urlscan.io logo urlscan.io
SecurityTrails logo

www.group-ib.com Open in urlscan Pro
178.248.235.63  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.group-ib.com/blog/IcedID
Submission: On March 12 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 14 domains to perform 42 HTTP transactions. The main IP is 178.248.235.63, located in Russian Federation and belongs to QRATOR, RU. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 28th 2020. Valid for: 9 months.
This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

9    178.248.235.63 (Russian Federation)

ASN197068 (QRATOR, RU)
www.group-ib.com
1    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:2100:188::25ea (Munich, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
4    2a03:2880:f02d:12:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
6    104.16.96.80 (United States)

ASN13335 (CLOUDFLARENET, US)
app-lon09.marketo.com
3    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    88.221.60.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    2620:119:50e1:101::6cae:b25 (United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    2a00:1450:400c:c01::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
6    2a03:2880:f12d:83:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    185.17.9.182 (Moscow, Russian Federation)

ASN49505 (SELECTEL, RU)
ru.id.group-ib.com
3    178.132.201.236 (Russian Federation)

ASN49505 (SELECTEL, RU)
sbbe.group-ib.ru
Domain Requested by
9 www.group-ib.com www.group-ib.com
www.googletagmanager.com
6 www.facebook.com www.group-ib.com
6 app-lon09.marketo.com www.group-ib.com
app-lon09.marketo.com
4 connect.facebook.net www.group-ib.com
connect.facebook.net
3 sbbe.group-ib.ru www.group-ib.com
3 mc.yandex.ru 1 redirects www.group-ib.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.group-ib.com
2 px.ads.linkedin.com 1 redirects www.group-ib.com
2 munchkin.marketo.net www.group-ib.com
munchkin.marketo.net
1 ru.id.group-ib.com www.group-ib.com
1 www.google.de www.group-ib.com
1 www.google.com www.group-ib.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.group-ib.com
1 www.googletagmanager.com www.group-ib.com
42 16

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
Subject Issuer Validity Valid
group-ib.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-28 -
2021-06-17		 9 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-02-10 -
2021-05-10		 3 months crt.sh
app-lon09.marketo.com
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2020-03-14 -
2021-04-13		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-01-06 -
2021-07-05		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
www.google.com
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
www.google.de
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-02-27 -
2021-08-09		 5 months crt.sh
*.id.group-ib.com
Thawte RSA CA 2018		 2020-04-17 -
2021-04-17		 a year crt.sh
*.group-ib.ru
Sectigo RSA Domain Validation Secure Server CA		 2020-09-20 -
2021-05-04		 7 months crt.sh

This page contains 5 frames:

Primary Page: https://www.group-ib.com/blog/IcedID
Frame ID: 2E825ACA434C1D84BF90E0EADDDA878C
Requests: 44 HTTP requests in this frame

Frame: https://ru.id.group-ib.com/id.html
Frame ID: 9780A6EB22A9CC47E3A1D2D32FAB56FA
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BCF4C507C640352044ED48A0FF9592A2
Requests: 1 HTTP requests in this frame

Frame: https://app-lon09.marketo.com/index.php/form/XDFrame
Frame ID: F498B6BCEF696CCFC82D5181336228C7
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DDE2EBA64612322F35E679C2B0F299B4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

42
Requests

100 %
HTTPS

69 %
IPv6

14
Domains

16
Subdomains

16
IPs

4
Countries

1586 kB
Transfer

4395 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D71960%252C3294713%26time%3D1615569039180%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252FIcedID%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&liSync=true
Request Chain 29
  • https://mc.yandex.ru/watch/25634039?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A86138909798%3Ahid%3A860386926%3Az%3A60%3Ai%3A202103121801039%3Aet%3A1615569039%3Ac%3A1%3Arn%3A178372213%3Au%3A1615569039491587273%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615569038533%3Ads%3A13%2C38%2C99%2C1%2C0%2C0%2C%2C383%2C0%2C%2C%2C%2C538%3Adsn%3A13%2C38%2C100%2C1%2C0%2C0%2C%2C385%2C0%2C%2C%2C%2C538%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615569039%3At%3ACybersecurity%20products%20and%20services%20provider%20company%20-%20Group-IB HTTP 302
  • https://mc.yandex.ru/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A86138909798%3Ahid%3A860386926%3Az%3A60%3Ai%3A202103121801039%3Aet%3A1615569039%3Ac%3A1%3Arn%3A178372213%3Au%3A1615569039491587273%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615569038533%3Ads%3A13%2C38%2C99%2C1%2C0%2C0%2C%2C383%2C0%2C%2C%2C%2C538%3Adsn%3A13%2C38%2C100%2C1%2C0%2C0%2C%2C385%2C0%2C%2C%2C%2C538%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615569039%3At%3ACybersecurity%20products%20and%20services%20provider%20company%20-%20Group-IB

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request IcedID
www.group-ib.com/blog/ 		24 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
3186146349e236c5a19a2ace6ee18b6d8142a3be58907e314449c73b5c0fb855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Host
www.group-ib.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
QRATOR
Date
Fri, 12 Mar 2021 17:10:38 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Content-Encoding
gzip
Strict-Transport-Security
max-age=15724800; includeSubDomains
types-new-8bded7c8.css
www.group-ib.com/stylesheets/ 		396 KB
306 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/stylesheets/types-new-8bded7c8.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
4e83bbbf7fd8158894a47483dee9b3ec396710121cc5cedd9469759377b07c46
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 21:44:30 GMT
Server
QRATOR
Etag
W/"5f3afa3e-62e38"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/css
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:38 GMT
all-2b70d0c3.css
www.group-ib.com/stylesheets/ 		1 MB
228 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/stylesheets/all-2b70d0c3.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
7e062e6b4aac466769d4a33a25bfa320db1df0a39e573eb03874b04efb67dfbf
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:38 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Mar 2021 12:37:54 GMT
Server
QRATOR
Etag
W/"6048bda2-13b5a7"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/css
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:38 GMT
jquery-96f076a3.js
www.group-ib.com/javascripts/ 		85 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/jquery-96f076a3.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 21:45:03 GMT
Server
QRATOR
Etag
W/"5f3afa5f-1550b"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:38 GMT
all-a726438f.js
www.group-ib.com/javascripts/ 		199 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/all-a726438f.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
80e46bcfd8205b4c8dfd699371cc53820a10925bc8f4648ae8c3b529f95816d1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:38 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Mar 2021 10:28:04 GMT
Server
QRATOR
Etag
W/"604b4234-31d37"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:38 GMT
gtm.js
www.googletagmanager.com/ 		155 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
572849fb1ef892ee1e002693d2c27cd4289dd9d72d8ba27453dd096da6f705e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:38 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52497
x-xss-protection
0
last-modified
Fri, 12 Mar 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 12 Mar 2021 17:10:38 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2100:188::25ea Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jan 2021 22:14:03 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=29146
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1855
sdk.js
www.group-ib.com/javascripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/sdk.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
e58243478cdfbbb06252ec7211c4862a8a19f6346aae1022c8a089dfd41a0794
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Mar 2021 22:10:01 GMT
Server
QRATOR
Etag
W/"604a9539-c98"
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=604800
Connection
keep-alive
Keep-Alive
timeout=15
Content-Length
1799
Expires
Fri, 19 Mar 2021 17:10:39 GMT
icons.svg
www.group-ib.com/images/ 		414 KB
152 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/images/icons.svg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
94240c250957a568fa7a4d626c99eead10f9d456bfa7536af1e25ef3c3b27b2e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Mar 2021 10:24:20 GMT
Server
QRATOR
Etag
W/"604b4154-6773b"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
image/svg+xml
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:39 GMT
truncated
/ 		121 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
163cfcbd5a50639aa755d8eabd17f5d736f0d8d5a51989bd0540a05012427c9d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc

Request headers

Origin
https://www.group-ib.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547

Request headers

Origin
https://www.group-ib.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		138 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
873b0f296cc53130ff0148c0c8049a5d59903ee62da607a1bd5308b678ae0d8e

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
sdk.js
connect.facebook.net/ru_RU/ 		197 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/ru_RU/sdk.js?hash=118d9dcb5e21ba0d88956e18eb06fc69&ua=modern_es6
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-a726438f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b5fb7ea744080b2049dd7fb958a41208b10f548326f7efb37dd0afa8d79553df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.group-ib.com
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
yNQ+kg4nRMMg5I7OTY3X1g==
cross-origin-resource-policy
cross-origin
expires
Fri, 11 Mar 2022 03:04:42 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
60583
x-fb-rlafr
0
x-fb-debug
aD0GikAMkYbIce3qdKYXcpdVpWsC6fe7kNopwCFo2d+y/rPWklRCC/7fKopmEoBP/8ILhncLwDnmESSahf0nAw==
x-fb-trip-id
917726464
x-fb-content-md5
3877dc1645b68e9bc409f0955b0217dd
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 12 Mar 2021 17:10:39 GMT
x-frame-options
DENY
report-to
{"group":"coop_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
origin-trial
AqUfQvNe9Mod+kZ3Qx78GGg2ul4TtHv3l126BaOQCbywgYxRUP0y9rs8/el96V62SmT7ue9StD9aXvYmT3UAAQcAAAB5eyJvcmlnaW4iOiJodHRwczovL2ZhY2Vib29rLmNvbTo0NDMiLCJmZWF0dXJlIjoiQ3Jvc3NPcmlnaW5PcGVuZXJQb2xpY3lSZXBvcnRpbmciLCJleHBpcnkiOjE2MTM0MTE1NzMsImlzU3ViZG9tYWluIjp0cnVlfQ==
etag
"5a3ec1cb0fd793a4a265b5dd8ee54f22"
timing-allow-origin
*
priority
u=3,i
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
access-control-expose-headers
X-FB-Content-MD5
forms2.min.js
app-lon09.marketo.com/js/forms2/js/ 		204 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-a726438f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
1390
strict-transport-security
max-age=63113904
cf-request-id
08c90447380000d905ba345000000001
last-modified
Wed, 13 Jan 2021 23:50:53 GMT
server
cloudflare
etag
"be10c8-33187-5b8d0cf43cf52"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
62eea31ebae5d905-AMS
expires
Fri, 12 Mar 2021 21:10:39 GMT
analytics.js
www.google-analytics.com/ 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
4084
date
Fri, 12 Mar 2021 16:02:35 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Fri, 12 Mar 2021 18:02:35 GMT
watch.js
www.group-ib.com/javascripts/ 		123 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/watch.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
a83a4b91b9d7e6f311543068b7c65291d001cd2fb17f19ab8e5a0adb1a0d01e1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Mar 2021 18:36:29 GMT
Server
QRATOR
Etag
W/"6047c02d-1eb52"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:39 GMT
fbevents.js
connect.facebook.net/en_US/ 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23762
x-fb-rlafr
0
pragma
public
x-fb-debug
tzCZ6mqGjckjfiUNg9VtEYprYXRGXflb/jXCvFaDGz6DzUet+S/HepuvAFzfJSDGY7fzAC/F7LQvxEtI9uBNDQ==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 12 Mar 2021 17:10:39 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coop_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
origin-trial
AqUfQvNe9Mod+kZ3Qx78GGg2ul4TtHv3l126BaOQCbywgYxRUP0y9rs8/el96V62SmT7ue9StD9aXvYmT3UAAQcAAAB5eyJvcmlnaW4iOiJodHRwczovL2ZhY2Vib29rLmNvbTo0NDMiLCJmZWF0dXJlIjoiQ3Jvc3NPcmlnaW5PcGVuZXJQb2xpY3lSZXBvcnRpbmciLCJleHBpcnkiOjE2MTM0MTE1NzMsImlzU3ViZG9tYWluIjp0cnVlfQ==
priority
u=3,i
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-60-75.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
main_26755_76942213_449_1578.js
www.group-ib.com/ 		234 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/main_26755_76942213_449_1578.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.235.63 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
ca0e3beb032aacff54341082165a5d660ce9a87ffe5a97c731ab624783289842
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.group-ib.com/blog/IcedID
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Mon, 02 Nov 2020 15:24:35 GMT
Server
QRATOR
Etag
W/"5fa024b3-3a86b"
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800
Strict-Transport-Security
max-age=15724800; includeSubDomains
Keep-Alive
timeout=15
Expires
Fri, 19 Mar 2021 17:10:39 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D71960%252C3294713%26time%3D1615569039180%26url%3Dhttps%253A%252F%252Fwww.group-ib...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&liSync=true
0
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&liSync=true
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e1:101::6cae:b25 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-esv5
content-type
application/javascript
content-length
0
x-li-uuid
O/RCh3unaxbwW1eXWisAAA==

Redirect headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
content-length
0
x-li-uuid
AnSVenunaxYAbKBofisAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: A994C2613F0749BB89BF243BCB54648C Ref B: FRAEDGE1118 Ref C: 2021-03-12T17:10:40Z
date
Fri, 12 Mar 2021 17:10:39 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=71960%2C3294713&time=1615569039180&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&liSync=true
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-25492706-2&cid=912034154.1615569039&jid=1796267816&gjid=2058850768&_gid=212147380.1615569039&_u=YGBAgAADQAAAAE~&z=575855208
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c01::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 12 Mar 2021 17:10:39 GMT
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/ 		84 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-W6XV92M&t=gtm3&cid=912034154.1615569039
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
121d9e2466af5a33395c8812a28cc8faf86a4924a4939b5cf1936d6072def119
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33973
x-xss-protection
0
last-modified
Fri, 12 Mar 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 12 Mar 2021 17:10:39 GMT
collect
www.google-analytics.com/ 		35 B
384 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j88&a=2034202759&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&ul=en-us&de=UTF-8&dt=Cybersecurity%20products%20and%20services%20provider%20company%20-%20Group-IB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAADQ~&jid=1796267816&gjid=2058850768&cid=912034154.1615569039&tid=UA-25492706-2&_gid=212147380.1615569039&gtm=2wg330PW7265&cg1=COM%3A%20Blog%20and%20Media&cd1=912034154.1615569039&z=2057332435
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Mar 2021 21:42:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
70096
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
2069478869985463
connect.facebook.net/signals/config/ 		241 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2069478869985463?v=2.9.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
690b6f8fdbc0fd59f0af6a06c65c6ef3f706b7015ff5e75ab4204346894a7c69
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
public
x-fb-debug
f0gJUKuBx+xI3zE+95xjm9zN5yauivnebMhAfSFLrprYhlu6KQ7VSMfh550k/FO5DfHhk0zxKmslNf4HCuYgKw==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 12 Mar 2021 17:10:39 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coop_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
origin-trial
AqUfQvNe9Mod+kZ3Qx78GGg2ul4TtHv3l126BaOQCbywgYxRUP0y9rs8/el96V62SmT7ue9StD9aXvYmT3UAAQcAAAB5eyJvcmlnaW4iOiJodHRwczovL2ZhY2Vib29rLmNvbTo0NDMiLCJmZWF0dXJlIjoiQ3Jvc3NPcmlnaW5PcGVuZXJQb2xpY3lSZXBvcnRpbmciLCJleHBpcnkiOjE2MTM0MTE1NzMsImlzU3ViZG9tYWluIjp0cnVlfQ==
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-25492706-2&cid=912034154.1615569039&jid=1796267816&_u=YGBAgAADQAAAAE~&z=391818399
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Mar 2021 17:10:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-25492706-2&cid=912034154.1615569039&jid=1796267816&_u=YGBAgAADQAAAAE~&z=391818399
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Mar 2021 17:10:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
mc.yandex.ru/watch/25634039/
Redirect Chain
  • https://mc.yandex.ru/watch/25634039?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3Au...
  • https://mc.yandex.ru/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3...
167 B
249 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A86138909798%3Ahid%3A860386926%3Az%3A60%3Ai%3A202103121801039%3Aet%3A1615569039%3Ac%3A1%3Arn%3A178372213%3Au%3A1615569039491587273%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615569038533%3Ads%3A13%2C38%2C99%2C1%2C0%2C0%2C%2C383%2C0%2C%2C%2C%2C538%3Adsn%3A13%2C38%2C100%2C1%2C0%2C0%2C%2C385%2C0%2C%2C%2C%2C538%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615569039%3At%3ACybersecurity%20products%20and%20services%20provider%20company%20-%20Group-IB
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
f10af0f9f1114d7b234cb396a16bd880d455d967020940f4d5aa9175c2b08bf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 12 Mar 2021 17:10:39 GMT
x-content-type-options
nosniff
last-modified
Fri, 12-Mar-2021 17:10:39 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
167
x-xss-protection
1; mode=block
expires
Fri, 12-Mar-2021 17:10:39 GMT

Redirect headers

pragma
no-cache
date
Fri, 12 Mar 2021 17:10:39 GMT
last-modified
Fri, 12-Mar-2021 17:10:39 GMT
location
/watch/25634039/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezuq74honwal%3Afp%3A543%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A451%3Acn%3A1%3Adp%3A0%3Als%3A86138909798%3Ahid%3A860386926%3Az%3A60%3Ai%3A202103121801039%3Aet%3A1615569039%3Ac%3A1%3Arn%3A178372213%3Au%3A1615569039491587273%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615569038533%3Ads%3A13%2C38%2C99%2C1%2C0%2C0%2C%2C383%2C0%2C%2C%2C%2C538%3Adsn%3A13%2C38%2C100%2C1%2C0%2C0%2C%2C385%2C0%2C%2C%2C%2C538%3Arqnl%3A1%3Ati%3A2%3Ast%3A1615569039%3At%3ACybersecurity%20products%20and%20services%20provider%20company%20-%20Group-IB
strict-transport-security
max-age=31536000
access-control-allow-origin
https://www.group-ib.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 12-Mar-2021 17:10:39 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:39 GMT
last-modified
Tue, 09 Mar 2021 18:36:29 GMT
etag
"60472f6c-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Fri, 12 Mar 2021 18:10:39 GMT
munchkin.js
munchkin.marketo.net/159/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/159/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-60-75.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 May 2020 02:24:14 GMT
Server
AkamaiNetStorage
ETag
"79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4810
Expires
Sun, 20 Jun 2021 17:10:39 GMT
545899479446758
connect.facebook.net/signals/config/ 		241 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/545899479446758?v=2.9.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
94431dad99ce1fa8ce1471df8e98060f57b22b1c675b2af2f4925f803aa7e82d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
public
x-fb-debug
S4vUnnsIFLE4Hj/l29NUeGn3DXzuKusZEc2eQdTAd3XnWDcXO2xUFcelUYU5Iborzb5+ulXpeF0U77fFNUP1PQ==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 12 Mar 2021 17:10:39 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coop_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
origin-trial
AqUfQvNe9Mod+kZ3Qx78GGg2ul4TtHv3l126BaOQCbywgYxRUP0y9rs8/el96V62SmT7ue9StD9aXvYmT3UAAQcAAAB5eyJvcmlnaW4iOiJodHRwczovL2ZhY2Vib29rLmNvbTo0NDMiLCJmZWF0dXJlIjoiQ3Jvc3NPcmlnaW5PcGVuZXJQb2xpY3lSZXBvcnRpbmciLCJleHBpcnkiOjE2MTM0MTE1NzMsImlzU3ViZG9tYWluIjp0cnVlfQ==
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2069478869985463&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&rl=&if=false&ts=1615569039507&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1615569039500.1601493878&it=1615569039270&coo=false&rqm=GET
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:39 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 12 Mar 2021 17:10:39 GMT
truncated
/ 		470 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e047cd5037a6a28ba99c0f75f648fe2f775527f39ef08cd42ae61a91f04a1102

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
getForm
app-lon09.marketo.com/index.php/form/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/index.php/form/getForm?munchkinId=689-LRE-818&form=1673&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&callback=jQuery112409466945746728843_1615569039364&_=1615569039365
Requested by
Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d465212d5f10aa6ecf298524b37a07411cc5f485c66b51517b98ff6bf2bc859

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id
08c90448a60000d905f9038000000001
content-encoding
gzip
server
cloudflare
date
Fri, 12 Mar 2021 17:10:39 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cf-ray
62eea3210f24d905-AMS
cached
true
Cookie set id.html
ru.id.group-ib.com/ Frame 9780 		524 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ru.id.group-ib.com/id.html
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/main_26755_76942213_449_1578.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.17.9.182 Moscow, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash
8b284dfc811b81d693ffcf45d175fc977e42d2268b0c453318b7324d6aa86ebe

Request headers

Host
ru.id.group-ib.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.group-ib.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
bpmRef=; bpmHref=https://www.group-ib.com/blog/IcedID; bpmTrackingId=db18cf5f-e6c6-a8fc-c173-04f978802e3b; _ga=GA1.2.912034154.1615569039; _gid=GA1.2.212147380.1615569039; _dc_gtm_UA-25492706-2=1; _ym_uid=1615569039491587273; _ym_d=1615569039; _fbp=fb.1.1615569039500.1601493878; _ym_isad=2; _ym_visorc=w
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.group-ib.com/

Response headers

Server
nginx
Date
Fri, 12 Mar 2021 17:10:39 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-cache
Etag
W/"0S1v1orMadqrVc9fsyT2CB3e8XyMWakYceNS9ldGfEfTsGxw2-AdGVEBE4HFJDXzdlmnqVNVsohb0G+XKXSBosSOLAT4OdnmnkgSYY2QLNBSTHQnkEKJJYH26BL9"
Set-Cookie
gcfids=0S1v1orMadqrVc9fsyT2CB3e8XyMWakYceNS9ldGfEfTsGxw2-AdGVEBE4HFJDXzdlmnqVNVsohb0G+XKXSBosSOLAT4OdnmnkgSYY2QLNBSTHQnkEKJJYH26BL9; Path=/; Domain=id.group-ib.com; Expires=Sat, 12 Mar 2022 17:10:39 GMT; Secure; SameSite=None
Content-Encoding
gzip
idgib-w-group-ib
sbbe.group-ib.ru/api/fl/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sbbe.group-ib.ru/api/fl/idgib-w-group-ib
Protocol
HTTP/1.1
Server
178.132.201.236 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-cfids
Origin
https://www.group-ib.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
nginx
Date
Fri, 12 Mar 2021 17:10:40 GMT
Content-Type
text/plain
Content-Length
0
Connection
keep-alive
Access-Control-Allow-Origin
https://www.group-ib.com
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids
idgib-w-group-ib
sbbe.group-ib.ru/api/fl/ 		205 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sbbe.group-ib.ru/api/fl/idgib-w-group-ib
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/main_26755_76942213_449_1578.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.132.201.236 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash
3da0234c8faf8df3af264c5e40a481e89bf1542e957b08653f446e82bc52cd84

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
x-cfids
-

Response headers

Date
Fri, 12 Mar 2021 17:10:40 GMT
Content-Encoding
gzip
Server
nginx
Etag
W/"UKVB5twf72uTn+CJ3B49lv2LbugmhBhR/JSlFHAdj/g6EiI7uC0kmVEBfCSK+yAM4HuK6mrm8CRUKG9u0+Z1XdRDKA70s32I2LNc0gqHWETrTA63uoBTBe6deXVR6hs6rR2XCJNvXrpcZAMJ8mkjWjPf"
Vary
Accept-Encoding, Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids
forms2.css
app-lon09.marketo.com/js/forms2/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/js/forms2/css/forms2.css
Requested by
Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
448
vary
Accept-Encoding
content-length
2623
cf-request-id
08c9044aa80000d905d18ed000000001
last-modified
Wed, 06 Jan 2021 21:16:41 GMT
server
cloudflare
etag
"bc13d6-3437-5b841d6e0e040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
62eea3243ca2d905-AMS
expires
Fri, 12 Mar 2021 21:10:40 GMT
forms2-theme-simple.css
app-lon09.marketo.com/js/forms2/css/ 		826 B
357 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
5713
content-length
242
cf-request-id
08c9044aa80000d905e7aaf000000001
last-modified
Wed, 06 Jan 2021 21:16:41 GMT
server
cloudflare
etag
"bc13d7-33a-5b841d6e0e040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
62eea3243ca4d905-AMS
expires
Fri, 12 Mar 2021 21:10:40 GMT
/
www.facebook.com/tr/ 		0
73 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/main_26755_76942213_449_1578.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarysrT6SCXjABrrG4yI

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 12 Mar 2021 17:10:40 GMT
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
/
www.facebook.com/tr/ 		44 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=545899479446758&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2FIcedID&rl=&if=false&ts=1615569040039&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1615569039500.1601493878&it=1615569039270&coo=false&rqm=GET
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 12 Mar 2021 17:10:40 GMT
/
www.facebook.com/tr/ Frame BCF4 		0
31 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/IcedID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
2703
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://www.group-ib.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.group-ib.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0kX0cA1UvYlGsSrL2..BgS6CP...1.0.BgS6CP.
Upgrade-Insecure-Requests
1
Origin
https://www.group-ib.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.group-ib.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
date
Fri, 12 Mar 2021 17:10:40 GMT
XDFrame
app-lon09.marketo.com/index.php/form/ Frame F498 		2 KB
820 B 		Document
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/index.php/form/XDFrame
Requested by
Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
318084ebc0e9a5068d0331ededc4abb9368120331d4d9059eacdc08ba3d8593f
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
app-lon09.marketo.com
:scheme
https
:path
/index.php/form/XDFrame
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.group-ib.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cf_bm=783ca5d84f7ad12c46dfc91c608afb8dc38b2a30-1615569039-1800-ATYUdlOvfvEzdgHhLeUjop6U8n8zQHnsQGgc4MkehpOZrVaBDJ6pTo/yXLnNrGaCf6d1v1ZRZn361yUbWd+Jrpc=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.group-ib.com/

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
content-type
text/html; charset=utf-8
content-length
653
set-cookie
__cfduid=d4f0c8d95b4843d021d6820d98480dcbf1615569040; expires=Sun, 11-Apr-21 17:10:40 GMT; path=/; domain=.app-lon09.marketo.com; HttpOnly; SameSite=Lax RSMKTO1=3137412012.47617.0000; path=/; Httponly; Secure
cache-control
max-age=3600
strict-transport-security
max-age=63113904
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
cf-cache-status
DYNAMIC
cf-request-id
08c9044b340000d90583a34000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
62eea3251dead905-AMS
forms2.min.js
app-lon09.marketo.com/js/forms2/js/ Frame F498 		204 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://app-lon09.marketo.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Mar 2021 17:10:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
1391
strict-transport-security
max-age=63113904
cf-request-id
08c9044c140000d9058e8fe000000001
last-modified
Wed, 13 Jan 2021 23:50:53 GMT
server
cloudflare
etag
"be10c8-33187-5b8d0cf43cf52"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
62eea3268843d905-AMS
expires
Fri, 12 Mar 2021 21:10:40 GMT
/
www.facebook.com/tr/ 		0
31 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/main_26755_76942213_449_1578.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryqHZNYikOwh0PBLRt

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 12 Mar 2021 17:10:40 GMT
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
/
www.facebook.com/tr/ Frame DDE2 		0
31 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
2702
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://www.group-ib.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.group-ib.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0kX0cA1UvYlGsSrL2..BgS6CP...1.0.BgS6CP.
Upgrade-Insecure-Requests
1
Origin
https://www.group-ib.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.group-ib.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
date
Fri, 12 Mar 2021 17:10:40 GMT
fl
sbbe.group-ib.ru/api/ 		677 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sbbe.group-ib.ru/api/fl?u=7694221310&mv=2&cfidsgib-w-group-ib=UKVB5twf72uTn%2BCJ3B49lv2LbugmhBhR%2FJSlFHAdj%2Fg6EiI7uC0kmVEBfCSK%2ByAM4HuK6mrm8CRUKG9u0%2BZ1XdRDKA70s32I2LNc0gqHWETrTA63uoBTBe6deXVR6hs6rR2XCJNvXrpcZAMJ8mkjWjPf
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/main_26755_76942213_449_1578.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.132.201.236 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash
07354e9343a8057b744738b14f0902dcfbdb7caa26b2aed1dfe994425744c6d6

Request headers

Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 12 Mar 2021 17:10:41 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
Cache-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer function| $ function| jQuery object| conf string| _linkedin_partner_id object| _linkedin_data_partner_ids function| fbAsyncInit function| _classCallCheck function| executeFunctionByName function| _createClass object| landing object| certainDomains object| publicDomains function| Tiles function| Action object| actions function| CubicGallery function| CubicGallery2 function| Parallax function| Popup function| SelectThis function| CubicForm function| CubicSticky function| SwipeDetector function| CubicSwitcher function| CubicTabs function| ChangeForm function| Shifter function| ClipboardJS function| raf object| gacid object| gaClientId object| FB function| Accordeon function| EmailsBase function| wr function| Cookies function| CrmForm function| Marketo function| metrics object| News object| showMore object| News2 function| PollForm function| fillPoll function| share_vacancy_fb function| share_vacancy_tw function| ShowMore2 function| CubicTags function| Test function| Tumbler function| initTumbler function| Unsubscribe object| google_tag_manager object| popups function| initCrmForms object| google_tag_data string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| fbq function| _fbq function| lintrk boolean| _already_called_lintrk object| gaplugins object| gaGlobal object| gaData object| Ya object| yaCounter25634039 object| MktoForms2 object| marketoForms function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| google_optimize boolean| __c4e38641cee8933a85d80167b637f7b5__ function| gibSetAttribute function| gibSetAttributeCallback function| gibRemoveAttribute function| gibHash function| gibEncrypt object| gib string| __guc__1.0.0 object| _this object| MunchkinTracker object| jQuery112409466945746728843

14 Cookies

Domain/Path Name / Value
.app-lon09.marketo.com/ Name: __cf_bm
Value: 783ca5d84f7ad12c46dfc91c608afb8dc38b2a30-1615569039-1800-ATYUdlOvfvEzdgHhLeUjop6U8n8zQHnsQGgc4MkehpOZrVaBDJ6pTo/yXLnNrGaCf6d1v1ZRZn361yUbWd+Jrpc=
.group-ib.com/ Name: cfidsgib-w-group-ib
Value: UKVB5twf72uTn+CJ3B49lv2LbugmhBhR/JSlFHAdj/g6EiI7uC0kmVEBfCSK+yAM4HuK6mrm8CRUKG9u0+Z1XdRDKA70s32I2LNc0gqHWETrTA63uoBTBe6deXVR6hs6rR2XCJNvXrpcZAMJ8mkjWjPf
.group-ib.com/ Name: _ym_d
Value: 1615569039
.id.group-ib.com/ Name: gcfids
Value: 0S1v1orMadqrVc9fsyT2CB3e8XyMWakYceNS9ldGfEfTsGxw2-AdGVEBE4HFJDXzdlmnqVNVsohb0G+XKXSBosSOLAT4OdnmnkgSYY2QLNBSTHQnkEKJJYH26BL9
.group-ib.com/ Name: _ym_uid
Value: 1615569039491587273
.group-ib.com/ Name: _fbp
Value: fb.1.1615569039500.1601493878
.group-ib.com/ Name: _gid
Value: GA1.2.212147380.1615569039
.group-ib.com/ Name: bpmTrackingId
Value: db18cf5f-e6c6-a8fc-c173-04f978802e3b
.group-ib.com/ Name: _dc_gtm_UA-25492706-2
Value: 1
.group-ib.com/ Name: _ga
Value: GA1.2.912034154.1615569039
.group-ib.com/ Name: _ym_isad
Value: 2
.group-ib.com/ Name: bpmHref
Value: https://www.group-ib.com/blog/IcedID
.group-ib.com/ Name: _ym_visorc
Value: w
.group-ib.com/ Name: bpmRef
Value:

1 Console Messages

Source Level URL
Text
console-api warning URL: https://www.group-ib.com/javascripts/all-a726438f.js(Line 27)
Message:
The Facebook JSSDK is more than 7 days old.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-lon09.marketo.com
connect.facebook.net
mc.yandex.ru
munchkin.marketo.net
px.ads.linkedin.com
ru.id.group-ib.com
sbbe.group-ib.ru
snap.licdn.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.group-ib.com
www.linkedin.com
104.16.96.80
178.132.201.236
178.248.235.63
185.17.9.182
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:801::200e
2a00:1450:4001:810::2004
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2003
2a00:1450:400c:c01::9b
2a02:26f0:2100:188::25ea
2a02:6b8::1:119
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
88.221.60.75
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
07354e9343a8057b744738b14f0902dcfbdb7caa26b2aed1dfe994425744c6d6
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
121d9e2466af5a33395c8812a28cc8faf86a4924a4939b5cf1936d6072def119
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547
163cfcbd5a50639aa755d8eabd17f5d736f0d8d5a51989bd0540a05012427c9d
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
318084ebc0e9a5068d0331ededc4abb9368120331d4d9059eacdc08ba3d8593f
3186146349e236c5a19a2ace6ee18b6d8142a3be58907e314449c73b5c0fb855
3da0234c8faf8df3af264c5e40a481e89bf1542e957b08653f446e82bc52cd84
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
4e83bbbf7fd8158894a47483dee9b3ec396710121cc5cedd9469759377b07c46
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
572849fb1ef892ee1e002693d2c27cd4289dd9d72d8ba27453dd096da6f705e3
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
690b6f8fdbc0fd59f0af6a06c65c6ef3f706b7015ff5e75ab4204346894a7c69
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06
7e062e6b4aac466769d4a33a25bfa320db1df0a39e573eb03874b04efb67dfbf
80e46bcfd8205b4c8dfd699371cc53820a10925bc8f4648ae8c3b529f95816d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
873b0f296cc53130ff0148c0c8049a5d59903ee62da607a1bd5308b678ae0d8e
8b284dfc811b81d693ffcf45d175fc977e42d2268b0c453318b7324d6aa86ebe
94240c250957a568fa7a4d626c99eead10f9d456bfa7536af1e25ef3c3b27b2e
94431dad99ce1fa8ce1471df8e98060f57b22b1c675b2af2f4925f803aa7e82d
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55
9d465212d5f10aa6ecf298524b37a07411cc5f485c66b51517b98ff6bf2bc859
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355
a83a4b91b9d7e6f311543068b7c65291d001cd2fb17f19ab8e5a0adb1a0d01e1
b5fb7ea744080b2049dd7fb958a41208b10f548326f7efb37dd0afa8d79553df
ca0e3beb032aacff54341082165a5d660ce9a87ffe5a97c731ab624783289842
e047cd5037a6a28ba99c0f75f648fe2f775527f39ef08cd42ae61a91f04a1102
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58243478cdfbbb06252ec7211c4862a8a19f6346aae1022c8a089dfd41a0794
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10af0f9f1114d7b234cb396a16bd880d455d967020940f4d5aa9175c2b08bf0
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c