www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.group-ib.com/blog/dragonforce-ransomware/
Submission: On September 28 via api (September 28th 2024, 9:50:08 am UTC) from IN — Scanned from DE

Summary HTTP 216 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 25 domains to perform 216 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 1st 2024. Valid for: a year.

This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
108	3.72.181.255 3.72.181.255	16509 (AMAZON-02) (AMAZON-02)
2	136.243.23.169 136.243.23.169	24940 (HETZNER-AS) (HETZNER-AS)
13	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.255.172 172.65.255.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	172.65.236.181 172.65.236.181	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.219.229 172.65.219.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a06:98c1:320... 2a06:98c1:3200::90:2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.198.159 172.65.198.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
3	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.245.46.48 18.245.46.48	16509 (AMAZON-02) (AMAZON-02)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
9	2606:4700::68... 2606:4700::6812:1fb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e70	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	34.203.99.62 34.203.99.62	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
16	172.65.193.34 172.65.193.34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
216	35

108 3.72.181.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

www.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 136.243.23.169 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.169.23.243.136.clients.your-server.de

fhp-de-js.group-ib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-au.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.236.181 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3200::90:2 (United States)

ASN13335 (CLOUDFLARENET, US)

api-eu1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.198.159 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-48.fra56.r.cloudfront.net

cdn.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:1fb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.203.99.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-99-62.compute-1.amazonaws.com

api.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.65.193.34 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
110	group-ib.com www.group-ib.com fhp-de-js.group-ib.com — Cisco Umbrella Rank: 832442	2 MB
28	hubspot.com js-eu1.hubspot.com — Cisco Umbrella Rank: 25306 cta-eu1.hubspot.com — Cisco Umbrella Rank: 25299 track-eu1.hubspot.com — Cisco Umbrella Rank: 17938 forms-eu1.hubspot.com — Cisco Umbrella Rank: 66419	41 KB
13	onetrust.com cdn-au.onetrust.com — Cisco Umbrella Rank: 18157 geolocation.onetrust.com — Cisco Umbrella Rank: 550	166 KB
9	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 9712	4 KB
8	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 31701 perf-eu1.hsforms.com — Cisco Umbrella Rank: 25925	73 KB
7	6sc.co j.6sc.co — Cisco Umbrella Rank: 6722 c.6sc.co — Cisco Umbrella Rank: 8242 ipv6.6sc.co — Cisco Umbrella Rank: 6895 b.6sc.co — Cisco Umbrella Rank: 4275	20 KB
6	neverbounce.com cdn.neverbounce.com — Cisco Umbrella Rank: 74897 api.neverbounce.com — Cisco Umbrella Rank: 144944	30 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	492 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 112	4 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 196	77 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 378	15 KB
3	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 358 px4.ads.linkedin.com — Cisco Umbrella Rank: 6989	1 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2277 alb.reddit.com — Cisco Umbrella Rank: 1488	761 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1249	13 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3476	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 9833	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 152	555 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4111
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5210	2 KB
1	hubapi.com api-eu1.hubapi.com — Cisco Umbrella Rank: 26969	845 B
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 17741	25 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 17466	26 KB
1	hsadspixel.net js-eu1.hsadspixel.net — Cisco Umbrella Rank: 25198	4 KB
1	hs-scripts.com js-eu1.hs-scripts.com — Cisco Umbrella Rank: 16852	849 B
1	hsforms.net js-eu1.hsforms.net — Cisco Umbrella Rank: 64179	157 KB
216	25

	Domain	Requested by
108	www.group-ib.com	fhp-de-js.group-ib.com www.group-ib.com
16	forms-eu1.hubspot.com	fhp-de-js.group-ib.com
12	cdn-au.onetrust.com	www.group-ib.com fhp-de-js.group-ib.com cdn-au.onetrust.com
10	track-eu1.hubspot.com
9	tracking.g2crowd.com	www.group-ib.com fhp-de-js.group-ib.com
7	forms-eu1.hsforms.com	fhp-de-js.group-ib.com www.group-ib.com
6	www.googletagmanager.com	www.group-ib.com www.googletagmanager.com js-eu1.hsadspixel.net
5	api.neverbounce.com	cdn.neverbounce.com
4	www.facebook.com	www.group-ib.com
4	b.6sc.co	www.group-ib.com
3	connect.facebook.net	www.group-ib.com connect.facebook.net
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.group-ib.com
2	www.redditstatic.com	www.googletagmanager.com fhp-de-js.group-ib.com
2	px.ads.linkedin.com	1 redirects www.group-ib.com
2	dev.visualwebsiteoptimizer.com	fhp-de-js.group-ib.com www.group-ib.com
2	fhp-de-js.group-ib.com	www.group-ib.com
1	www.google.de	www.group-ib.com
1	stats.g.doubleclick.net	fhp-de-js.group-ib.com
1	region1.analytics.google.com	fhp-de-js.group-ib.com
1	ipv6.6sc.co	fhp-de-js.group-ib.com
1	c.6sc.co	fhp-de-js.group-ib.com
1	alb.reddit.com	www.group-ib.com
1	pixel-config.reddit.com	fhp-de-js.group-ib.com
1	perf-eu1.hsforms.com	www.group-ib.com
1	px4.ads.linkedin.com	www.group-ib.com
1	ws.zoominfo.com	www.group-ib.com
1	cdn.neverbounce.com	www.googletagmanager.com
1	j.6sc.co	www.group-ib.com
1	cta-eu1.hubspot.com	fhp-de-js.group-ib.com
1	api-eu1.hubapi.com	fhp-de-js.group-ib.com
1	js-eu1.hs-analytics.net	js-eu1.hs-scripts.com
1	js-eu1.hs-banner.com	js-eu1.hs-scripts.com
1	js-eu1.hsadspixel.net	js-eu1.hs-scripts.com
1	js-eu1.hubspot.com	js-eu1.hs-scripts.com
1	geolocation.onetrust.com	fhp-de-js.group-ib.com
1	js-eu1.hs-scripts.com	www.group-ib.com
1	js-eu1.hsforms.net	www.group-ib.com
216	37

This site contains links to these domains. Also see Links.

Domain
trebuchet.gibthf.com
github.com
sso.group-ib.com
twitter.com
www.facebook.com
t.me
www.linkedin.com
api.whatsapp.com
learn.microsoft.com
www.txone.com
docs.google.com
instagram.com
group-ib.medium.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.group-ib.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-01` - `2025-07-04`	a year	crt.sh
onetrust.com WE1	`2024-09-25` - `2024-12-25`	3 months	crt.sh
hsforms.net WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
hubspot.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
neverbounce.com Amazon RSA 2048 M03	`2024-01-29` - `2025-02-25`	a year	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-07` - `2024-10-05`	3 months	crt.sh
g2crowd.com WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google.de WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.group-ib.com/blog/dragonforce-ransomware/
Frame ID: 8BDEAFB02CA72D427DFA1CF15EF1B6B7
Requests: 213 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DragonForce Ransomware Group | Group-IB Blog

Page URL History Show full URLs

https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL
https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

216
Requests

99 %
HTTPS

32 %
IPv6

25
Domains

37
Subdomains

35
IPs

4
Countries

3442 kB
Transfer

7227 kB
Size

38
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://trebuchet.gibthf.com/?tab=network&__hstc=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&__hssc=84897990.1.1727517006688&__hsfp=90950173
Title: Network Protection Assessment

Search URL Search Domain Scan URL

URL: https://github.com/Group-IB/cloud_sherlock
Title: Cloud Recon Tool

Search URL Search Domain Scan URL

URL: https://sso.group-ib.com/
Title: Sign in

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group&url=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.group-ib.com/blog/dragonforce-ransomware/&quote=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group

Search URL Search Domain Scan URL

URL: https://t.me/share/url?url=https://www.group-ib.com/blog/dragonforce-ransomware/&text=Inside%20the%20Dragon:%20DragonForce%20Ransomware%20Group

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.group-ib.com/blog/dragonforce-ransomware/

Search URL Search Domain Scan URL

URL: https://github.com/gharty03/Conti-Ransomware/
Title: leaked

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
Title: Microsoft recommended driver block rules

Search URL Search Domain Scan URL

URL: https://www.txone.com/blog/malware-analysis-lockbit-3-0/
Title: other generic LockBit 3.0 variants

Search URL Search Domain Scan URL

URL: https://docs.google.com/document/d/1hAG_GpLjSmf4Sk2RKhjAtcDSBe_UFXSzcJsCIG7Ll0c/edit#heading=h.gbgnpqlngvdm
Title: provided in the builder

Search URL Search Domain Scan URL

URL: https://twitter.com/GroupIB

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/1382013/

Search URL Search Domain Scan URL

URL: https://instagram.com/groupibhq/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groupibHQ

Search URL Search Domain Scan URL

URL: https://t.me/Group_IB

Search URL Search Domain Scan URL

URL: https://group-ib.medium.com/

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL
https://www.group-ib.com/blog/dragonforce-ransomware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 151

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQLrZcsbi8VqsQAAAZI4CZmWvOnCvvN-_ts_BLFIDCtF46D9bUWtrcG2b1z1Ocxtn-9okr8u

216 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 403 / Show response
www.group-ib.com/blog/dragonforce-ransomware/ 7 KB
7 KB 37ms
8ms Document
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 2db6d299a35f40008418236bfb5cc780d09f701b49a6c09a1fe9a747d26a2bed

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-type: text/html
date: Sat, 28 Sep 2024 09:50:03 GMT

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 51ms
25ms Script
text/javascript 136.243.23.169
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.23.169 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.169.23.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
x-envoy-upstream-service-time: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Date: Sat, 28 Sep 2024 09:50:03 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Server: nginx
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
DATA 200
OK truncated
/ 486 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3486679ae8d23d1e20c0e82651c82f555901ddc7972cd91fc3d7db3a36d32277

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5dfc77fb27b603a2c7dc05f4f4e822ff2275b5c71c5d273c5512316b1750dde3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 205 B
661 B 19ms
19ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2ed79f3d0a6ebbce64fa216d0fe866e361645f06c1ba05bd23ecae160813caad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
x-cfids: -
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-cache
content-encoding: gzip
etag: W/"MEUFzFrxyZi3lDaaX2Ky5anzj2F3nFu5/WQ4ttBh+qd22qg9WN+dI2+0rKPAGHl7hwhdBBW/XuC3ZvBAq3sYsf5Z3pBJ3lXUwU5Xt4sFtUxfO5fAB4UQwhldVwl9zFWgPUxTT+i3pYN1rgkaPC6eGTMg"
x-envoy-upstream-service-time: 1
date: Sat, 28 Sep 2024 09:50:03 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 favicon.ico
www.group-ib.com/ 7 KB
3 KB 100ms
100ms Other
image/vnd.microsoft.icon 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:04 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 29 Jun 2022 11:31:28 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2882
x-xss-protection: 1; mode=block
server: nginx

POST
H2 200 fl Show response
www.group-ib.com/api/ 685 B
1 KB 167ms
159ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=MEUFzFrxyZi3lDaaX2Ky5anzj2F3nFu5%2FWQ4ttBh%2Bqd22qg9WN%2BdI2%2B0rKPAGHl7hwhdBBW%2FXuC3ZvBAq3sYsf5Z3pBJ3lXUwU5Xt4sFtUxfO5fAB4UQwhldVwl9zFWgPUxTT%2Bi3pYN1rgkaPC6eGTMg
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 608bad5c93568f7782894703e8b9bdb98941daaaa948509d9d27fe1f564ad55a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 135
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 Primary Request / Show response
www.group-ib.com/blog/dragonforce-ransomware/ 184 KB
41 KB 201ms
200ms Document
text/html 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/blog/dragonforce-ransomware/

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

70a7cc36e6a8eeabba3829e89ac43f47b20776342bb7b6b0ba68bd154576362b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.group-ib.com
cache-control: max-age=0 private, max-age=3600
content-encoding: gzip
content-length: 42162
content-security-policy: frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Sat, 28 Sep 2024 09:50:05 GMT
expires: Sat, 28 Sep 2024 09:50:05 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: X-Forwarded-Proto,Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

POST
H2 200 fl
www.group-ib.com/api/ 685 B
1 KB 113ms
110ms Ping
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=KtAq97jlAjw%2B%2Bu3WgWhREIpRWozKCLJXOneFqVns36oOLwp3YXql6k4E8%2FkgZNx%2F2iwnsHaJ9iFsoc2%2FZMuK6uWykdA7AsL9F29YBNvirl%2BvxPih9AUe2bJBMNJ2%2BqCab2UBFHJv1gR5emaJ1a%2FRMrO0nJQVlPCj%2F4QI
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 93
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H/1.1 200
OK bt-autoinject.js Show response
fhp-de-js.group-ib.com/d/ 343 KB
135 KB 26ms
24ms Script
text/javascript 136.243.23.169
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.23.169 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.169.23.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
x-envoy-upstream-service-time: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Date: Sat, 28 Sep 2024 09:50:05 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Server: nginx
Access-Control-Allow-Headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H2 200 swiper-bundle.min.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 140 KB
39 KB 61ms
58ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 05 Sep 2022 07:41:14 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 39504
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 otSDKStub.js Show response
cdn-au.onetrust.com/scripttemplates/ 21 KB
7 KB 52ms
32ms Script
application/javascript 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/otSDKStub.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4D4FE7DA0
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 30458
expires: Sun, 29 Sep 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:11:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: a7c7c223-f01e-002e-2316-0928a3000000
cf-ray: 8ca2d3c3c83318af-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6881
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 dashicons.min.css
www.group-ib.com/wp-includes/css/ 58 KB
35 KB 59ms
56ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-includes/css/dashicons.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 10 Jun 2022 07:03:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 35730
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 frontend.min.css
www.group-ib.com/wp-content/plugins/post-views-counter/css/ 1 KB
505 B 63ms
61ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 26 Jun 2024 10:01:02 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 440
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 front-css.css
www.group-ib.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 67ms
65ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/dist/css/front-css.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6207
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 new-flags.css
www.group-ib.com/wp-content/plugins/weglot/app/styles/ 86 KB
5 KB 56ms
54ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/app/styles/new-flags.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4425
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 frontend.min.js Show response
www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/ 4 KB
2 KB 67ms
65ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/frontend.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ab89ce5085f7176183ab9b4787cd956f1fb7c27ef7fd9038fa331bb04bb66a41

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Jul 2024 05:27:13 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1748
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 front-js.js Show response
www.group-ib.com/wp-content/plugins/weglot/dist/ 5 KB
2 KB 66ms
64ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/plugins/weglot/dist/front-js.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 18 Sep 2024 08:45:36 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1762
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 jquery.min.js Show response
www.group-ib.com/wp-includes/js/jquery/ 86 KB
30 KB 72ms
70ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 16 Sep 2024 11:16:14 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 30368
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 single-blog-post.css
www.group-ib.com/wp-content/themes/gib-theme/assets/css/ 285 KB
40 KB 66ms
64ms Stylesheet
text/css 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6a2b455a20536682c2edca15dc93e6c90fea86dd43afc281eccace6b352335a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 16 Sep 2024 10:15:17 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=31536000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 40830
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 v2.js Show response
js-eu1.hsforms.net/forms/ 483 KB
157 KB 84ms
46ms Script
application/javascript 172.65.255.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsforms.net/forms/v2.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-request-id: 32c955b4-271f-439f-a4ae-c5064246cfa9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6baa082bb753a0d6d6e8a595ed1a8003"
x-amz-version-id: AFaf8mWb39Qooe1K5qzICbDOfESNQB7s
age: 244
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYib5skPIrYyW0aE4v5KLKDRrNxK7vo9MLAXJmHXqCOsb8xmp6a1cY4idSXQGOKYVjy117ekav27rKWgbNCF%2FlWDvqUsU1t215kTorG5%2F3hjBA6L1BsjoWFwEKmPopUow%2Fdeng%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: EUr17jFpa0DKb1sEbvO1cOnhfavvgAuEPnSiz98vvBlaU-M2QUEfaQ==
x-hubspot-correlation-id: 32c955b4-271f-439f-a4ae-c5064246cfa9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 03 Sep 2024 14:36:36 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-4lhcx
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.5999/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Sat, 28 Sep 2024 09:50:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8c8759376c18d36c-FRA
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
cf-ray: 8ca2d3c3ee38a01c-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: FRA56-P2

GET
H2 200 main-logo.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 3 KB
2 KB 289ms
272ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 10:01:09 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1527
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 ti.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 62ms
60ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5942
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 asm.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 52ms
50ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5964
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 fp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 8 KB
8 KB 27ms
25ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7840
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 drp.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 5 KB
5 KB 27ms
27ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5421
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 mxdr.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 27ms
26ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6529
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 bep.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 6 KB
6 KB 196ms
179ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6275
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 search-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 982 B
474 B 191ms
175ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/search-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Thu, 14 Mar 2024 09:08:51 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 410
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 close-24.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 225 B
242 B 192ms
176ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/close-24.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

09db0fe5456fc4d29ab545243f6d9904eee2adc91cc78c426d8c756644bbf5d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Wed, 20 Mar 2024 13:15:58 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 177
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 twitter-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
596 B 196ms
180ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 554
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 facebook-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 627 B
418 B 193ms
176ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 376
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 telegram-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 1 KB
852 B 192ms
176ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 787
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 linkedin-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 919 B
512 B 292ms
276ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 470
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 whatsapp-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 2 KB
1 KB 313ms
297ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 07:39:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1046
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 share-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 1 KB
564 B 288ms
272ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/share-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 500
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 wb_sunny-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 724 B
427 B 288ms
272ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/wb_sunny-black.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:16:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 385
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 moon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 627 B
426 B 195ms
179ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/moon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Nov 2022 12:37:03 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 361
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 kichatov-min.png.webp
www.group-ib.com/wp-content/uploads/ 7 KB
7 KB 291ms
275ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/kichatov-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Fri, 21 Jun 2024 09:47:00 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7483
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 sharmine.png.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 201ms
185ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/sharmine.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Thu, 16 May 2024 00:15:04 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 GIB-round-white.png
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 3 KB
3 KB 195ms
180ms Image
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/GIB-round-white.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3b63b449bde0f2c40eb23801ac24bd82666bd3a766c77b953ff75e6f3e257460

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/png
last-modified: Thu, 08 Dec 2022 15:23:27 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2889
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce_blog_banner_v3-without-title-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 36 KB
36 KB 195ms
181ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce_blog_banner_v3-without-title-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c54b46a6d8501defea137078e46cd33f6909f82f13ea7d6a932e82c92692a293

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:45 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 36415
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce_threat_actor_profile_v3-min.png.webp
www.group-ib.com/wp-content/uploads/ 115 KB
114 KB 200ms
185ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce_threat_actor_profile_v3-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4d69b5aed9d96213ce06eabd9950773f25ae231f1b2d4342dd4be518ac1092f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:28:56 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-map-min.png.webp
www.group-ib.com/wp-content/uploads/ 75 KB
74 KB 152ms
137ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-map-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1c42cc3e161604efbbc20532ddccb1cec17e851d976aed4cdb5e34ccc231743f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:43 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-graphics-min.png.webp
www.group-ib.com/wp-content/uploads/ 50 KB
50 KB 293ms
279ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-graphics-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e78b1bd1973a13096c199cc127f58ee4d668fa4941fab67f13192f09e5e0c4ed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:41 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 51000
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-1-min.png.webp
www.group-ib.com/wp-content/uploads/ 109 KB
108 KB 290ms
276ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-1-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

50f4aaaa34cd420a1c2adafc2635638f788d452117fdd30fdde1890a1a3aca5d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:28:58 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-2-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
32 KB 198ms
184ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-2-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d505ecf731cb1f1b2d550f08b41a13df96a12cf07fe66f49768999f411feb658

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:00 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 32756
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-3-min.png.webp
www.group-ib.com/wp-content/uploads/ 91 KB
91 KB 304ms
290ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-3-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9668d6d9155b3caac05d4cc54c31b6e9ca0c762859172bfe0725460a6f01ca36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:01 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-4-min.png.webp
www.group-ib.com/wp-content/uploads/ 12 KB
11 KB 192ms
179ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-4-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c68c7de30de112566d9a2ad9c9ce06fe8d2f93a248cdad15cd11c3e645b82e75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:02 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 10933
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-5-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 289ms
276ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-5-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:03 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-6-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 293ms
280ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-6-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:04 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25967
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-7-min.png.webp
www.group-ib.com/wp-content/uploads/ 26 KB
25 KB 291ms
278ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-7-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d08917ee9a7352d19e36c6302d54b0f0f0ed9964922b5ce70ed515d7bd063f3d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:06 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25727
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-8-min.png.webp
www.group-ib.com/wp-content/uploads/ 50 KB
50 KB 293ms
281ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-8-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

eb5af5d1c611fbdd45ea3dc270086670dac3313626762f825b7aa474802c1db1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:07 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 50879
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-9-min.png.webp
www.group-ib.com/wp-content/uploads/ 17 KB
16 KB 297ms
285ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-9-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e50b9bcce7b923f8719844c7f2278c24a7e0ec00d3ebaae363406d399da39565

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:08 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 16569
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-10-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
32 KB 309ms
296ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-10-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

42f8ae7816a449a44dd99e7865a42fe4463f764f799a3e61359df235c1782d65

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:09 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 33128
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-11-min.png.webp
www.group-ib.com/wp-content/uploads/ 32 KB
32 KB 299ms
287ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-11-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9808516d4a0f431afaf27866437518e89a721feef756cc0b17177c41198a6983

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:11 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 32540
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-12-min.png.webp
www.group-ib.com/wp-content/uploads/ 30 KB
30 KB 301ms
289ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-12-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2943fd9aa8881ee3a8613d2c208283a69b2999766e9de63d3f003671bb8511a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:12 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 30304
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-13-min.png.webp
www.group-ib.com/wp-content/uploads/ 22 KB
22 KB 198ms
186ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-13-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d06188c468fc5214bdbb7d4fcb4652f41c4af966096d2ebd6c46559967654fb0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:13 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 21952
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-14-min.png.webp
www.group-ib.com/wp-content/uploads/ 22 KB
22 KB 305ms
294ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-14-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7d98c4ca6b4e1892a8ffd1a607c3572a40bba081085aa0d91c7bf2f897cfb94b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:14 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 22390
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-15-min.png.webp
www.group-ib.com/wp-content/uploads/ 19 KB
18 KB 307ms
296ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-15-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a8a40caba915702cafb7883ed43843037d764bbb3de17d33ce4f857eefa83aed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:15 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 18444
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-16-min.png.webp
www.group-ib.com/wp-content/uploads/ 29 KB
28 KB 296ms
284ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-16-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

936e5030c302893c0f74af6f60c91d63b067c21c1a4b7d34619a1174cb5aa82f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:17 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 28667
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-17-min.png.webp
www.group-ib.com/wp-content/uploads/ 21 KB
21 KB 302ms
291ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-17-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4c1d8a42eb027a778323b8948b43bf5c0a601c657bebe638de1c7c464512cbc3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:18 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 20926
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-18-min.png.webp
www.group-ib.com/wp-content/uploads/ 95 KB
95 KB 204ms
193ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-18-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b70b5a246856b4e8244f70c1fa5d264100b7f7e94d3b2253e0b5a6169f26c083

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:20 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-19-min.png.webp
www.group-ib.com/wp-content/uploads/ 23 KB
22 KB 195ms
185ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-19-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

16ef9d7fffa0550d6b807e6b82b5ae76163c4e987cc9366819c46a12e0878b89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:22 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 22901
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-20-min.png.webp
www.group-ib.com/wp-content/uploads/ 42 KB
42 KB 201ms
190ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-20-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fbfbd51bada8d11a20dfa3b6318b6d2ddb904ef69bfebb79e38b7a767b371f42

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:23 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 43076
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-21-min.png.webp
www.group-ib.com/wp-content/uploads/ 45 KB
45 KB 155ms
145ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-21-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

70176ace76e79121f930335748d60f4961bb7ff798138ed18641289cce7bea82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:24 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 45465
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-22-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
13 KB 144ms
134ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-22-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2c40cb4807931447e5eb747f8a377d6cbb1411eb77fe8270f27b70f231979afc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:25 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13624
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-23-min.png.webp
www.group-ib.com/wp-content/uploads/ 10 KB
11 KB 307ms
297ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-23-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

eb7bf6bbacaae386ac920d2969be3d206bc0db02221ea3aaa39cd2f4b0f98f9b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 10742
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-24-min.png.webp
www.group-ib.com/wp-content/uploads/ 90 KB
90 KB 150ms
140ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-24-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

079dc50032bcdf9591a24e84a20fb2a153ddfeac7d03319bdc51a773b4f6bdbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:27 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-25-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
24 KB 148ms
138ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-25-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

41af6ca7def064fa2ce4a86622e9fb7579f898469a4391d1960ffc6123b97a2c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:28 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 24550
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-26-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
13 KB 123ms
113ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-26-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f7db205ec53d93b89166d00a5d9c7b0eff354e2cfcaba0fd462a69c4b8ced4a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:29 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13537
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-27-min.png.webp
www.group-ib.com/wp-content/uploads/ 37 KB
37 KB 178ms
168ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-27-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1c612435907b5a4f2ba43308921684f36ba0d3ec2eebea40710b8f7550077599

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:30 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 37436
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-28-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
26 KB 207ms
198ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-28-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

276c9585f4fbfa24a7e59ae054280eab5da26f01118130ad16237a877903ffed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:31 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 26065
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-29-min.png.webp
www.group-ib.com/wp-content/uploads/ 25 KB
25 KB 150ms
141ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-29-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

27c04cd78f087a504697af9601c1163b685f6c567e75dace0c2908635e8a7038

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:31 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 25561
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-30-min.png.webp
www.group-ib.com/wp-content/uploads/ 14 KB
14 KB 169ms
160ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-30-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7c380423028a4b3142bdbd89f4c0e6d494a06f6769e05e08650a18ee1a4f27a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:32 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 14163
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-31-min.png.webp
www.group-ib.com/wp-content/uploads/ 83 KB
83 KB 160ms
151ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-31-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5782ae81826e28a0a467926074e8c75837f1b84436bef5520da5550e299a0f22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:33 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-32-min.png.webp
www.group-ib.com/wp-content/uploads/ 11 KB
11 KB 144ms
136ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-32-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9895985e4fb0de1e39dca698498039d1c947f9930e602a97f1ce158635fc09a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:34 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 11408
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-33-min.png.webp
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 104ms
96ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-33-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dea3a1ac67802edfef8af9575158682efa15eae5f544adca975b39ed1d3ddf98

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:34 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 1761
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-34-min.png.webp
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 51ms
43ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-34-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

04452c63f7ce00819a3e4bf65d13817040260b07ed35704e4a55b6cb631cba75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:35 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2027
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-35-min.png.webp
www.group-ib.com/wp-content/uploads/ 4 KB
4 KB 123ms
115ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-35-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c3ab0cc61266897fa76332f097a74f52e2c3f9466804dfe2db65721433316118

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:35 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4425
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-36-min.png.webp
www.group-ib.com/wp-content/uploads/ 8 KB
8 KB 51ms
43ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-36-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f5546ee46a0b362477196972ee397b7c8d752ab9e0636d49c356fbc756e6dba5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:36 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7921
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-37-min.png.webp
www.group-ib.com/wp-content/uploads/ 41 KB
41 KB 126ms
118ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-37-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

99c55d3786782a49155bcf562182de9cb77a6c8197d824774f6c08fffa86f6cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:37 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 41441
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-38-min.png.webp
www.group-ib.com/wp-content/uploads/ 13 KB
13 KB 124ms
116ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-38-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

af5bddb24166ffcd3da8e70f00190acf77ae492bc17ae4ae8c057443184806c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:37 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 13724
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-39-min.png.webp
www.group-ib.com/wp-content/uploads/ 33 KB
33 KB 152ms
144ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-39-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

bf76f17a774da58d4f67bf49cbf77f1bce6aee5d1631124bf532b5662c8cb335

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:38 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 33467
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 dragonforce-ransomware-40-min.png.webp
www.group-ib.com/wp-content/uploads/ 12 KB
12 KB 145ms
138ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/dragonforce-ransomware-40-min.png.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

30c5354141381a351f9d81e5d831e6277c2827a28b0e1b958c9694eb5d704238

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 24 Sep 2024 13:29:39 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 12078
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 teamtnt-blog-banner-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 9 KB
9 KB 104ms
97ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/teamtnt-blog-banner-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

9e42c23990614da64388cadca9ef91eba5206043593c40912f18ee55b3af35d4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Tue, 17 Sep 2024 22:08:46 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 8793
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 concealed-networks-1-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 142ms
135ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/concealed-networks-1-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

987f4042b286e1268acc17f999801c4be1e375d878697059bb4444cdbc0559a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Thu, 12 Sep 2024 13:31:39 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5175
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 ajina-blog-cover-small-min.jpg.webp
www.group-ib.com/wp-content/uploads/ 5 KB
5 KB 106ms
99ms Image
image/webp 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/uploads/ajina-blog-cover-small-min.jpg.webp

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a8f7546b7ca2530ad7a185aa8ffc9a838fbad735afe69acdfcbc4b18d5f18dc3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:04 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/webp
last-modified: Wed, 21 Aug 2024 06:29:55 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 4735
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Arrow_Forward_Up.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 425 B
408 B 100ms
93ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Arrow_Forward_Up.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cdfabceb7ae1940f42d871a2ee6a2f092de52f73db37b1bc5b01a87379106401

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Sun, 21 Aug 2022 10:10:53 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 266
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 twitter-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 1 KB
566 B 120ms
113ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/twitter-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a0da28e8bd00bbe274035dfe6c59a30984ddc71202c69842f84f0b4d04689674

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 524
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 linkedin-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 588 B
414 B 287ms
281ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/linkedin-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6cb3c6cb78253a7cfafea392e581f5f2ce0ee177c24e53ea31e68f7aee569238

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 349
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 instagram-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 923 B
502 B 99ms
93ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/instagram-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

100a79b22a580f1698a9950e8c18aefa79de0fd88e81a0a145e90fc4e8a59a2c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 408
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 facebook-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 415 B
342 B 118ms
112ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/facebook-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2952e22cc927982fa938a6fb0d5cd78316bb9b8e78872b27294a30addbfdc525

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 277
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 telegram-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 773 B
504 B 121ms
115ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/telegram-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5c7deb6b8db45580119b8192f45da9486bf6fd1694660e413ee57932305b5e55

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 462
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 medium-icon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 767 B
426 B 139ms
133ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/medium-icon.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1912b691f446ed5b1da215a578b0658ffa03526efb75eb2ea28bcf0e7bfd4f92

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Wed, 05 Oct 2022 12:20:15 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 361
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 main.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 33 KB
5 KB 152ms
147ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

215c13199ec3ef950bd100031e13ae6efe6ad72c8b91c98fbdfed812fe2f4432

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 08 Aug 2024 07:25:08 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 5081
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 fancybox.umd.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/ 103 KB
29 KB 32ms
32ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 05 Sep 2022 07:24:28 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 29634
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 25755956.js Show response
js-eu1.hs-scripts.com/ 2 KB
849 B 69ms
45ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/25755956.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d0b80f15229e98318d4704cf5c81bae1ba4a0b90bd73378ea8ca1a21ca4288

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 3600
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 5162
x-content-type-options: nosniff
cf-polished: origSize=2013
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: af76d497-852d-4fab-9b60-6b94e5c0de1a
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sat, 28 Sep 2024 08:24:03 GMT
access-control-allow-credentials: true
cf-ray: 8ca2d3c4e8742c22-FRA
access-control-allow-origin: https://www.group-ib.com
server: cloudflare

GET
DATA 200
OK truncated
/ 484 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0a3d94eaa3740ab0e1cb06c7354ff476ee6b9f2d67b758e13dfd7064e8a090e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e4d9bb39337412c1accc684411c0a2d9835a65f00a5f978294ad9708a1e3648

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response
www.group-ib.com/api/fl/ 217 B
639 B 14ms
14ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f56131229b9b559fb478e5149172a35a2a69be698645076d60567389a203da61

Request headers

x-cfids: KtAq97jlAjw++u3WgWhREIpRWozKCLJXOneFqVns36oOLwp3YXql6k4E8/kgZNx/2iwnsHaJ9iFsoc2/ZMuK6uWykdA7AsL9F29YBNvirl+vxPih9AUe2bJBMNJ2+qCab2UBFHJv1gR5emaJ1a/RMrO0nJQVlPCj/4QI
X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: g4ZQs0cO4TxZdiK6UscjOXrbVQ+II3Ce5raIxm/zlo9dkxHhsc5rYT31YQPhTzkgtm5ois9QvRMD6sAED1+f5gubKIW+/L0a9UxzuOE5sLB3tGHD4/JXYT2Hl/C8F+es+zrUZnX0T/jw1opoFMmYDNgz2TgCLkmgwYiBZZKwn3IGXAlvXIOOjNcRV27IRRGx3EqM5AB6n0XDdYJqAVMS6zI3c5ynaCeuNvCBABvuH1ewV83OKP9F7P7lWiWoFeT011cJdOGrzLEjao0heg==
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: CvYJda2d923f43d0e2cc3d9eff19ef5234e5d321

Response headers

cache-control: no-cache
content-encoding: gzip
etag: W/"Rm5y/q4H/Ij/Rcfl8/pZips6g8cLq6gvCqMMXYw8dZ2ZxdQdafvdjYesnYPinVH1ypyEFbsTdeH16wP8Kl5Fejgq8HJc/FEjLjC3cd8OROHjrYvewizTIyLQ+iQl82aHWbKB2/Kt3Hjj4oroRQ+a7OFuZGGeb++RfQZO"
x-envoy-upstream-service-time: 0
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 0191785e-a497-722c-b405-6b94787f2b40-test.json Show response
cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/ 5 KB
2 KB 87ms
58ms XHR
application/x-javascript 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/0191785e-a497-722c-b405-6b94787f2b40-test.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83b41e48edf6ba0e7f1e20951122830f5dd7fb74cb8206f611a2bfc8deae32fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: gmWNW+LDJMagbQA/O1WZcw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCDE0E9E6D2AA2
age: 86339
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 09:35:54 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 7f843bf0-a01e-0023-5bf8-0fe077000000
cf-ray: 8ca2d3c4de3bbbd3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1776
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 55ms
20ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=93623&u=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&vn=2.1&x=true
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams4 /
Resource Hash: 2239eba96d6e650dd08cefc59a1c11d2bae3042bcef594e49ec7ddd6cbcf3d63

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.group-ib.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gams4

GET
H2 200 G-font-Medium.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
8 KB 27ms
26ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

71bdc449af5d61d21f5f6daab3f9b56189822beec3e5448e415f0ec7ee24e799

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7579
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 G-font-Regular.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
7 KB 114ms
114ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

53d389faf997ad6f58e74a17f4cd29b8455f0c97ddb3a93bb3aea262d273c56a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 7091
x-xss-protection: 1; mode=block
server: nginx

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/ 9 KB
3 KB 77ms
44ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b218a7e882fb14932e01be45c8a1aee96f6dc377000f3135cac078fdac2d6637

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 347c2e25-707f-46af-9955-a8f3da3aefd9
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 347c2e25-707f-46af-9955-a8f3da3aefd9
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 14
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c54e2018fd-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 115ms
114ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=93623&d=group-ib.com&u=D39FD65F21E5FB18B221BDC8C35393B98&h=9f2d027bbb9dc784b4f5c28005c02672&t=false

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv01c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/gif
server: gnv01c

GET
H2 200 cross.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 342 B
248 B 41ms
41ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 207
x-xss-protection: 1; mode=block
server: nginx

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/ 112 KB
31 KB 75ms
55ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51d22893d9111df66e62db4409660225eddb997b9084b57b8670e27f24443bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: f68fd466-3475-4140-b55c-0f1b6c6af532
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: f68fd466-3475-4140-b55c-0f1b6c6af532
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 24
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c54e65d2ca-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/ 105 KB
30 KB 98ms
69ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfd70a7cee66b7629fd4556e4aae710d4aecea535bef05f3c7d1aacb2fbbbb91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: e88b828c-cccf-4267-8afb-07890d99dd62
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: e88b828c-cccf-4267-8afb-07890d99dd62
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 22
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c55ef4049b-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 dropdown_before.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 154 B
191 B 31ms
31ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 150
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 link-arrow.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 409 B
397 B 82ms
82ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 28 Jun 2022 07:55:26 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 267
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Close.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 227 B
321 B 81ms
81ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Close.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 12:14:21 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 180
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 file_copy.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 668 B
417 B 88ms
88ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/file_copy.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Mon, 28 Nov 2022 13:01:55 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 352
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 success.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 386 B
319 B 92ms
92ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/success.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Nov 2022 11:07:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 254
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 list-dot.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 313 B
292 B 90ms
90ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/list-dot.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Sep 2022 12:02:57 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 205
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Dropdown-right.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 503 B
372 B 95ms
95ms Image
image/svg+xml 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Dropdown-right.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

4d4a484a100e469b6e3dcf880a37755086e246cc291bab46e3edd4529e3d5d6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: image/svg+xml
last-modified: Fri, 16 Dec 2022 09:56:36 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 307
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 G-font-Bold.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 7 KB
7 KB 77ms
76ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2f54cd32df1ecb5aac59038dcb70c3f83dfc2888fcb111687092df9e98c2fbeb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: font/woff2
last-modified: Mon, 16 Sep 2024 10:14:05 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 6955
x-xss-protection: 1; mode=block
server: nginx

GET
H2 200 Material-Icons.woff2
www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/ 125 KB
126 KB 80ms
79ms Font
font/woff2 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/Material-Icons.woff2

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 26 Jan 2025 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: font/woff2
last-modified: Tue, 28 Nov 2023 16:09:12 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=10368000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
x-xss-protection: 1; mode=block
server: nginx

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c239fbd2387ceff073b22f05559eb6a3a9425ccde003eccb22a998429465302f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
213 B 58ms
58ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ca2d3c55eaebbd3-FRA
access-control-allow-origin: *
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/ 457 KB
111 KB 36ms
35ms Script
application/javascript 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/otBannerSdk.js

Requested by

Host: cdn-au.onetrust.com
URL: https://cdn-au.onetrust.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: Mq8sWt7aN99kE/VZ97+T8Q==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4D1B2DE7D
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 28352
expires: Sun, 29 Sep 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:10:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: b1db5b7f-601e-004e-34a3-08543c000000
cf-ray: 8ca2d3c60ac718af-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 113760
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/ 9 KB
3 KB 51ms
51ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c847523ccb8e26d5b62754a59699b1100174dbed6ff674cd0b598d962a5aa2c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 201bbb9a-d79c-46e8-8fc0-863477f7b608
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 201bbb9a-d79c-46e8-8fc0-863477f7b608
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-envoy-upstream-service-time: 12
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c64814049b-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 354 KB
110 KB 184ms
78ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e78292bc34f97a2c14241e5e885868fec24d3f010972e2112d329e0fe82fde5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Sat, 28 Sep 2024 09:50:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112334
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
www.group-ib.com/wp-content/themes/gib-theme/assets/js/ 8 KB
3 KB 19ms
18ms Script
text/javascript 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 28 Oct 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 15 Jul 2022 14:12:57 GMT
vary: X-Forwarded-Proto,Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: max-age=2592000, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 3085
x-xss-protection: 1; mode=block
server: nginx

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/ 8 KB
3 KB 44ms
44ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

913e593be448b025053b34a1e2ee9354cc3f94257790a0ec84dae4b59cb2ff58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: db4cd2bd-c30c-4caa-841c-b44f9ec525af
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: eu1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: db4cd2bd-c30c-4caa-841c-b44f9ec525af
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-envoy-upstream-service-time: 13
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c6598fd2ca-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
Content-Length: 1681
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 web-interactives-embed.js Show response
js-eu1.hubspot.com/ 83 KB
25 KB 72ms
28ms Script
application/javascript 172.65.236.181
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hubspot.com/web-interactives-embed.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.group-ib.com
Referer: https://www.group-ib.com/

Response headers

x-request-id: b0ec7175-a040-4249-918c-05f12b597ac7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"edf91c1320ba2916398ed791b63187bc"
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
age: 283
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tKNgAev8wGZf9Rwmwxh%2FDPQZF6nn4U%2FDnhduMZ7ppBJMtUlLXp0nlUvCD0dESRpaksMlY%2ByarEVKROiqt6dAsUOqTO%2BS5sbbz6248Z3p9ZQC0lCJtE8OkH%2FTmEM7LcNtk06tag%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: iNEUuzJC0_7QrK3uQUj0Gt1d7KuqdI-6GQDD6tW6b88ZNIgJptySZw==
x-hubspot-correlation-id: b0ec7175-a040-4249-918c-05f12b597ac7
content-type: application/javascript; charset=utf-8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-m2kr7
x-envoy-upstream-service-time: 3
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Sat, 28 Sep 2024 09:50:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8ca2ccdcf911d34d-FRA
via: 1.1 104bdf965b5b1cb596af463b142160de.cloudfront.net (CloudFront)
cf-ray: 8ca2d3c6db70d2ca-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: FRA60-P6

GET
H2 200 fb.js Show response
js-eu1.hsadspixel.net/ 6 KB
4 KB 70ms
26ms Script
application/javascript 172.65.219.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsadspixel.net/fb.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c17d765fc13ecfd2c661fa8378db855b59fceb2961ad34ed145e73961baf167

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 625df2da-0775-4ab2-bd3d-c160dad7f731
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f97b977feac068a21e89cfb81708a355"
x-amz-version-id: .arbvMEZAR_Ixa4j7ME.TG.XjHXm5mBs
age: 165
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: nc5w5ov1hNiUaqXJqs8UUxE6ghPa70A6PtXadLXIfE7VLyJ-dKuHNQ==
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 625df2da-0775-4ab2-bd3d-c160dad7f731
content-type: application/javascript; charset=utf-8
last-modified: Fri, 27 Sep 2024 14:15:18 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-6bffdf99df-rrdc2
x-envoy-upstream-service-time: 4
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.601/bundles/pixels-release.js&cfRay=8ca2cfba0950a01b-FRA
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
cf-ray: 8ca2d3c6def99268-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.601/bundles/pixels-release.js
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js-eu1.hs-banner.com/v2/25755956/ 72 KB
26 KB 68ms
29ms Script
text/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-banner.com/v2/25755956/banner.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8025ce08dc7d64baaf0aa3ed8492e292f590e5a5a5a90456ed4b0f8c4986f09

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 9c44b3c7-4cbb-4b10-94c1-0abfe481504a
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2466a9b7b3498c0bc71b9433d06ffdbe"
x-amz-version-id: Cv6szvKe2PC3ISsjldERJUjKjNJrZbHL
age: 2
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Sat, 28 Sep 2024 09:55:03 GMT
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: 9c44b3c7-4cbb-4b10-94c1-0abfe481504a
content-type: text/javascript; charset=UTF-8
last-modified: Tue, 10 Sep 2024 11:14:51 GMT
vary: origin, Accept-Encoding
x-amz-id-2: VFdb5Fu8P/MQCIw5BKOlTP+xW7sUCPINSYXTkjiXWhkO9U9apDhMCZMxc2goODvTK6tY8/QvU5A=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-5cc6cdbf4d-497g6
x-envoy-upstream-service-time: 60
access-control-allow-credentials: true
x-amz-request-id: FF0C2T3GRBBKJJ2B
cf-ray: 8ca2d3c6ddf0901c-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 25755956.js Show response
js-eu1.hs-analytics.net/analytics/1727511600000/ 69 KB
25 KB 112ms
70ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1727511600000/25755956.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28834d5848fb9f5289a56f70f6563d4bce4259ca4edb43e60655f966b8ded258

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: a1541805-23f2-4d3f-bcb4-2661fa947aa6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"8ff9ca41f47175f0ce5e49431e5e308e"
age: 139
expires: Sat, 28 Sep 2024 09:52:46 GMT
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: a1541805-23f2-4d3f-bcb4-2661fa947aa6
content-type: text/javascript
last-modified: Tue, 24 Sep 2024 15:16:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: S9ATvxO4c0UwoE+TCY/KD8qkKQOiGKQrCvS/H0y8X+okduVuIjhxJXXSssF0qfKjfGZJmCxT+lg=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-688555d8bb-clv4l
x-envoy-upstream-service-time: 34
access-control-allow-credentials: false
x-amz-request-id: 6BWZ0XEKDN99N7QN
cf-ray: 8ca2d3c6dc028ed6-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 403 ajax.php
www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ 0
0 13ms
8ms Fetch 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

date: Sat, 28 Sep 2024 09:50:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 64ms
33ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: e508aa6f-5a4b-4c36-9281-b78f423383aa
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:05 GMT
x-hubspot-correlation-id: e508aa6f-5a4b-4c36-9281-b78f423383aa
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c70a0e6add-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 en.json Show response
cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/01917861-b884-7320-bdec-f5c8d7fac8ee/ 64 KB
15 KB 50ms
50ms Fetch
application/x-javascript 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/consent/0191785e-a497-722c-b405-6b94787f2b40-test/01917861-b884-7320-bdec-f5c8d7fac8ee/en.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1890f6f56fb39fc1763ec4a0531fdd18e42d48d3f28cdce128e7905902e662e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: dIWDaurSlqXwO6RyOOQ/vw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCDE0EA49113E5
age: 44827
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 09:36:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: af37da65-b01e-004d-629b-10b558000000
cf-ray: 8ca2d3c788e3bbd3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15648
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 collect
px.ads.linkedin.com/ 0
403 B 539ms
521ms Image
application/javascript 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1727517006037&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 12A70DABEEBA4E8AB12B35D4651810E4 Ref B: FRAEDGE2006 Ref C: 2024-09-28T09:50:06Z
x-li-fabric: prod-lor1
x-li-uuid: AAYjKuWDv9x82vmhrnQ2eg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
915 B 38ms
38ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 4fdfc7d3-ddce-4471-a028-efbda66a3d77
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 4fdfc7d3-ddce-4471-a028-efbda66a3d77
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c7caa96add-FRA
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 250 B
845 B 87ms
56ms XHR
application/json 2a06:98c1:3200::90:2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3200::90:2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtE%2B7TEEkVWUzpYNktJsNLtWxwB1T3obzM7YG3L3oG2%2F3KydtGOxEPiAXPr1n3TGWszb91ZesGFWXu1sAzn5K74fKFCydbBE1Q3QN8oYNpMs4S5mBnFfj8EftvDzXn7VjKqnjUKBDtld%2FfyhN8UlbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: f09af2e8-b216-41b6-931e-cf3f3523c8d1
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8ca2d3c82f12694f-FRA
access-control-allow-origin: https://www.group-ib.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-eu1.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 66ms
39ms Fetch
application/json 172.65.198.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 8999a57a-2ab0-4438-8a25-9ce106011c93
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cLIup6IApRn82N7FwT2RWsryY7tHLyRNgo%2FLOGC2YNxZACKTFEGKN9dVumR5gvPLObH3w9XA5ywX9zxA1THO26xHzf3AVH%2FTqOh26ZTDA8eFQ8o%2BG2nM%2B1XHfOALEXhFceVSZkE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 8999a57a-2ab0-4438-8a25-9ce106011c93
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 9
access-control-allow-credentials: true
cf-ray: 8ca2d3c83e64910c-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 otFlat.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 13 KB
3 KB 41ms
40ms Fetch
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otFlat.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: RGlYb2KBTfdkPpxIxwwu0g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4C7AB3CD9
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79976
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 27c4b992-d01e-005b-2773-0e438f000000
cf-ray: 8ca2d3c8296abbd3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3003
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/v2/ 62 KB
13 KB 47ms
46ms Fetch
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/v2/otPcCenter.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: vNMewq08o3u2s0ZPUoZf8g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4CB926D92
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79976
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 30d1bb2f-a01e-0041-3473-0e2250000000
cf-ray: 8ca2d3c8296cbbd3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12723
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCookieSettingsButton.json Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 5 KB
2 KB 37ms
37ms Fetch
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otCookieSettingsButton.json

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: fyGpUoUy0eZkGUgUg6MkZA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCD6A4CACA7FB0
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79976
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json
last-modified: Mon, 16 Sep 2024 23:10:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 3604289a-e01e-0050-6f74-0eb8e4000000
cf-ray: 8ca2d3c8296dbbd3-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1738
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/ 24 KB
4 KB 41ms
40ms Fetch
text/css 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/scripttemplates/202409.1.0/assets/otCommonStyles.css

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79976
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/css
last-modified: Mon, 16 Sep 2024 23:11:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: f7931f97-a01e-0051-7373-0ee738000000
cf-ray: 8ca2d3c8296fbbd3-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 336 KB
110 KB 73ms
73ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0781f48dfaca7f1c8d2171889c0d4ab058083eb4e9c3bd59f7e3620b1ab731c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112076
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 239 KB
86 KB 94ms
93ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10897073384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63417edd3256348c3bfd1d97b8108c063b49a043273d4471ed3502f2d19e0b71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Sat, 28 Sep 2024 09:50:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 88207
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 33ms
13ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "bed9b675380c07edc84c03d0f362b192"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12103
date: Sat, 28 Sep 2024 09:50:06 GMT
last-modified: Mon, 23 Sep 2024 17:14:22 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
15 KB 82ms
38ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FC029B753CAB4F738633F8358AF18FBE Ref B: FRAEDGE1716 Ref C: 2024-09-28T09:50:06Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 34ms
2ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66f5de53-111c3"
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 12:50:06 GMT
accept-ranges: bytes
content-length: 18820
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Thu, 26 Sep 2024 22:21:07 GMT

GET
H2 200 NeverBounce.js Show response
cdn.neverbounce.com/widget/dist/ 96 KB
29 KB 42ms
3ms Script
application/javascript 18.245.46.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-48.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-amz-cf-pop: FRA56-P9
content-encoding: gzip
x-amz-version-id: null
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
age: 17276
via: 1.1 4f3281e2362f23bf5efc65311d3defb0.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: RRI5TOp9R8pRhtCBst4QWK8r4Tep54DEmog05lezpeIY61X15lv_2Q==
date: Sat, 28 Sep 2024 05:02:15 GMT
content-type: application/javascript
vary: Accept-Encoding
server: AmazonS3
last-modified: Mon, 02 Mar 2020 18:37:33 GMT

GET
H3 200 63e267f61a03d71ea3df5fe7 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 253ms
238ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0b95bf81dce97078a3c3b1194fdb9e5dee971a6e18dc487702dabb41bdbd49b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8ca2d3c86dee9bb0-FRA
access-control-allow-origin: *
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 30ms
17ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4449, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: P4CQ/C1GvYZFBGlRfEpsf3nRUgAv+OZFB6XhxBPvRR34pVnfxhn5gS5BgcGZzWNt1rp8UdVmOUPtdYfVXhzEHw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0

GET
H2 200 1010045.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
1 KB 79ms
38ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010045.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8530c3e4aab57792d2de601bf80edaf0f9280f5afa15e12b2ed2f26a34949b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3c89a1c37d7-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 1010056.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 78ms
37ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010056.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b36ece0a9b0dd3420befc70c4b96821f8a139177b78e1bac2670a9fc139857b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3c89a1f37d7-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 1010057.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
1 KB 77ms
37ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010057.js?p=https://www.group-ib.com/blog/dragonforce-ransomware/&e=

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a961ed4a1958945c2340352071f6c00c848dc9c125fcf045efc40fab4062117

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ca2d3c89a1e37d7-FRA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQLrZcsbi8VqsQAAAZI4CZmWvOnCvvN-...

0
265 B

207ms
190ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQLrZcsbi8VqsQAAAZI4CZmWvOnCvvN-_ts_BLFIDCtF46D9bUWtrcG2b1z1Ocxtn-9okr8u
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: EB51BB857A794E0B8B3030078CE70801 Ref B: FRAEDGE1111 Ref C: 2024-09-28T09:50:06Z
x-li-fabric: prod-lor1
x-li-uuid: AAYjKuWDDL5B4NxYzzyB0g==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4443393&time=1727517006130&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&tm=gtmv2&e_ipv6=AQLrZcsbi8VqsQAAAZI4CZmWvOnCvvN-_ts_BLFIDCtF46D9bUWtrcG2b1z1Ocxtn-9okr8u
x-msedge-ref: Ref A: 3CAB7FECADF0466CBC6627FE627EEFEF Ref B: FRAEDGE2006 Ref C: 2024-09-28T09:50:06Z
x-li-fabric: prod-lor1
x-li-uuid: AAYjKuV/3E+nfoVm9Wz/PA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sat, 28 Sep 2024 09:50:05 GMT

GET
H/1.1 200
OK counters.gif
perf-eu1.hsforms.com/embed/v3/ 35 B
1 KB 114ms
61ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 7450f78d-19a6-4cde-aaf9-643c667e89aa
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 7450f78d-19a6-4cde-aaf9-643c667e89aa
Content-Type: image/gif
vary: origin, Accept-Encoding
Last-Modified: Sat, 28 Sep 2024 09:50:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8ca2d3c90c109a2a-FRA
Accept-Ranges: bytes
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 ot_close.svg
cdn-au.onetrust.com/logos/static/ 651 B
646 B 53ms
49ms Image
image/svg+xml 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/ot_close.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 68443
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 0a85ae8c-101e-0009-1d56-093f67000000
cf-ray: 8ca2d3c89d6218af-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_guard_logo.svg Show response
cdn-au.onetrust.com/logos/static/ 497 B
532 B 43ms
38ms Fetch
image/svg+xml 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-au.onetrust.com/logos/static/ot_guard_logo.svg

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 79975
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 0bf5a38e-b01e-0072-4d1e-0b7dfb000000
cf-ray: 8ca2d3c8aa06bbd3-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_company_logo.png
cdn-au.onetrust.com/logos/static/ 4 KB
4 KB 42ms
30ms Image
image/png 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/ot_company_logo.png

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8DCD6A4D842D1F7
age: 33424
cf-cache-status: HIT
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/png
last-modified: Mon, 16 Sep 2024 23:11:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 769ad0ad-b01e-0000-2e21-097ab4000000
cf-ray: 8ca2d3c8ddaa18af-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4036
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 powered_by_logo.svg
cdn-au.onetrust.com/logos/static/ 5 KB
2 KB 81ms
69ms Image
image/svg+xml 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-au.onetrust.com/logos/static/powered_by_logo.svg

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-md5: Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 68243
content-encoding: gzip
expires: Sun, 29 Sep 2024 09:50:06 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 23:11:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 91dbc4cb-d01e-0039-7adf-0881a8000000
cf-ray: 8ca2d3c8ddac18af-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
93 KB 94ms
78ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508

Requested by

Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75b39c10a12949c7dd65e16a66255956c3eba254b49d1ad51538779ad74eb163

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94646
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
93 KB 91ms
75ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d6aa253f20f74c705be27f19621a4ea75d3b1d949394f08f6fe4be3676172a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 09:50:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 94616
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_du2owjr6f67j/ 3 B
124 B 68ms
10ms XHR
application/json 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_du2owjr6f67j/config
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json

GET
H2 200 a2_du2owjr6f67j_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 52ms
28ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_du2owjr6f67j_telemetry
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 97
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 57ms
6ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1727517006221&id=a2_du2owjr6f67j&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=a6cb9baf-ed20-44b4-bdcc-033fb6d237e0&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_5afed25b&dpm=&dpcc=&dprc=
Requested by: Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/gif
server: Varnish

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 31ms
14ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.group-ib.com
content-length: 7
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
310 B 68ms
8ms XHR
text/html 2a02:26f0:ab00::214:8e70
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3d45fdf57e5fd666b1ff640d125a0f6e7a8edfac5055af0885b29ff442d85007

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a03:1b20:6:f011::2e
expires: Sat, 28 Sep 2024 09:50:06 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1727517006255_34901612_209154857_29_1211_6_16_219";dur=1
access-control-allow-origin: https://www.group-ib.com
content-length: 20
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 119ms
103ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=91eb9c59-5db2-4f52-8592-9eb59f584819&session=a15b43b2-1bd8-4dba-8855-75e57eaa88b3&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A06%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=b1ef64a6-006d-42c6-80e9-36eb8cf96dc9&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:06 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 120ms
104ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=91eb9c59-5db2-4f52-8592-9eb59f584819&session=a15b43b2-1bd8-4dba-8855-75e57eaa88b3&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2028%20Sep%202024%2009%3A50%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=b1ef64a6-006d-42c6-80e9-36eb8cf96dc9&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:06 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 153ms
123ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryutcqYi0oJ3Wb4Ya9
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 144ms
115ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryiHonBPUx7HacJqC2
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 614ms
586ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryNZBvkCL95FEIBRAA
Referer: https://www.group-ib.com/

Response headers

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
281 B 331ms
115ms Script
application/javascript 34.203.99.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_712555

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.99.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-99-62.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3b28205308dc10d856d156ada1cf8cebce2863d31ef1967653ce50927a4f3d1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 333ms
117ms Script
application/javascript 34.203.99.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_479307

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.99.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-99-62.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fa3bea6fcd0c5b9bb2fcea29f7892c5c931c020684a8f4c84fba328838279582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 322ms
114ms Script
application/javascript 34.203.99.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_331502

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.99.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-99-62.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c1680c0b77929ced1396f83ffb432c14f82ce06d37f9c6912cae8e568fe43328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
281 B 387ms
202ms Script
application/javascript 34.203.99.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_44539

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.99.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-99-62.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f8c0dd73d379c838df8a66bdb5c873dfcdda4ebae423b2856f5c6dc705be7196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
282 B 283ms
113ms Script
application/javascript 34.203.99.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_439238

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.99.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-99-62.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02159c73928d043a24cafdcea0e794edd72b83c36731c7339936edfa38aed339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, private
content-encoding: gzip
x-ua-compatible: IE=Edge
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H2 200 343106030.js Show response
bat.bing.com/p/action/ 369 B
424 B 34ms
33ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/343106030.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1436939ed29c528098b948903ff835b1f1066a45afc277c43053a25964d1761c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5E5284AE326E40F5ACEA5507CF5EE221 Ref B: FRAEDGE1716 Ref C: 2024-09-28T09:50:06Z
x-cache: CONFIG_NOCACHE
date: Sat, 28 Sep 2024 09:50:05 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 114ms
114ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=91eb9c59-5db2-4f52-8592-9eb59f584819&session=a15b43b2-1bd8-4dba-8855-75e57eaa88b3&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A2e%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=b1ef64a6-006d-42c6-80e9-36eb8cf96dc9&ipv6=2a03%3A1b20%3A6%3Af011%3A%3A2e&v=1.1.28

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:06 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 649324202964935 Show response
connect.facebook.net/signals/config/ 81 KB
16 KB 12ms
11ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649324202964935?v=2.9.169&r=stable&domain=www.group-ib.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

83ad6c734a5f5c3ef3af547883c69c0cc33a85dda24b4b3c86d6a585a5f8fe68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=70, mss=1232, tbw=67249, tp=62, tpl=0, uplat=3, ullat=-1
pragma: public
x-fb-debug: 2trZk0bmsmJn12s/EN/m84g+w50ANY4CG3NTEK2fDC3kp4WdEfT7vQA2DQbsiE9p8bz/YCe5CnTQJYTsvOy/Bg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 15801
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 69ms
24ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je49p0v9101996448z872040694za200zb72040694&_p=1727517005813&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=494893904.1727517006&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&sid=1727517006&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&dt=DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1214
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.group-ib.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
555 B 70ms
20ms Ping
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=494893904.1727517006&gtm=45je49p0v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.group-ib.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 152ms
85ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=494893904.1727517006&gtm=45je49p0v9101996448z872040694za200zb72040694&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1374456557

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sat, 28 Sep 2024 09:50:06 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 119ms
118ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryb4ckxFEjRfqAZAOH
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 136ms
135ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9AUrEIxtgUk7svXy
Referer: https://www.group-ib.com/

Response headers

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 120ms
119ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTTHpD7jyAozuwYHn
Referer: https://www.group-ib.com/

Response headers

GET
H2 204 0
bat.bing.com/action/ 0
286 B 68ms
68ms Image
text/plain 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=343106030&tm=gtm002&Ver=2&mid=96922eea-63f1-4f77-81e4-da230c6f1561&sid=0aa018a07d7f11efa00e4d2fcfeea374&vid=0aa024707d7f11ef91d4b5d93c35509d&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog&p=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&lt=731&evt=pageLoad&sv=1&cdb=AQET&rn=721015

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A259EC4C1558497E92E3A696BDCFB77E Ref B: FRAEDGE1716 Ref C: 2024-09-28T09:50:06Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Sat, 28 Sep 2024 09:50:05 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 23ms
8ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D649324202964935%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26rl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26if%3Dfalse%26ts%3D1727517006448%26sw%3D1600%26sh%3D1200%26v%3D2.9.169%26r%3Dstable%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1727517006446.689979146864577868%26cs_est%3Dtrue%26cdl%3DAPI_unavailable%26it%3D1727517006331%26coo%3Dfalse%26exp%3Df1&rqm=GET

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1368, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 171ms
157ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&if=false&ts=1727517006448&sw=1600&sh=1200&v=2.9.169&r=stable&ec=0&o=12318&fbp=fb.1.1727517006446.689979146864577868&cs_est=true&cdl=API_unavailable&it=1727517006331&coo=false&exp=f1&rqm=FGET

Requested by

Host: www.group-ib.com
URL: https://www.group-ib.com/blog/dragonforce-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419629044887451245"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 6aOMftSkvQ5OoXmkhqtogDxZoMDZu5oyADyktSOuJTXAG9MdCNVmwjIPTDpwHJOrEu9xyLGEMBgD7r3bF8ZUDA==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419629044887451245", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=10, mss=1368, tbw=3093, tp=-1, tpl=-1, uplat=147, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 200 fl Show response
www.group-ib.com/api/ 685 B
1 KB 75ms
62ms XHR
application/json 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=Rm5y%2Fq4H%2FIj%2FRcfl8%2FpZips6g8cLq6gvCqMMXYw8dZ2ZxdQdafvdjYesnYPinVH1ypyEFbsTdeH16wP8Kl5Fejgq8HJc%2FFEjLjC3cd8OROHjrYvewizTIyLQ%2BiQl82aHWbKB2%2FKt3Hjj4oroRQ%2Ba7OFuZGGeb%2B%2BRfQZO
Requested by: Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6d184937cb65c19969f8a28fa48ea9c2d5f2bd2dbc15601fec702b14a890e0c8

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: g4ZQs0cO4TxZdiK6UscjOXrbVQ+II3Ce5raIxm/zlo9dkxHhsc5rYT31YQPhTzkgtm5ois9QvRMD6sAED1+f5gubKIW+/L0a9UxzuOE5sLB3tGHD4/JXYT2Hl/C8F+es+zrUZnX0T/jw1opoFMmYDNgz2TgCLkmgwYiBZZKwn3IGXAlvXIOOjNcRV27IRRGx3EqM5AB6n0XDdYJqAVMS6zI3c5ynaCeuNvCBABvuH1ewV83OKP9F7P7lWiWoFeT011cJdOGrzLEjao0heg==
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24: P0Wmdcace0c7c4c1184e1b614db9981d0755c366

Response headers

cache-control: no-store
content-encoding: gzip
x-envoy-upstream-service-time: 43
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.group-ib.com
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx
access-control-allow-headers: Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization

GET
H3 200 709834390277869 Show response
connect.facebook.net/signals/config/ 29 KB
3 KB 8ms
8ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/709834390277869?v=2.9.169&r=stable&domain=www.group-ib.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112%2C199%2C198%2C200%2C205%2C206%2C207%2C203%2C195%2C131%2C133%2C162%2C194%2C196%2C121%2C156%2C144%2C150%2C188%2C189%2C128%2C231%2C115%2C125%2C126%2C232%2C164%2C118%2C234%2C165%2C135%2C122%2C153%2C147%2C113%2C127

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

a8f14886acaa595928d480b75781a68feb94ffb5ad7e3cecbd1817e6914e564b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=83, mss=1232, tbw=83809, tp=79, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: DkpKDqGETUge43cgtkjdSRzE/T7Fbst66F2IHH2LPD3pel5rTxuy6tXmg49iLKPmL+Tec+2b/D8dwC0A4BBmnQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 3373
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
636 B 77ms
39ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006690&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 36f4ffa9-5844-4e04-90f1-c9da805c00aa
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zLsYzgDzSAnDLjVcAtqkC1Np%2BSZfAE2YDuFaoih2wxeucRQfOESORrVRzc9wcq013N12A3kZR5xgZK6APPWDzfP%2BCCvB%2BDKq5h2ANx4l9sY%2B1IBN3Wu9I%2BB5EIpRBUDgEapn6Tqkg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 36f4ffa9-5844-4e04-90f1-c9da805c00aa
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-cbhw6
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b0cd294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 145ms
127ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=a237cfe6-af20-4114-88b3-b828d49baf88&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006690&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 6019c4f3-cef4-4e51-8c5c-b45b582f1857
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G1QD1LtOeLlM1JgJH9lfEpMUdjsLPJ4XNjduHGM%2BgE7JChNS2wAZKDKuhz8337SejQ4N2GUH4d02arh7Ll2iUD45YjryNSEifWSGd9vH0JIXwwy3Yw3ho9fvIv%2FN5GgYq3GUGoYxhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 6019c4f3-cef4-4e51-8c5c-b45b582f1857
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-lxmns
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b0ed294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
638 B 55ms
38ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=461800f2-fedb-4b12-b550-de31497a4a88&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006690&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 20ac08a7-73a5-43e7-b5a6-1dbd42456cac
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sc%2FNll9FOAs9OHBYZYxRTJVyMtt6JgzN0U%2B%2B0Prte8gz7ivKPSCXUr%2B8ssUMqcRDigscm7oN%2BpFAvUKEK5r4vGt2XR04Uq21Jc3QFIvZJY0F%2BS2f3Rme6jo2%2FTk0VeFwuMwrpYWIKA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 20ac08a7-73a5-43e7-b5a6-1dbd42456cac
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-cww9d
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b11d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
591 B 54ms
37ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=929c5ca7-b72e-4eba-b6d5-23c66c01ddb6&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006690&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 85fe96cc-f5ee-4c69-acec-bb60f6351c0b
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PyIJsBt8LRqWtbXxZf1dCz25gmAHl6b7UX6RNSyILmmy1aTE969uuByrb5te2w2uac%2F9pipTuvxYwFPEo%2F6LPeGXc4O6nB4sD5cu4YRjjN3BWqfWLLJshkFHflyJH1VmVW3tECPARQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 85fe96cc-f5ee-4c69-acec-bb60f6351c0b
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-4k6lr
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b13d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 53ms
36ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=eb903dab-0ef3-43b5-bdeb-71372e6ad0f0&fci=7a45b768-ad25-4e09-8b23-f7fb3e71ed65&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006691&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 08ca76e6-886e-400b-92d7-a0d3a7d4ced1
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bRPjKFBI9Ye4qHoMo%2BY4cXy0Q08pXUWV75BeUsfZBQFzANi6fy0lSSZC3LGCo4rXLQfgH8EU2NgpsIUd1p0NEqDXkOH5G%2BAdeHTzEhZolTSMJW36AcNwT4GA1oJFSVGAfMtNk6tV7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 08ca76e6-886e-400b-92d7-a0d3a7d4ced1
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-4k6lr
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b18d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 57ms
40ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=da55f120-1702-4278-8212-2b1550a6624a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006691&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: fca4ec4a-cf5a-4cc1-a429-16b80762b660
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B22i%2BVFnL13JaRhUZmU7Z7JC6I9aymfJ7yNOwgmJ1GVF8D7vf8DtHK%2BKRhw5%2B6mPN5fr1oZLG4N5CFZg6Z%2FQZmGDvEeBETKepHNl75KU9QFfQ8nXtHjCTfTAxEkCp1kr3iGqmLqqKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: fca4ec4a-cf5a-4cc1-a429-16b80762b660
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-cww9d
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3cc1b1bd294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptbe.gif
track-eu1.hubspot.com/ 45 B
1 KB 40ms
40ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptbe.gif?n=form_abandonment&_formId=%7B%7B+event.properties.formId+%7D%7D&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006692&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: fcf59890-c7d1-4757-a205-c0781d5312f1
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIVvR2CkwrZ0Wj2PXdJvCrDzKLRVcDmELZBiJXp6J88l%2Fki5Wn8WENmmzDacthtUJ2A%2FzhdpXsrwOu3OfOsf91S%2B2ZrRhJtjDQod1y%2BTwBIQkVhD6BibA8BuFbiw4ug0kFX5q6p8yw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: fcf59890-c7d1-4757-a205-c0781d5312f1
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-rnf58
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ca2d3cc2b61d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
748 B 101ms
101ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=929c5ca7-b72e-4eba-b6d5-23c66c01ddb6&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006693&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 6de535ee-205d-4095-967b-8d6448aaf588
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bofe4oVB4nu8zAT2pXLDv3HWiuQVzEJIPzO%2FB3PeauhkApPvhZeTxgMXfgxG9kwsZkkjBgOVBEokdIRGEz%2FnW1KPzqlA9R70aHXJmeFlPolKzXbT23kIwRtaWWazovkf5BHnHYWE%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 6de535ee-205d-4095-967b-8d6448aaf588
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-98sbh
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3cc2b64d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
748 B 31ms
30ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=a237cfe6-af20-4114-88b3-b828d49baf88&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006693&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: d894a3e9-80e8-4956-8fc0-1fd70df15851
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KUyUHAvVCqij3qetbQ7GdfUxx7f9lzBgBhaogRx9NYIhVXQAm%2F%2BHHEE77TuwcF%2BcFdLnk2zxDIALf%2F52VCA0St3Gmm6XynqSAqFAEVgCGjaYjSzpbvxa33ISw%2BzzVsGFoEw%2FWchgkg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: d894a3e9-80e8-4956-8fc0-1fd70df15851
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-gv7j8
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ca2d3cc2b67d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
740 B 49ms
49ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=461800f2-fedb-4b12-b550-de31497a4a88&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&t=DragonForce+Ransomware+Group+%7C+Group-IB+Blog&cts=1727517006693&vi=15766aeed92f477c75e3c3f2cccc9a86&nc=true&u=84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1&b=84897990.1.1727517006688&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

x-robots-tag: none
x-request-id: 7c9aa1fe-aea7-4138-b2e9-8969fa19392f
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0eEdbr8YAdecoIhN6LryeybLELUBXCnagUivgYXa5pBIiyEEaK1WMPa1zwnW07Rhis7nrMM2LnvbYaTcf0HSNXW1ee07zx1wzeSxZMUWE2o7uiMSF%2Bv73VOsZm8QDc%2FXO8Rbid5aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sat, 28 Sep 2024 09:50:06 GMT
x-hubspot-correlation-id: 7c9aa1fe-aea7-4138-b2e9-8969fa19392f
content-type: image/gif
last-modified: Sat, 28 Sep 2024 09:50:06 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-9c6cfcfd9-s98sm
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ca2d3cc2b68d294-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 96x96.png
www.group-ib.com/wp-content/uploads/ 2 KB
2 KB 24ms
23ms Other
image/png 3.72.181.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.group-ib.com/wp-content/uploads/96x96.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-72-181-255.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/blog/dragonforce-ransomware/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:05 GMT
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/png
last-modified: Thu, 27 Jul 2023 07:36:53 GMT
vary: Accept-Encoding
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors 'self';
cache-control: no-cache, private, max-age=3600
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: https://www.group-ib.com
content-length: 2164
x-xss-protection: 1; mode=block
server: nginx

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 58ms
57ms Image
text/html 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=169056218&rv=49p0&u=AAAAAAAIIAAAAAAI&h=Ag&gtm=45be49p0v871795256za201zb72040694&ccid=siloed_71795256&cid=siloed_AW-10897073384&l=L641.S9.B6.E383.I704.EC8.TC1.HTC0~gtm.init.S0.V0.E55~gtm.js.S0.V0.E76.TS5rep.TI1.TE0~*.S0.V0.E52~*.S0.V0.E52~*.S0.V0.E52~gtm.dom.S0.V0.E51~gtm.load.S0.V0.E3~gtm.init_consent.S1.V1.E56

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 28 Sep 2024 09:50:06 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H2 200 /
www.facebook.com/tr/ 0
101 B 8ms
7ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D709834390277869%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26rl%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fdragonforce-ransomware%252F%26if%3Dfalse%26ts%3D1727517006728%26sw%3D1600%26sh%3D1200%26ud%5Bexternal_id%5D%3D15766aeed92f477c75e3c3f2cccc9a86%26v%3D2.9.169%26r%3Dstable%26a%3Dhubspot%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1727517006446.689979146864577868%26cs_est%3Dtrue%26cdl%3DAPI_unavailable%26it%3D1727517006331%26coo%3Dfalse%26exp%3Df3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1368, tbw=6370, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
846 B 48ms
48ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&if=false&ts=1727517006728&sw=1600&sh=1200&ud[external_id]=15766aeed92f477c75e3c3f2cccc9a86&v=2.9.169&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1727517006446.689979146864577868&cs_est=true&cdl=API_unavailable&it=1727517006331&coo=false&exp=f3&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419629045422053271"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Sep 2024 09:50:06 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: bLp/KAF6u0rFraDWAh8sFIhmJxbifmGBU2Jshq+CJ6KCykpHSjUjfPuDNk0vNhwRH9U1KK9b85nekrcvgQ/+lQ==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419629045422053271", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=10, mss=1368, tbw=6515, tp=-1, tpl=-1, uplat=40, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 200 044e7558-8073-478a-ad3c-5807dd76840f Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
1 KB 49ms
45ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: a6a0ba1f-e4a8-45b5-b3da-fdcc9512125b
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTal%2BxPGg54rlPH8XZBz%2BrKfu7JAyaj8NvdG3bCaLKmL%2Bj4EOMKaATKg7ITra0T75VYr21BOHDT2uv1hG1pipRcwkYY9%2Fohgb5WnQJ0LfNgu3CoikPEBiWo5Y8sW7ds9MCfnj9tOXg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: a6a0ba1f-e4a8-45b5-b3da-fdcc9512125b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 19
access-control-allow-credentials: false
cf-ray: 8ca2d3cd99ea2bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 044e7558-8073-478a-ad3c-5807dd76840f
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 71ms
43ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/044e7558-8073-478a-ad3c-5807dd76840f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd49832bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pfsw5W3Y8GJcfXtzEzoencmDDmcKssZLiVyhad9P93p%2FOHowqjnu3tJrQCtuNK2DCzRmjZopazE7KzZlrXWyIRypU1qfV13Uk1NS9vQNN5zFFAed1NnZaikD%2FJUYPqR%2FZ6bp027mQw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 97e98fb5-535f-41d4-acf5-1f11050fbc46
x-request-id: 97e98fb5-535f-41d4-acf5-1f11050fbc46

POST
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
1 KB 50ms
49ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 2219fe5f-4b22-4dd3-8753-81aefb5439ba
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8l9Pu985hWINlHaTRg9FipavowIazSsP1K3bZbM9TiK15Jr1Oflckt64kXtHgNdiIv2wY0ebvDVT0BLO4t1qa5iYaHgi83JHbJF110QygLbiA4ktWvNAvsZhCG2LU4RDlPqokBxm6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: 2219fe5f-4b22-4dd3-8753-81aefb5439ba
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 16
access-control-allow-credentials: false
cf-ray: 8ca2d3cda9fc2bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 78ms
60ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd49892bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7uHxbuAmHZ5Wm33qLN1ro%2BCbeogChkRqafMa%2FokfbK6gJfRUeD1l7JDFNPH5RsihWkGHGZtcXAjFAja3uzY7NLIe0kE4oGTCJPO3LJv%2F87QHHFoEjI8oDsfBq9LdzFvq%2FQtnYTUslQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 560bb9fa-8533-4f07-b21f-9c3c31bf8a27
x-request-id: 560bb9fa-8533-4f07-b21f-9c3c31bf8a27

OPTIONS
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 52ms
35ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd498b2bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EDT2UHBu1RpP7ZGvr7zt6IElZ1T7inCgIkdZFQ79S5%2FCcDkMmdiT8mKdSpqM0TFgaMAAi3j%2Fhb1J8%2F4Z7jHz%2F4sZbViK%2BVY8xwOUhuh7BTH0d1FCCgJRJkswhg7%2BzKnd1cTjreCZ%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 00eff982-718b-43a7-8a20-dc19b74f9117
x-request-id: 00eff982-718b-43a7-8a20-dc19b74f9117

POST
H2 200 4dbceae1-75ae-423a-9c12-dee8f1ca3345 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
756 B 49ms
46ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 0e459032-d8f9-405b-b878-03fabc859189
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTRNVH8WEr8rSOI8n%2Bf6TUkiZnclcYbq1TRSHc0tvENhnyVfr3px2mWYCJShvcbKsnmoOboGxAiUFYEMr1wavLo2%2F3LRBG%2FUbePyzlQ%2BfGFbiGVh4pv%2FewAXARQVVdUScShP2ske6w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: 0e459032-d8f9-405b-b878-03fabc859189
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 17
access-control-allow-credentials: false
cf-ray: 8ca2d3cd89dc2bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
773 B 49ms
47ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 2bd1d8e0-1120-450c-97b9-a90eca81b01e
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KHdcs6G0I80ox%2FdXoYxsoA9RtBPxMhpQXFL9LTeIeg5dlJdLFTK4PEvFJfp8SCW0Ywqzs8yJsti7UxEiwSVCVkt%2FqSJFL35UOQwh74x6mZAwWoCJydBJUEtpM%2B084Yb7Bm2EBR%2BUfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: 2bd1d8e0-1120-450c-97b9-a90eca81b01e
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-vfc8w
x-envoy-upstream-service-time: 18
access-control-allow-credentials: false
cf-ray: 8ca2d3cda9fa2bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 68ms
58ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd49852bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN82VsvV97UD9Ng8LavPx3tklH7aNb9ca5w6AkkZ1mTUFx%2FIon%2FR%2FqK%2FfvPaFaBZz5750sH0NLrHnE0p0l5dq6Y%2B7xQkCFPidXtwz7XOkOIdtE7gMoxmKDlfOv%2Fnfk9qTZAcAMlFUA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 8e016c25-5651-446a-9361-baabffc0f97f
x-request-id: 8e016c25-5651-446a-9361-baabffc0f97f

POST
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
1 KB 47ms
45ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 00733799-6cc2-4e83-b05e-721cfcd5e402
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jxp0uFtpzqUGMYlhtofwENVGQjnXuJpRvy7iG9qKALr6U0%2B5HhaLsVls2mmzWChc9SKhmewoeFb4kr0rUgAGemSCUL3E2z3J8YPVV1NG8jC9qT4QY313m5AyF6E%2FuZvF%2BQqQJnJYRA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: 00733799-6cc2-4e83-b05e-721cfcd5e402
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 19
access-control-allow-credentials: false
cf-ray: 8ca2d3cda9f72bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 5a995f05-701c-48e3-b25a-d1548ba3c0b3
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 65ms
55ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd498a2bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wuu88BXar4CsavrW7OsKMeVfbWsHEMwSvb4aaapcTQ0HeIRtVb6kyRIH130Pmd09tMexZ7nliOqDYfhkHRz9c2XN3EH0XuM%2FatafvQp1YZbWvUT5Jn12gwinycfZWGhzDoHcDmXUZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: fe999c33-341d-48a4-bcb8-49266a315e39
x-request-id: fe999c33-341d-48a4-bcb8-49266a315e39

POST
H2 200 eb903dab-0ef3-43b5-bdeb-71372e6ad0f0 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
779 B 62ms
61ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: 21432423-3876-4ac4-bb49-cbc2152a54e2
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHlpFL2D73f2lKKeGSWvBKiBkgRkVU%2BZaHbbGWsgQPTrRgCl1oKlL%2FpZs5CdrrSQZ%2F%2FEkwvScF2tT5fVfnOQGQ2xpv9YVwKrWXOhZNHPfXdS0d0SYPNNIFoORF6oNDj%2BXlmgfk7q7w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: 21432423-3876-4ac4-bb49-cbc2152a54e2
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-envoy-upstream-service-time: 22
access-control-allow-credentials: false
cf-ray: 8ca2d3cd89df2bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 eb903dab-0ef3-43b5-bdeb-71372e6ad0f0
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 38ms
36ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd49842bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdu%2BJQmN%2BJPv%2F%2BS0wMtmMywq7sifjs5L20feHUpymVEIQba4Ri8qQhSQpTUfHLynKNW2GgyJQzrqQw4vyrZSPmjGYjwKvVkK4pLEYkNGafNUeV9qKh51xiw0UmkUtpBMbqCEj8eh9w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-rncps
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: b067bd3d-cd44-4095-aa73-d690c27b54bb
x-request-id: b067bd3d-cd44-4095-aa73-d690c27b54bb

POST
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
711 B 42ms
40ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: c1b9158a-0b5f-4a23-97b1-6bf068e01f17
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hv9180y6JjBhDYVkf9t7RpjTK%2BjCANviEC1IRBCFwqqByzG8RStzYl9KRqM15%2FXOFrZxTBJkU%2F0ly7qVB6ZDgvGkJyjK%2BElKCS%2FbnzgvRPXUuO6xAvCUi0w9xngXI9njIGXTMy7tqg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: c1b9158a-0b5f-4a23-97b1-6bf068e01f17
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-27knz
x-envoy-upstream-service-time: 15
access-control-allow-credentials: false
cf-ray: 8ca2d3cdba052bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 57ms
56ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd598f2bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3OkvbgijK94Defnf4BmnFVGUdsy1C0vVhtgG518xxS0PUPlVrBjSaC2uo6UVg97mo%2FXjz4p2PADSYgTqQbyAEUGsBYIgtWM0mkfT5bqocgPM2NUnaduv%2BOhrubzc83OLdXZaShqy3w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 53d5560d-e622-42cd-9d59-6e86187e6da8
x-request-id: 53d5560d-e622-42cd-9d59-6e86187e6da8

POST
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349 Show response
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 2 B
708 B 41ms
39ms Fetch
application/json 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Requested by

Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.group-ib.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 300
x-request-id: b343f8ef-5075-4b97-b8f9-170b51e5e101
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DD%2F%2Fan6OosW3APF9amvmgqo6ALWPbh2%2F9ssPXU%2FzGkUMdXRvxkQ8u9kp8thmUvyOTNREIPTfvxvf%2BR39pDpXpQeEBWLJq8Y6alsKZJXW%2Fwa7uH41SFENQPg3bnymzzIu%2BnP4coHoQw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, POST
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Sat, 28 Sep 2024 09:50:07 GMT
x-hubspot-correlation-id: b343f8ef-5075-4b97-b8f9-170b51e5e101
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-7h2rl
x-envoy-upstream-service-time: 14
access-control-allow-credentials: false
cf-ray: 8ca2d3cda9f52bf5-FRA
access-control-allow-origin: https://www.group-ib.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 55a22738-d5a5-43f9-9c1c-fa4c1a6eb349
forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/ 0
0 38ms
38ms Preflight
text/plain 172.65.193.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hubspot.com/submissions-validation/v1/validate/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.193.34 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.group-ib.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.group-ib.com
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ca2d3cd699c2bf5-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 28 Sep 2024 09:50:06 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGqOlTKCB%2BEnYePFo6GGsR0ncPz6WcecHw5ZuEF3DO%2FNHBvcQx1%2Fak2V9ZuWJNE7d%2FG%2BkHA%2B%2FD3DwzJ80FSQU90c0Ykq7p7ioHsxX3nJaY%2FZvvGzQfvBxvzIXm1QZznLVCn6XmsNaw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-57b59f5bcc-s5pt6
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 1caa1b36-d385-4d7e-be26-d001552487b2
x-request-id: 1caa1b36-d385-4d7e-be26-d001552487b2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 107ms
106ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=91eb9c59-5db2-4f52-8592-9eb59f584819&session=a15b43b2-1bd8-4dba-8855-75e57eaa88b3&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2028%20Sep%202024%2009%3A50%3A06%20GMT%22%2C%22timeSpent%22%3A%221010%22%2C%22totalTimeSpent%22%3A%221010%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20we%20look%20at%20the%20DragonForce%20ransomware%20group%2C%20which%20poses%20a%20severe%20threat%20with%20two%20variants%E2%80%94a%20LockBit%20fork%20and%20a%20customized%20Conti%20fork%20with%20advanced%20features%20and%20SystemBC%20malware.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22DragonForce%20Ransomware%20Group%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&pageViewId=b1ef64a6-006d-42c6-80e9-36eb8cf96dc9&ipv6=2a03%3A1b20%3A6%3Af011%3A%3A2e&v=1.1.28

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.group-ib.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 09:50:07 GMT
accept-ranges: bytes
content-length: 43
date: Sat, 28 Sep 2024 09:50:07 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

POST fl
www.group-ib.com/api/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.group-ib.com
URL: https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=Ap5BpmEBk1U%2FHdemal35AH2rPp3wzUh2giA8xMIicnSO8s5ycEMxeyivg2WidVHkcfACOvOAavyGMc2lpFd4CzB3WenUl3AbUS3SIvbhAkc5roT7he7iTRuKhZIPxYs%2B%2BCNOgcsWxg%2BcBovhzHMQdvDYycdrRwsgrE2T

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.group-ib.com/	1970-01-21 08:37:33	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
.group-ib.com/	1970-01-21 08:37:33	Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: MDA0dBA=Fz2+aQ==
.hsforms.net/	1970-01-20 23:51:58	Name: __cf_bm Value: u37Co7RiCCet0Ib5b4kKUtAKGwyf8U75aE3RkXQZ4as-1727517005-1.0.1.1-ctWIctSvNHTpPGP0xcK47bKoSKAQ5wTo5RwiCWieWRJtOCDha9qdV5OPjgRNDJLzq2Tfe9_Ge2iL_11Z00p7zA
.group-ib.com/	1970-01-21 08:38:59	Name: _vwo_uuid_v2 Value: D39FD65F21E5FB18B221BDC8C35393B98\|9f2d027bbb9dc784b4f5c28005c02672
.hsforms.com/	1970-01-20 23:51:58	Name: __cf_bm Value: 0gwkQwy2rYQ758fwxqaH0eopqZrC1_ultRLn7U47an8-1727517005-1.0.1.1-qkMc.xaLwhEVV7mPKPqjxEgtUd1UvsYv3dYfTxA5NJa2RdR2PrGhRC7gXKrW67olZPEymer_QTh3PPZLqu.QFQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Y3EMNcUBWVGsV9nL.1LsYytaAtsiG59xeSbr8DQ2jFs-1727517005949-0.0.1.1-604800000
.group-ib.com/	1970-01-21 02:01:33	Name: _gcl_au Value: 1.1.2008852247.1727517006
www.group-ib.com/	1970-01-21 08:37:33	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Sat+Sep+28+2024+11%3A50%3A06+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202409.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=d709b446-8387-4135-8874-7e106998a59b&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fdragonforce-ransomware%2F&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.g2crowd.com/	1970-01-20 23:51:58	Name: __cf_bm Value: zsQ.smteR0UbC1zlHBhklSZZqrLvsFb7dolwYyPpzFY-1727517006-1.0.1.1-dWQ2kFP4rEiGPIW7tblMjuJX1h26yxCqhF_Clj_Zk2N3.LpDRILLVGobtW.x8KDavt7kH96X0bgEdpU96ys5_A
.group-ib.com/	1970-01-21 02:01:33	Name: _rdt_uuid Value: 1727517006216.a6cb9baf-ed20-44b4-bdcc-033fb6d237e0
www.group-ib.com/	1970-01-21 09:27:57	Name: _gd_visitor Value: 91eb9c59-5db2-4f52-8592-9eb59f584819
www.group-ib.com/	1970-01-20 23:52:11	Name: _gd_session Value: a15b43b2-1bd8-4dba-8855-75e57eaa88b3
.linkedin.com/	1970-01-20 23:53:23	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3359:u=1:x=1:i=1727517006:t=1727603406:v=2:sig=AQEJQr201EQsdZE9iHXST5pxGUaYb8BA"
.group-ib.com/	1970-01-21 09:27:57	Name: _ga_QMES53K3Y2 Value: GS1.1.1727517006.1.0.1727517006.60.0.0
.group-ib.com/	1970-01-21 09:27:57	Name: _ga Value: GA1.1.494893904.1727517006
.ws.zoominfo.com/	1970-01-21 08:37:33	Name: visitorId Value: ec59ac41b522dbd28ec0c710d375ebb37c06190d67cfcaf245bd6549cd0106fa
.zoominfo.com/	1970-01-20 23:51:58	Name: __cf_bm Value: uVHdugryUHiWbUB_R8WdlNaidoHX2nBMA9T3732ipQk-1727517006-1.0.1.1-e..7ALex9RR9ACssCePbAnGcsWU29q.5eNG3GqCr6wuKyI1IJgl5mlKWBYFdq8D94MaY__Uue_harUa2ErTlrw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: LmFGa23pn3z5xbhxJ77vIqvneUQRroakxG4F80u6jAU-1727517006379-0.0.1.1-604800000
.group-ib.com/	1970-01-20 23:53:23	Name: _uetsid Value: 0aa018a07d7f11efa00e4d2fcfeea374
.group-ib.com/	1970-01-21 09:13:33	Name: _uetvid Value: 0aa024707d7f11ef91d4b5d93c35509d
.group-ib.com/	1970-01-21 02:01:33	Name: _fbp Value: fb.1.1727517006446.689979146864577868
.bing.com/	1970-01-21 09:13:33	Name: MUID Value: 36038B330C9163E507259E3B0D9162B7
.linkedin.com/	1970-01-21 08:37:33	Name: bcookie Value: "v=2&219e8513-49bd-436b-8dbf-2b8a074f852e"
.linkedin.com/	1970-01-21 04:11:09	Name: li_gc Value: MTswOzE3Mjc1MTcwMDY7MjswMjHxsU/Cq7A5BxPbpLM8tjUUpvj+bIvtbIIk/7Ozg7Rt4w==
www.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: F2S0fm7G3MVsnnszgXflA53O3//2ZmDLzXiyRDKG7M1+P0AZ/XaJahhobFVDH/9uPX2HvZQM1qtHEujh4aLcUE3850Rx5biP8L+KFrYicHpEk4omuVUU4oGUShtAuSPCXhwmJVc8sJ9bJZfIKBKprXY6lKiHfETNpI9rSWUFJieelbSQ124r+9clPT6i/lXJgorbPDLf3bDupkge5ol/hddwVHhPGufb6JF+XBQwznfm0XcULniaMa8HUMD51Q6C1iX9phwGZnIfAz1Qsw==
www.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Ap5BpmEBk1U/Hdemal35AH2rPp3wzUh2giA8xMIicnSO8s5ycEMxeyivg2WidVHkcfACOvOAavyGMc2lpFd4CzB3WenUl3AbUS3SIvbhAkc5roT7he7iTRuKhZIPxYs++CNOgcsWxg+cBovhzHMQdvDYycdrRwsgrE2T
.www.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Ap5BpmEBk1U/Hdemal35AH2rPp3wzUh2giA8xMIicnSO8s5ycEMxeyivg2WidVHkcfACOvOAavyGMc2lpFd4CzB3WenUl3AbUS3SIvbhAkc5roT7he7iTRuKhZIPxYs++CNOgcsWxg+cBovhzHMQdvDYycdrRwsgrE2T
.group-ib.com/	1970-01-21 08:37:33	Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: Ap5BpmEBk1U/Hdemal35AH2rPp3wzUh2giA8xMIicnSO8s5ycEMxeyivg2WidVHkcfACOvOAavyGMc2lpFd4CzB3WenUl3AbUS3SIvbhAkc5roT7he7iTRuKhZIPxYs++CNOgcsWxg+cBovhzHMQdvDYycdrRwsgrE2T
.www.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: F2S0fm7G3MVsnnszgXflA53O3//2ZmDLzXiyRDKG7M1+P0AZ/XaJahhobFVDH/9uPX2HvZQM1qtHEujh4aLcUE3850Rx5biP8L+KFrYicHpEk4omuVUU4oGUShtAuSPCXhwmJVc8sJ9bJZfIKBKprXY6lKiHfETNpI9rSWUFJieelbSQ124r+9clPT6i/lXJgorbPDLf3bDupkge5ol/hddwVHhPGufb6JF+XBQwznfm0XcULniaMa8HUMD51Q6C1iX9phwGZnIfAz1Qsw==
.group-ib.com/	1970-01-21 08:37:33	Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: F2S0fm7G3MVsnnszgXflA53O3//2ZmDLzXiyRDKG7M1+P0AZ/XaJahhobFVDH/9uPX2HvZQM1qtHEujh4aLcUE3850Rx5biP8L+KFrYicHpEk4omuVUU4oGUShtAuSPCXhwmJVc8sJ9bJZfIKBKprXY6lKiHfETNpI9rSWUFJieelbSQ124r+9clPT6i/lXJgorbPDLf3bDupkge5ol/hddwVHhPGufb6JF+XBQwznfm0XcULniaMa8HUMD51Q6C1iX9phwGZnIfAz1Qsw==
.group-ib.com/	1970-01-21 04:11:09	Name: __hstc Value: 84897990.15766aeed92f477c75e3c3f2cccc9a86.1727517006688.1727517006688.1727517006688.1
.group-ib.com/	1970-01-21 04:11:09	Name: hubspotutk Value: 15766aeed92f477c75e3c3f2cccc9a86
.group-ib.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.group-ib.com/	1970-01-20 23:51:58	Name: __hssc Value: 84897990.1.1727517006688
.hubspot.com/	1970-01-20 23:51:58	Name: __cf_bm Value: Baok8swSwfbRhaEUEfkgv_RRdzBkV2DTV2LVihoxqlU-1727517006-1.0.1.1-IlOxaZhBW13cvSciD3AgpJ7eXRtf5VKQBiyruHAUMlBkZG6LBbAOWlI2UUqjc0_kldo50yrnmroiABgiHqd8pg
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: FxUK8F11Ojofz_yDthy_XWmXDpdZ.6EwOkBaJVYNNUo-1727517006850-0.0.1.1-604800000
.www.group-ib.com/	1970-01-21 08:37:33	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: yG2Zd25ec7c83eec73cb5aaa90f252c907bd686e
.group-ib.com/	1970-01-21 08:37:33	Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Value: yG2Zd25ec7c83eec73cb5aaa90f252c907bd686e

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.group-ib.com/blog/dragonforce-ransomware/ Message: Failed to load resource: the server responded with a status of 403 ()
rendering	warning	URL: https://www.group-ib.com/blog/dragonforce-ransomware/ Message: [.WebGL-0x1dc01222300]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
network	error	URL: https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
api-eu1.hubapi.com
api.neverbounce.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn-au.onetrust.com
cdn.neverbounce.com
connect.facebook.net
cta-eu1.hubspot.com
dev.visualwebsiteoptimizer.com
fhp-de-js.group-ib.com
forms-eu1.hsforms.com
forms-eu1.hubspot.com
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hsforms.net
js-eu1.hubspot.com
perf-eu1.hsforms.com
pixel-config.reddit.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
stats.g.doubleclick.net
track-eu1.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google.de
www.googletagmanager.com
www.group-ib.com
www.redditstatic.com
www.group-ib.com
104.16.117.43
13.107.42.14
136.243.23.169
142.250.181.232
142.250.186.99
151.101.1.140
151.101.129.140
157.240.253.1
172.65.193.34
172.65.198.159
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.236.181
172.65.238.60
172.65.240.166
172.65.255.172
18.245.46.48
2.17.100.210
2001:4860:4802:32::36
2606:4700:4400::ac40:9b77
2606:4700::6812:1fb0
2620:1ec:21::14
2620:1ec:33:1::10
2a00:1450:4001:831::2008
2a00:1450:400c:c04::9a
2a02:26f0:ab00::214:8e70
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:600::396
2a06:98c1:3200::90:2
3.72.181.255
34.203.99.62
34.96.102.137
02159c73928d043a24cafdcea0e794edd72b83c36731c7339936edfa38aed339
04452c63f7ce00819a3e4bf65d13817040260b07ed35704e4a55b6cb631cba75
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
079dc50032bcdf9591a24e84a20fb2a153ddfeac7d03319bdc51a773b4f6bdbc
09db0fe5456fc4d29ab545243f6d9904eee2adc91cc78c426d8c756644bbf5d6
0b95bf81dce97078a3c3b1194fdb9e5dee971a6e18dc487702dabb41bdbd49b1
0d585aebb9cb31821fbcc6b030e0d882b5639e17bb403f8eb5ce7b3b19f4a1c9
100a79b22a580f1698a9950e8c18aefa79de0fd88e81a0a145e90fc4e8a59a2c
1436939ed29c528098b948903ff835b1f1066a45afc277c43053a25964d1761c
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9
1593b1f5bf86a2bec3f93142409030a64591d1b6415faaedd0c251dd924d0288
16ef9d7fffa0550d6b807e6b82b5ae76163c4e987cc9366819c46a12e0878b89
1912b691f446ed5b1da215a578b0658ffa03526efb75eb2ea28bcf0e7bfd4f92
1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb
1be7918da1e16eb032883c8c711b29a2a339584b51bfcae897e36e6f1b568f63
1c42cc3e161604efbbc20532ddccb1cec17e851d976aed4cdb5e34ccc231743f
1c612435907b5a4f2ba43308921684f36ba0d3ec2eebea40710b8f7550077599
215c13199ec3ef950bd100031e13ae6efe6ad72c8b91c98fbdfed812fe2f4432
2239eba96d6e650dd08cefc59a1c11d2bae3042bcef594e49ec7ddd6cbcf3d63
276c9585f4fbfa24a7e59ae054280eab5da26f01118130ad16237a877903ffed
27c04cd78f087a504697af9601c1163b685f6c567e75dace0c2908635e8a7038
28834d5848fb9f5289a56f70f6563d4bce4259ca4edb43e60655f966b8ded258
2943fd9aa8881ee3a8613d2c208283a69b2999766e9de63d3f003671bb8511a2
2952e22cc927982fa938a6fb0d5cd78316bb9b8e78872b27294a30addbfdc525
2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0
2c40cb4807931447e5eb747f8a377d6cbb1411eb77fe8270f27b70f231979afc
2db6d299a35f40008418236bfb5cc780d09f701b49a6c09a1fe9a747d26a2bed
2e4d9bb39337412c1accc684411c0a2d9835a65f00a5f978294ad9708a1e3648
2ed79f3d0a6ebbce64fa216d0fe866e361645f06c1ba05bd23ecae160813caad
2f54cd32df1ecb5aac59038dcb70c3f83dfc2888fcb111687092df9e98c2fbeb
30c5354141381a351f9d81e5d831e6277c2827a28b0e1b958c9694eb5d704238
31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a
3486679ae8d23d1e20c0e82651c82f555901ddc7972cd91fc3d7db3a36d32277
3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880
3a600a8b86e938acf4c39f392719678cbeee228d2ee698fbf3f310e99db4347a
3b28205308dc10d856d156ada1cf8cebce2863d31ef1967653ce50927a4f3d1a
3b63b449bde0f2c40eb23801ac24bd82666bd3a766c77b953ff75e6f3e257460
3d45fdf57e5fd666b1ff640d125a0f6e7a8edfac5055af0885b29ff442d85007
3e83a4d1119cafd3eb971fb88e5a225f88720beb614cc2ea9bdc6c8a6ba26b17
41af6ca7def064fa2ce4a86622e9fb7579f898469a4391d1960ffc6123b97a2c
42f8ae7816a449a44dd99e7865a42fe4463f764f799a3e61359df235c1782d65
43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013
45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4c1d8a42eb027a778323b8948b43bf5c0a601c657bebe638de1c7c464512cbc3
4d4a484a100e469b6e3dcf880a37755086e246cc291bab46e3edd4529e3d5d6a
4d69b5aed9d96213ce06eabd9950773f25ae231f1b2d4342dd4be518ac1092f6
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50f4aaaa34cd420a1c2adafc2635638f788d452117fdd30fdde1890a1a3aca5d
518a92131be0b0201d0b5a7e1d89623eaa7682b28ce10f206d374db8d00e9bdc
51d22893d9111df66e62db4409660225eddb997b9084b57b8670e27f24443bb3
53d389faf997ad6f58e74a17f4cd29b8455f0c97ddb3a93bb3aea262d273c56a
574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced
5782ae81826e28a0a467926074e8c75837f1b84436bef5520da5550e299a0f22
589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8
5a961ed4a1958945c2340352071f6c00c848dc9c125fcf045efc40fab4062117
5c17d765fc13ecfd2c661fa8378db855b59fceb2961ad34ed145e73961baf167
5c7deb6b8db45580119b8192f45da9486bf6fd1694660e413ee57932305b5e55
5dfc77fb27b603a2c7dc05f4f4e822ff2275b5c71c5d273c5512316b1750dde3
5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
608bad5c93568f7782894703e8b9bdb98941daaaa948509d9d27fe1f564ad55a
63417edd3256348c3bfd1d97b8108c063b49a043273d4471ed3502f2d19e0b71
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
6a2b455a20536682c2edca15dc93e6c90fea86dd43afc281eccace6b352335a1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018
6cb3c6cb78253a7cfafea392e581f5f2ce0ee177c24e53ea31e68f7aee569238
6d184937cb65c19969f8a28fa48ea9c2d5f2bd2dbc15601fec702b14a890e0c8
70176ace76e79121f930335748d60f4961bb7ff798138ed18641289cce7bea82
70a7cc36e6a8eeabba3829e89ac43f47b20776342bb7b6b0ba68bd154576362b
71bdc449af5d61d21f5f6daab3f9b56189822beec3e5448e415f0ec7ee24e799
73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4
7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6
75b39c10a12949c7dd65e16a66255956c3eba254b49d1ad51538779ad74eb163
7a20d4a5bb28e87a72d359da0ee16fa6c75b3726f03494c69f1c03dcbcd96bf2
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7c380423028a4b3142bdbd89f4c0e6d494a06f6769e05e08650a18ee1a4f27a1
7d98c4ca6b4e1892a8ffd1a607c3572a40bba081085aa0d91c7bf2f897cfb94b
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
80207bee81bd88f19652f2cca8df011c4e17008ce783d02d0af1f936816fd8a9
81a50b09cb85e4ff68788f763b8dcdc549414cecf42ca228a55ab77c971f1286
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ad6c734a5f5c3ef3af547883c69c0cc33a85dda24b4b3c86d6a585a5f8fe68
83b41e48edf6ba0e7f1e20951122830f5dd7fb74cb8206f611a2bfc8deae32fb
8530c3e4aab57792d2de601bf80edaf0f9280f5afa15e12b2ed2f26a34949b70
89d0b80f15229e98318d4704cf5c81bae1ba4a0b90bd73378ea8ca1a21ca4288
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0
913e593be448b025053b34a1e2ee9354cc3f94257790a0ec84dae4b59cb2ff58
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
936e5030c302893c0f74af6f60c91d63b067c21c1a4b7d34619a1174cb5aa82f
942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72
9668d6d9155b3caac05d4cc54c31b6e9ca0c762859172bfe0725460a6f01ca36
9808516d4a0f431afaf27866437518e89a721feef756cc0b17177c41198a6983
987f4042b286e1268acc17f999801c4be1e375d878697059bb4444cdbc0559a8
9895985e4fb0de1e39dca698498039d1c947f9930e602a97f1ce158635fc09a7
997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab
99c55d3786782a49155bcf562182de9cb77a6c8197d824774f6c08fffa86f6cd
9e42c23990614da64388cadca9ef91eba5206043593c40912f18ee55b3af35d4
a0da28e8bd00bbe274035dfe6c59a30984ddc71202c69842f84f0b4d04689674
a1890f6f56fb39fc1763ec4a0531fdd18e42d48d3f28cdce128e7905902e662e
a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a8a40caba915702cafb7883ed43843037d764bbb3de17d33ce4f857eefa83aed
a8f14886acaa595928d480b75781a68feb94ffb5ad7e3cecbd1817e6914e564b
a8f7546b7ca2530ad7a185aa8ffc9a838fbad735afe69acdfcbc4b18d5f18dc3
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab89ce5085f7176183ab9b4787cd956f1fb7c27ef7fd9038fa331bb04bb66a41
ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc
af5bddb24166ffcd3da8e70f00190acf77ae492bc17ae4ae8c057443184806c5
b218a7e882fb14932e01be45c8a1aee96f6dc377000f3135cac078fdac2d6637
b36ece0a9b0dd3420befc70c4b96821f8a139177b78e1bac2670a9fc139857b0
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe
b70b5a246856b4e8244f70c1fa5d264100b7f7e94d3b2253e0b5a6169f26c083
bf76f17a774da58d4f67bf49cbf77f1bce6aee5d1631124bf532b5662c8cb335
bfd70a7cee66b7629fd4556e4aae710d4aecea535bef05f3c7d1aacb2fbbbb91
c1680c0b77929ced1396f83ffb432c14f82ce06d37f9c6912cae8e568fe43328
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c239fbd2387ceff073b22f05559eb6a3a9425ccde003eccb22a998429465302f
c3ab0cc61266897fa76332f097a74f52e2c3f9466804dfe2db65721433316118
c54b46a6d8501defea137078e46cd33f6909f82f13ea7d6a932e82c92692a293
c68c7de30de112566d9a2ad9c9ce06fe8d2f93a248cdad15cd11c3e645b82e75
c847523ccb8e26d5b62754a59699b1100174dbed6ff674cd0b598d962a5aa2c9
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
c9b877bf594a1febfdc224f3e0aaf8c6db32315529a7569d185496225aea3ade
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a
cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb
cdfabceb7ae1940f42d871a2ee6a2f092de52f73db37b1bc5b01a87379106401
d06188c468fc5214bdbb7d4fcb4652f41c4af966096d2ebd6c46559967654fb0
d08917ee9a7352d19e36c6302d54b0f0f0ed9964922b5ce70ed515d7bd063f3d
d505ecf731cb1f1b2d550f08b41a13df96a12cf07fe66f49768999f411feb658
d6aa253f20f74c705be27f19621a4ea75d3b1d949394f08f6fe4be3676172a2d
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dea3a1ac67802edfef8af9575158682efa15eae5f544adca975b39ed1d3ddf98
dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708
dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c
e0a3d94eaa3740ab0e1cb06c7354ff476ee6b9f2d67b758e13dfd7064e8a090e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50b9bcce7b923f8719844c7f2278c24a7e0ec00d3ebaae363406d399da39565
e78292bc34f97a2c14241e5e885868fec24d3f010972e2112d329e0fe82fde5c
e78b1bd1973a13096c199cc127f58ee4d668fa4941fab67f13192f09e5e0c4ed
e8025ce08dc7d64baaf0aa3ed8492e292f590e5a5a5a90456ed4b0f8c4986f09
e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632
eb5af5d1c611fbdd45ea3dc270086670dac3313626762f825b7aa474802c1db1
eb7bf6bbacaae386ac920d2969be3d206bc0db02221ea3aaa39cd2f4b0f98f9b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba
f0781f48dfaca7f1c8d2171889c0d4ab058083eb4e9c3bd59f7e3620b1ab731c
f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f
f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28
f5546ee46a0b362477196972ee397b7c8d752ab9e0636d49c356fbc756e6dba5
f56131229b9b559fb478e5149172a35a2a69be698645076d60567389a203da61
f7db205ec53d93b89166d00a5d9c7b0eff354e2cfcaba0fd462a69c4b8ced4a8
f8c0dd73d379c838df8a66bdb5c873dfcdda4ebae423b2856f5c6dc705be7196
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fa3bea6fcd0c5b9bb2fcea29f7892c5c931c020684a8f4c84fba328838279582
fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43
fbfbd51bada8d11a20dfa3b6318b6d2ddb904ef69bfebb79e38b7a767b371f42
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.group-ib.com Open in urlscan Pro 3.72.181.255 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

216 Requests

99 %HTTPS

32 %IPv6

25 Domains

37 Subdomains

35 IPs

4 Countries

3442 kBTransfer

7227 kBSize

38 Cookies

19 Outgoing links

Page URL History

Redirected requests

216 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.group-ib.com Open in urlscan Pro
3.72.181.255 Public Scan

Screenshot
Live screenshot

Full Image

216
Requests

99 %
HTTPS

32 %
IPv6

25
Domains

37
Subdomains

35
IPs

4
Countries

3442 kB
Transfer

7227 kB
Size

38
Cookies

216 HTTP transactions
5 data transactions