image
image/jpeg 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.tildacdn.com/tild6666-3735-4730-a465-623737363331/-/resize/80x/-/format/webp/Rustam_Mirkasymov.jpg
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e865a5b758cc721f53b8b4f5b432d3167330173158006ba47c6298c30a2d271a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9p-up-gc37, fr5-up-gc11
date: Tue, 15 Nov 2022 08:03:36 GMT
last-modified: Wed, 28 Sep 2022 10:25:09 GMT
server: nginx
etag: "63342105-502"
x-cached-since: 2022-11-14T19:09:23+00:00
content-type: image/jpeg
access-control-allow-origin: *
cache: HIT, MISS
x-tilda-server: 1
accept-ranges: bytes
content-length: 1282

GET
H2 200 json Show response
forms-eu1.hubspot.com/collected-forms/v1/config/ 116 B
1014 B 142ms
58ms XHR
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/collected-forms/v1/config/json?portalId=25755956&utk=

Requested by

Host: js-eu1.hscollectedforms.net
URL: https://js-eu1.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.group-ib.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4bef3281-b304-45e0-8f2f-42d17fe46bad
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.group-ib.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Fn5ByyCpRMfwqz6FjIE9Hilki1L0TnQ3dfnAQSRFHxmDSR6i1wWIPddcETJZxVumB0pU39hcfATUXqbgcbr1W0P7yPsOxhAzMhRvYd5jeIX3idLZMKJpF7SRY77a0eW02MYPhuqbw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 76a678ab4b6af160-CDG

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
67 KB 99ms
45ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Requested by

Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d5f9cf5aae4c6aec1569410b7c6414b735222370ca89b397d97aab67202cd1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68431
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Nov 2022 08:03:36 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
67 KB 107ms
54ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f055eff0683f3a22fcf7070d7aee0946a1fd6e470a97dd3ca707463c487d2f45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68470
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Nov 2022 08:03:36 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/ 2 KB
2 KB 100ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1668499416994&cv=11&fst=1668499416994&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1829280290.1668499417&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2d979581b95332128c600e32a8a72b6ef4494e89dc569d769465351c7605095

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 921
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10882981508/ 42 B
64 B 95ms
40ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10882981508/?random=1668499416994&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4018425772&rmt_tld=0&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.fr/pagead/1p-user-list/10882981508/ 42 B
64 B 88ms
37ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/pagead/1p-user-list/10882981508/?random=1668499416994&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4018425772&rmt_tld=1&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
438 B 140ms
59ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 43ca2fb0-5305-46fa-a232-ef890e7df021
x-trace: 2B6332A2D237960F4C2EFFC43166D897DE1F5519D6000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 76a678ae1b2899eb-CDG
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/ 2 KB
946 B 127ms
75ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1668499417208&cv=11&fst=1668499417208&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1829280290.1668499417&uaw=0&data=event%3Dform_start&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e69084dad96d4525151e602ab3f5e750c24307513560a5e2fac0a8eb81ffd840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 920
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/ 2 KB
945 B 89ms
43ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1668499417214&cv=11&fst=1668499417214&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1829280290.1668499417&uaw=0&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

393f0489b0fb818d1175f003917c6da7f9890bd7e4a25af660e7a0bd92d76f2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 919
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 1DF1 0
18 B 79ms
38ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://blog.group-ib.com
Referer: https://blog.group-ib.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://blog.group-ib.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 15 Nov 2022 08:03:37 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 /
www.google.com/pagead/1p-user-list/10882981508/ 42 B
64 B 40ms
39ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10882981508/?random=1668499417214&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1252182816&rmt_tld=0&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.fr/pagead/1p-user-list/10882981508/ 42 B
64 B 38ms
37ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/pagead/1p-user-list/10882981508/?random=1668499417214&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1252182816&rmt_tld=1&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10882981508/ 42 B
64 B 43ms
42ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10882981508/?random=1668499417208&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_start&fmt=3&is_vtc=1&random=1975502794&rmt_tld=0&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.fr/pagead/1p-user-list/10882981508/ 42 B
64 B 36ms
36ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/pagead/1p-user-list/10882981508/?random=1668499417208&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_start&fmt=3&is_vtc=1&random=1975502794&rmt_tld=1&ipr=y

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 302ms
302ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Requested by

Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 709834390277869 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 39ms
39ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/709834390277869?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

474210fce3a3b863a104978aa70a75d0e0ac16609556f9a1c44ce6e345084247

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 15 Nov 2022 08:03:37 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86058
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Dh8RhMlnabvqFl1AuIUoI7btuwfWMmsnGObCbVJlFxALAIJZhdtoqfnes0RNwn4+OejlDiiLEcMgYG1SkBGefQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
919 B 145ms
71ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1059085154&v=1.1&a=25755956&rcu=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pu=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&t=Roasting+0ktapus%3A+The+phishing+campaign+going+after+Okta+identity+credentials&cts=1668499417759&vi=38abae5a76d427185a40cc8ef880b867&nc=true&u=84897990.38abae5a76d427185a40cc8ef880b867.1668499417755.1668499417755.1668499417755.1&b=84897990.1.1668499417755&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 64e581e2-4350-47ef-8975-879fc1ae1875
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
last-modified: Tue, 15 Nov 2022 08:03:37 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViC%2BiYrkNPix4V5p69Cjc9N62g4kHnBNlj%2FlA6TVp27hVmt2nGh2gvryvQ%2Fousm7XPQTVNRWurg3H0CMwGvxcZkCdBZ45ze28ZaAaklMcgmJvki88nEZmIm73nxk%2FzizeeUXe2Wx5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 76a678b18d8ad4e5-CDG
x-robots-tag: none

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 39ms
38ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&rl=&if=false&ts=1668499417880&sw=1600&sh=1200&ud[external_id]=38abae5a76d427185a40cc8ef880b867&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668499416684.1433724441&it=1668499416523&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 15 Nov 2022 08:03:37 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 tilda-stat-1.0.min.js Show response
static.tildacdn.com/js/ 9 KB
3 KB 24ms
24ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tildacdn.com/js/tilda-stat-1.0.min.js
Requested by: Host: blog.group-ib.com
URL: https://blog.group-ib.com/0ktapus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 0565de9b4919bf1cbc345d8218425e4951d97c7e8c36263bee72e2d72038c73f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-id: m9-up-gc46, fr5-up-gc29
date: Tue, 15 Nov 2022 08:03:38 GMT
content-encoding: br
tserver: 13
last-modified: Wed, 07 Sep 2022 13:40:09 GMT
server: nginx
etag: W/"63189f39-2211"
vary: Accept-Encoding
x-cached-since: 2022-10-27T23:48:50+00:00, 2022-11-03T12:08:45+00:00
content-type: application/javascript; charset=utf-8
cache: HIT, HIT

GET
H2 200 counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
192 B 352ms
50ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: js-eu1.hscollectedforms.net
URL: https://js-eu1.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 21124a79-5bf0-4e99-9071-635fa5e65dd2
x-trace: 2BA1E9F577D5BA0FF7F1008CBE717480E0FCD05760000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 76a678b6fea599eb-CDG
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/ 2 KB
945 B 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1668499418405&cv=11&fst=1668499418405&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=1829280290.1668499417&uaw=0&data=event%3Dform_submit&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aa38ef339ef2d79bed17671cbefa25471c3c5818dd54f9d96194054e4d3bdb11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 921
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame A6E1 0
15 B 39ms
38ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://blog.group-ib.com
Referer: https://blog.group-ib.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://blog.group-ib.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 15 Nov 2022 08:03:38 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 267ms
266ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10882981508/ 42 B
64 B 41ms
37ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10882981508/?random=1668499418405&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_submit&fmt=3&is_vtc=1&random=2542271434&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.fr/pagead/1p-user-list/10882981508/ 42 B
64 B 40ms
36ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/pagead/1p-user-list/10882981508/?random=1668499418405&cv=11&fst=1668499200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&tiba=Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials&data=event%3Dform_submit&fmt=3&is_vtc=1&random=2542271434&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Nov 2022 08:03:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
stat.tildacdn.com/event/ 16 B
145 B 218ms
74ms XHR
application/json 193.3.17.197
TILDAPUBLISHING-RU-1

General

Check archive.org

Show headers Download Go to

Full URL: https://stat.tildacdn.com/event/
Requested by: Host: static.tildacdn.com
URL: https://static.tildacdn.com/js/tilda-stat-1.0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 193.3.17.197 , Russian Federation, ASN210753 (TILDAPUBLISHING-RU-1, RU),
Reverse DNS: 197-17.addr.tildacdn.net
Software: /
Resource Hash: fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce

Request headers

Referer: https://blog.group-ib.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: https://blog.group-ib.com
date: Tue, 15 Nov 2022 08:03:38 GMT
x-tilda-server: 10
content-type: application/json;charset=utf-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 265ms
264ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A38%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:39 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 264ms
264ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A39%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%224010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:40 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 273ms
272ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://blog.group-ib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 08:03:41 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=57775367-b293-4d3a-80b5-1ee28f01a7eb&session=499383c7-628b-4942-8434-55ed0331bbd3&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2015%20Nov%202022%2008%3A03%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226012%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20130%20organizations%20have%20been%20compromised%20in%20a%20sophisticated%20attack%20using%20simple%20phishing%20kits%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Roasting%200ktapus%3A%20The%20phishing%20campaign%20going%20after%20Okta%20identity%20credentials%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.group-ib.com%2F0ktapus&pageViewId=02209af7-1bd3-4d4f-8fff-181fe50ec10a&an_uid=0

Verdicts & Comments Add Verdict or Comment

219 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.group-ib.com/	1970-01-20 16:13:55	Name: __ddg1_ Value: xsaJTntzwK1Wkhy85roZ
.group-ib.com/	1970-01-20 17:04:19	Name: _ga Value: GA1.2.939418237.1668499416
.group-ib.com/	1970-01-20 07:29:45	Name: _gid Value: GA1.2.704869938.1668499416
.group-ib.com/	1970-01-20 07:28:19	Name: _dc_gtm_UA-25492706-2 Value: 1
blog.group-ib.com/	1970-01-20 07:38:24	Name: _an_uid Value: 0
blog.group-ib.com/	1970-01-20 17:04:19	Name: _gd_visitor Value: 57775367-b293-4d3a-80b5-1ee28f01a7eb
blog.group-ib.com/	1970-01-20 07:28:33	Name: _gd_session Value: 499383c7-628b-4942-8434-55ed0331bbd3
.blog.group-ib.com/	1970-01-20 07:29:45	Name: ln_or Value: d
.group-ib.com/	1970-01-20 09:37:55	Name: _fbp Value: fb.1.1668499416684.1433724441
.t.co/	1970-01-20 17:04:19	Name: muc_ads Value: 5342823b-7fa9-419d-adec-6524483a4747
.linkedin.com/	1970-01-20 08:11:31	Name: UserMatchHistory Value: AQKFmux6P-8z1QAAAYR6UKYmMeysVf70Rjj7pv8mMHgZBm04CLhoGYrGRAnOKvVZ-0g3O8Ub673bGw
.linkedin.com/	1970-01-20 08:11:31	Name: AnalyticsSyncHistory Value: AQKla1dpduNapAAAAYR6UKYmDOPmQcmjMUJeZitXYMDLRo-_qQU19ZuBWeNVndDK8vvxVeHJXN26MZ7cV3cKsg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:13:55	Name: bcookie Value: "v=2&276cc7f1-7cf9-4674-8670-3faadafcd88c"
.linkedin.com/	1970-01-20 07:29:45	Name: lidc Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2417:u=1:x=1:i=1668499416:t=1668585816:v=2:sig=AQG543ElfdIldW7fPoiEpRYPI_09oZMo"
.twitter.com/	1970-01-20 17:04:19	Name: personalization_id Value: "v1_pTCGM4DXLrP/BcV+ia3H3g=="
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=fr-fr
.www.linkedin.com/	1970-01-20 16:13:55	Name: bscookie Value: "v=1&202211150803362e0663f5-4ba4-4fe1-88c1-654c8e25ab0dAQGWlVkjJH-G9C2zv5gdjHIMLu2MbN75"
.linkedin.com/	1970-01-20 11:47:31	Name: li_gc Value: MTswOzE2Njg0OTk0MTY7MjswMjFx5LjhbhvI01CPHbGMPxxmuhZFT8IPE0uidsMeVOEyhw==
.6sc.co/	1970-01-20 17:04:19	Name: 6suuid Value: 9ef0100224d50000d847736381030000a0e91200
.group-ib.com/	1970-01-20 09:37:55	Name: _gcl_au Value: 1.1.1829280290.1668499417
.doubleclick.net/	1970-01-20 16:49:55	Name: IDE Value: AHWqTUmFT6LB1v5CzjGWqvnWsR3V6FpUfTppiWGF8q2e-bJAR_XAgmYuhmd-X3JS
.group-ib.com/	1970-01-20 11:47:31	Name: __hstc Value: 84897990.38abae5a76d427185a40cc8ef880b867.1668499417755.1668499417755.1668499417755.1
.group-ib.com/	1970-01-20 11:47:31	Name: hubspotutk Value: 38abae5a76d427185a40cc8ef880b867
.group-ib.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.group-ib.com/	1970-01-20 07:28:21	Name: __hssc Value: 84897990.1.1668499417755
.hubspot.com/	1970-01-20 07:28:21	Name: __cf_bm Value: IClJ_L_qCX7LH2yKHNVpw98b4aUQQdzAzlVb8_3xcec-1668499417-0-ATVPguiCxTdcF3yszEG7b/TQ3UvPFh6guVdesyIcmIhW1GDgRR3uen0hvDdiEh0fyfULlcc+DpkwJnflUcUCbuI=
blog.group-ib.com/	1970-01-20 09:37:55	Name: tildauid Value: 1668499418185.729124
blog.group-ib.com/	1970-01-20 07:28:21	Name: tildasid Value: 1668499418185.907668
blog.group-ib.com/	1970-01-20 07:28:21	Name: previousUrl Value: blog.group-ib.com%2F0ktapus

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api-eu1.hubapi.com
b.6sc.co
blog.group-ib.com
c.6sc.co
cdn.linkedin.oribi.io
connect.facebook.net
forms-eu1.hsforms.com
forms-eu1.hubspot.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hscollectedforms.net
neo.tildacdn.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.adnxs.com
snap.licdn.com
stat.tildacdn.com
static.ads-twitter.com
static.tildacdn.com
stats.g.doubleclick.net
t.co
thumb.tildacdn.com
track-eu1.hubspot.com
ws.tildacdn.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.fr
www.googletagmanager.com
www.linkedin.com
b.6sc.co
104.244.42.133
104.244.42.195
13.107.42.14
146.75.116.157
162.55.188.142
172.65.192.122
172.65.193.34
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.238.60
172.65.240.166
178.248.236.28
184.24.7.242
185.129.100.113
185.89.210.82
193.3.17.197
2606:4700::6811:cacc
2620:1ec:21::14
2a00:1450:4001:801::2008
2a00:1450:4001:806::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c1b::9a
2a02:26f0:3400:190::1c91
2a02:26f0:780::5f65:3671
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:90c0:41:2801::254
65.9.66.86
0037ace955e198e11485bec5320c8bbf620c5df5116299ff7616108bbe3d5570
0338467bccccc4115d78dfc16b3f852927dc9ce4cd819c575ddfb6b93c945a37
0565de9b4919bf1cbc345d8218425e4951d97c7e8c36263bee72e2d72038c73f
07cc9932ed0e2c7a958c6bf6e3a928847b9fe3f271832767ec89ee34e78f5227
07d5ddb6769c1e3f8b78f6db114478bc603c9edb512ac65716967a06bb7200c1
090a7068a2209545279f858c6f41ff7ae42815e11c3d69463a2a2ea835282bd9
0ae290d9efb32ea1987dcf2c27dc12fc103febff2f97a5bce5306ca1cee2de31
0d5f9cf5aae4c6aec1569410b7c6414b735222370ca89b397d97aab67202cd1b
19cc6e4b03f164ccb8d68121c3dfc374926bc9eaab12a4216306963bdefd76de
1e8edf0241801a32d847349fcc01f50dc1ad534def29980962ace7404fd1c39a
2a378b4ed3895941ec42567225d22febc913f525739d165731e7c0ec37c06115
2e5858ac3b77c03c946d9f6d58fab9185a5f90d993941b7bf97f9ce25014ce74
2e59794c9e506814df50c2fe349d9fc8d6418a5959ba5a5b18cbc4742ebba1de
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
35d188d189d057100cedb905fdda5cbc3786e207a2d1d6355214b1463bf4fe53
393f0489b0fb818d1175f003917c6da7f9890bd7e4a25af660e7a0bd92d76f2d
3b25c63a2c0c2b60c603a2569d0711c0c17a436d65a1dbaa626840142dbf0087
3c8478777e4714f32b67e7dff359ccd2ef2dc5ea0b3070573e408b70acb019e1
4029a41debba25fa43d168cbf57ae94350d3b55dfd03b23d199ac265ab7397d2
413e1dee06d191e9844ed3542f4dd43bf79f7c3b61efe5cd84bc31a20dda728a
433d9e9d1898c6d0694a38adba4d7c5ecc5bdbf1cd896bc58df51dcaedbe343b
43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf
45f97a1f00cd5aaa7a0e2ae8a3a47031764054e46fa624f71043b618b4c2398b
474210fce3a3b863a104978aa70a75d0e0ac16609556f9a1c44ce6e345084247
49ebff8ad9788f8ba82dd1ad34dd21dcd89348267823c444c9457c3682d5e814
4b95756cd4df87f5e818b007ed61fff49f4d1b7aebad20c75414b989c094dc13
521bd1fb3a256e1a6ce843a60daff90f021ed507019e1507524f435550cac474
533036bd37d4d87bd4e3cad3010f2a29d00f24ffc34bb5b22598951c44d91452
5883a8181a1a780109a2f1c3d93851bb6d82d87bd451fcfe1c1f2023b8f3c2c3
58d8e61c301ef9b75bb69fb7bd4b8615e4bce81168202b454540fc308a0d3c99
61cca59ebb452e7e0707d856d513e780a5d67eae947dba2786aadf76460333ce
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bc21fff3dcf843304f11b0573485efb56d1081c292792e79177203338584f95
751baf89cb4a39284c97a0cb6f03c1d420097d590a1a9ed34a537fb40ad2e20b
76ff7b9032801e8f6d14315a1c8a86165d80e0d318de34ef87748b004378d8ce
7856e0e7783ca9eecff9b1bbda287b6d75be114a052e7405049db2f952ab7e27
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b2d64312ddb22046a518d9afc005eebb1576887b631ddd8a62adda00cc4f3f4
8c6f549750ca5d76572bbff2b30da76ff221ff30742e3f841a9ab70ff1c85a28
8dfcbd7085c9bd097557529d6fa20b50aad20de04190e7bc22c6b2f20984d6a0
9549e9deeeab6d3a9f6ab1347e1b859fd5791cec82ff1a4175757c28b3df78e7
9d005c1939236926ac6f06522f0a1e32eeffda988f6272efb8b7a698be2dfb9d
a69d487f4aad79ff054dea601829dad1e1afc33ed83e6a24dc07c6d16552c16f
a75252f44345abab620ab96d0d7339fcd3ce8aabd3caff7641ffb1da28233035
aa38ef339ef2d79bed17671cbefa25471c3c5818dd54f9d96194054e4d3bdb11
aaa53b7966f71ea94c27d3ec4f5598a616723c1576bbc707698f8fc2db4b54b4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3
b303e78523856ff04c85507a78179f03507146941a551beff8b0d141e6310613
b3ad208ee535c1e50d0f0d334fe9f461995d480a910aea73897b67381ca6d36d
b41fcf98b7650ce5971b01efefd38a9ae4b42d83b3c551a8362e0ec7620aa7be
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
bcf9ed5860415795e784f2bc1307deb63fa7514d44137418675a9db67d012ffc
c10e693f8494d3dc0c52402ea400b0046e9086384974b43ed20950a4f5491fe4
c6055f7e5a6117d65af0fa848642bc49f5de8d207e84ba85edcbf14af6872275
c73b004ebf31b395cf237c3d2b13c1e576f385e04660ceb5f7be163ff3c201dc
cdf65e26b905a653bce60df182886b032b606940391badb1e3a655f434ca446c
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d4ae9a515e5200b13d9cf4da3a0a8768bbaffaf610a6854b6a1209d521b8e79e
d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b
d88ec1e3719ec8c732b485e55fd899e26b69de3c68b524398fbf501b751ad3d0
da5d13a7f6b3621ae9cf0690e3f3bb3cf4382b411ac66036637a237a8f63538f
db28ab3878434a2fde445b2e8d0cdf8cc8da3362cd4eb9c447da93f4e823cee4
dbf16ba3297cda836f144d15a3db25f70e28902f850dcf04aea5396f21b17128
dc0b82d13fbd68066a65e7241087c2b93e0c6f75bfd300f79d955ec31366ed8c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de435dc7afb9707f1d4f4f14735c1483f6608634e46185cf984611e40b4d855b
df6137b7ef8a387e6691aa897daf74059c8778ec97a65584036e674eca507df1
e29ec5a0f4522dd0cf1f3f0c23cf251e54cba5064e44cc9f9603c3e318d6b3ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61ad1d7815af24fe8fa9d94b02e25517c314ea3030d615d96dbd2e2f7283b3a
e69084dad96d4525151e602ab3f5e750c24307513560a5e2fac0a8eb81ffd840
e865a5b758cc721f53b8b4f5b432d3167330173158006ba47c6298c30a2d271a
ecbda16a65354685d3d805d4433b5b67fc15961ce0c2428a96c1c47eb9b44493
ee4b3f2a143164a68fb93bbf5e78a0fd0da18f71cd3990ce038a635e23c84c6f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f055eff0683f3a22fcf7070d7aee0946a1fd6e470a97dd3ca707463c487d2f45
f2d979581b95332128c600e32a8a72b6ef4494e89dc569d769465351c7605095
f5c301b8769579afae9deb4eda7659df32661229039c6b7a37cfabd1827317ce
fb1bf528d8237aac3e9ead389ab246ba0068f61fe281610110937ef2b8adefce
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

blog.group-ib.com Open in urlscan Pro 185.129.100.113 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

108 Requests

98 %HTTPS

41 %IPv6

25 Domains

36 Subdomains

32 IPs

4 Countries

906 kBTransfer

2388 kBSize

30 Cookies

39 Outgoing links

Redirected requests

108 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.group-ib.com Open in urlscan Pro
185.129.100.113 Public Scan

Screenshot
Live screenshot

Full Image

108
Requests

98 %
HTTPS

41 %
IPv6

25
Domains

36
Subdomains

32
IPs

4
Countries

906 kB
Transfer

2388 kB
Size

30
Cookies

108 HTTP transactions
3 data transactions