Submitted URL: http://cert-gib.com/
Effective URL: https://www.group-ib.com/cert.html
Submission: On March 02 via api from TR — Scanned from DE

Summary

This website contacted 32 IPs in 8 countries across 24 domains to perform 100 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com. The Cisco Umbrella rank of the primary domain is 787660.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 28th 2022. Valid for: a year.
This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 5.9.185.28 24940 (HETZNER-AS)
1 35 3.72.181.255 16509 (AMAZON-02)
2 3.64.98.252 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 172.65.255.172 13335 (CLOUDFLAR...)
2 6 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 104.16.93.80 13335 (CLOUDFLAR...)
2 172.65.232.43 13335 (CLOUDFLAR...)
8 104.64.113.114 16625 (AKAMAI-AS)
1 199.232.16.157 54113 (FASTLY)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
1 13.225.78.122 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 185.17.9.182 49505 (SELECTEL)
2 142.250.186.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 7 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 37.252.171.22 29990 (ASN-APPNEX)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
1 52.3.31.211 14618 (AMAZON-AES)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:402... 15169 (GOOGLE)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
1 2600:9000:20e... 16509 (AMAZON-02)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.43.14 8068 (MICROSOFT...)
2 2a03:2880:f11... 32934 (FACEBOOK)
3 2a00:1450:400... 15169 (GOOGLE)
100 32
Apex Domain
Subdomains
Transfer
38 group-ib.com
www.group-ib.com — Cisco Umbrella Rank: 787660
fhp-aws-antibot-back.group-ib.com
ru.id.group-ib.com — Cisco Umbrella Rank: 188954
9 MB
11 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 4370
google.com — Cisco Umbrella Rank: 1
1 KB
9 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6488
c.6sc.co — Cisco Umbrella Rank: 9745
ipv6.6sc.co — Cisco Umbrella Rank: 6917
b.6sc.co — Cisco Umbrella Rank: 4795
14 KB
8 google.de
www.google.de — Cisco Umbrella Rank: 6149
945 B
8 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
stats.g.doubleclick.net — Cisco Umbrella Rank: 77
6 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 44
337 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 361
www.linkedin.com — Cisco Umbrella Rank: 564
px4.ads.linkedin.com — Cisco Umbrella Rank: 6058
3 KB
3 hsforms.com
forms-eu1.hsforms.com — Cisco Umbrella Rank: 31541
forms.hsforms.com — Cisco Umbrella Rank: 3883
27 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
222 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 105
258 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30
20 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 163
4 KB
2 neverbounce.com
cdn.neverbounce.com — Cisco Umbrella Rank: 101049
api.neverbounce.com — Cisco Umbrella Rank: 61488
29 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36
1 KB
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 813
374 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 628
393 B
1 t.co
t.co — Cisco Umbrella Rank: 536
377 B
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 377
823 B
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4464
2 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 704
5 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 633
15 KB
1 marketo.com
app-lon09.marketo.com — Cisco Umbrella Rank: 352159
69 KB
1 hsforms.net
js-eu1.hsforms.net — Cisco Umbrella Rank: 73795
159 KB
1 cert-gib.com
cert-gib.com
201 B
100 24
Domain Requested by
35 www.group-ib.com 1 redirects fhp-aws-antibot-back.group-ib.com
www.group-ib.com
8 www.google.de www.group-ib.com
7 www.google.com 2 redirects www.group-ib.com
6 b.6sc.co www.group-ib.com
6 googleads.g.doubleclick.net 2 redirects www.googletagmanager.com
5 www.googletagmanager.com www.group-ib.com
www.googletagmanager.com
3 google.com fhp-aws-antibot-back.group-ib.com
3 connect.facebook.net www.group-ib.com
connect.facebook.net
2 www.facebook.com www.group-ib.com
2 px.ads.linkedin.com 2 redirects
2 stats.g.doubleclick.net fhp-aws-antibot-back.group-ib.com
2 www.google-analytics.com www.googletagmanager.com
www.group-ib.com
2 www.googleadservices.com www.googletagmanager.com
2 forms-eu1.hsforms.com fhp-aws-antibot-back.group-ib.com
www.group-ib.com
2 fonts.googleapis.com www.group-ib.com
2 fhp-aws-antibot-back.group-ib.com www.group-ib.com
1 px4.ads.linkedin.com www.group-ib.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io fhp-aws-antibot-back.group-ib.com
1 analytics.twitter.com www.group-ib.com
1 t.co www.group-ib.com
1 region1.analytics.google.com fhp-aws-antibot-back.group-ib.com
1 api.neverbounce.com cdn.neverbounce.com
1 ipv6.6sc.co fhp-aws-antibot-back.group-ib.com
1 c.6sc.co fhp-aws-antibot-back.group-ib.com
1 secure.adnxs.com fhp-aws-antibot-back.group-ib.com
1 forms.hsforms.com www.group-ib.com
1 ru.id.group-ib.com www.group-ib.com
1 ws.zoominfo.com www.group-ib.com
1 cdn.neverbounce.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 j.6sc.co www.group-ib.com
1 app-lon09.marketo.com www.group-ib.com
1 js-eu1.hsforms.net www.group-ib.com
1 cert-gib.com 1 redirects
100 36
Subject Issuer Validity Valid
www.group-ib.com
Sectigo RSA Domain Validation Secure Server CA
2022-06-28 -
2023-06-28
a year crt.sh
*.group-ib.com
Sectigo RSA Domain Validation Secure Server CA
2022-06-29 -
2023-07-04
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-15 -
2023-06-15
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-01-10 -
2023-03-09
2 months crt.sh
app-lon09.marketo.com
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
*.6sc.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-08 -
2023-03-11
a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-22 -
2023-08-22
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
neverbounce.com
Amazon RSA 2048 M02
2023-02-13 -
2024-03-12
a year crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3
2022-04-21 -
2023-04-21
a year crt.sh
*.id.group-ib.com
R3
2022-12-29 -
2023-03-29
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
www.google.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
www.google.de
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-05 -
2024-02-05
a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-05 -
2024-02-05
a year crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01
2023-02-24 -
2023-08-06
5 months crt.sh
*.google.de
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh
*.google.com
GTS CA 1C3
2023-02-08 -
2023-05-03
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.group-ib.com/cert.html
Frame ID: 002F8B7EAEEFE4ABC5F26C764B7F3925
Requests: 112 HTTP requests in this frame

Frame: https://ru.id.group-ib.com/id.html
Frame ID: 2239E1DF92613347EABEF9E9B7423ED6
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6EA462E004B95653C828762DC7E15AED
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Response to information security incidents - CERT-GIB

Page URL History Show full URLs

  1. http://cert-gib.com/ HTTP 301
    http://www.group-ib.com/cert.html HTTP 301
    https://www.group-ib.com/cert.html Page URL
  2. https://www.group-ib.com/cert.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

100
Requests

97 %
HTTPS

52 %
IPv6

24
Domains

36
Subdomains

32
IPs

8
Countries

10485 kB
Transfer

12811 kB
Size

37
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cert-gib.com/ HTTP 301
    http://www.group-ib.com/cert.html HTTP 301
    https://www.group-ib.com/cert.html Page URL
  2. https://www.group-ib.com/cert.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cert-gib.com/ HTTP 301
  • http://www.group-ib.com/cert.html HTTP 301
  • https://www.group-ib.com/cert.html
Request Chain 81
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1677751969564%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fcert.html%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLvpR8AOFSKIAAAAYahz2jRHW-739psH2flzn3_0ogrhQP3yb_-SbrjYu73t58Fls5tdWyqz90h8Q
Request Chain 88
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=oXYAZNSSDoqm1waqo5a4Bg&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQkxzSG5MUDNDRk5CM0lGRmpCbWlaQWVRU0wtVnhUUTdzaGR1V29jR3hEYnBMRlRFMWZ0bVV5 HTTP 302
  • https://www.google.com/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQkxzSG5MUDNDRk5CM0lGRmpCbWlaQWVRU0wtVnhUUTdzaGR1V29jR3hEYnBMRlRFMWZ0bVV5&is_vtc=1&ocp_id=oXYAZNSSDoqm1waqo5a4Bg&cid=CAQSKQDUE5ymXpymdC_cUgZdX6zVJX_TOOD-PW7E_qAbQ0ItmEvoG7bRCv0u&random=108973170 HTTP 302
  • https://www.google.de/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQkxzSG5MUDNDRk5CM0lGRmpCbWlaQWVRU0wtVnhUUTdzaGR1V29jR3hEYnBMRlRFMWZ0bVV5&is_vtc=1&ocp_id=oXYAZNSSDoqm1waqo5a4Bg&cid=CAQSKQDUE5ymXpymdC_cUgZdX6zVJX_TOOD-PW7E_qAbQ0ItmEvoG7bRCv0u&random=108973170&ipr=y&prhg=0
Request Chain 96
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=oXYAZMeWLJb-xgLG-JuYDg&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQzVnUVRZN0puY3dLVUJBVExwVm1MNUNOV2ViTldQa1diZC10WFBKc2diU29lNlNxdUR3TFN5 HTTP 302
  • https://www.google.com/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQzVnUVRZN0puY3dLVUJBVExwVm1MNUNOV2ViTldQa1diZC10WFBKc2diU29lNlNxdUR3TFN5&is_vtc=1&ocp_id=oXYAZMeWLJb-xgLG-JuYDg&cid=CAQSKQDUE5ym7vv7BedtMYLGLBr_b3lzEQk4rbQMW8hkK2b2EgQOyQmpme1q&random=410223284 HTTP 302
  • https://www.google.de/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQzVnUVRZN0puY3dLVUJBVExwVm1MNUNOV2ViTldQa1diZC10WFBKc2diU29lNlNxdUR3TFN5&is_vtc=1&ocp_id=oXYAZMeWLJb-xgLG-JuYDg&cid=CAQSKQDUE5ym7vv7BedtMYLGLBr_b3lzEQk4rbQMW8hkK2b2EgQOyQmpme1q&random=410223284&ipr=y&prhg=0

100 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
cert.html
www.group-ib.com/
Redirect Chain
  • http://cert-gib.com/
  • http://www.group-ib.com/cert.html
  • https://www.group-ib.com/cert.html
7 KB
7 KB
Document
General
Full URL
https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-type
text/html
date
Thu, 02 Mar 2023 10:12:46 GMT

Redirect headers

Content-Length
70
Content-Type
text/html; charset=utf-8
Date
Thu, 02 Mar 2023 10:12:46 GMT
Location
https://www.group-ib.com:/cert.html
bt-autoinject.js
fhp-aws-antibot-back.group-ib.com/d/
348 KB
146 KB
Script
General
Full URL
https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.64.98.252 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-98-252.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:46 GMT
content-encoding
gzip
x-envoy-upstream-service-time
1
server
istio-envoy
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
truncated
/
487 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
107489855354318ae43cf4be354432590663de1a874b4b813ba569457371b254

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4dd9e4e76108e414d1700571feb305e53b097ea854e22dd20b123297658a51d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/
205 B
667 B
XHR
General
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d434c29a6b883c342b28c613c750dc475913e189c6c3264bfd9a57cc8f033c06

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
x-cfids
-

Response headers

date
Thu, 02 Mar 2023 10:12:46 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"zgvPA1QQ/SYgB5aYqz2pxwtAORMLz0Cl++ihLnv8OeMSI43HdT0IubiCNDS0JhwigpFnz766ms4PLmdCK1tUEOqN5guH0jax0gjnwzbEz1tDeLg3tyc67l3w43mfEEBsUrJYy7qlODurkn9QzjweQKnX"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
2
fl
www.group-ib.com/api/
665 B
833 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=zgvPA1QQ%2FSYgB5aYqz2pxwtAORMLz0Cl%2B%2BihLnv8OeMSI43HdT0IubiCNDS0JhwigpFnz766ms4PLmdCK1tUEOqN5guH0jax0gjnwzbEz1tDeLg3tyc67l3w43mfEEBsUrJYy7qlODurkn9QzjweQKnX
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:47 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
fl
www.group-ib.com/api/
665 B
781 B
Ping
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=6nUW8ygeXQXrPZ0a1Tb4H9RHH305TJiFg7hQpK22uZk2ltIbZK%2FWp4sy9xGWJ%2FHE7GZh01WxrA8LynyQQI7I7zkNFPeFbNHWBuXeTL8UgKIsgh6O1qsOgLD7iPIOJw6u0bFiBXzbn9C4Dm1wrsirHrdy7vdEl7hjljbx
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
Primary Request cert.html
www.group-ib.com/
45 KB
11 KB
Document
General
Full URL
https://www.group-ib.com/cert.html
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
77d394a1dd590551f25748c1daceb7b5ebcb49d55ef7ec69dce4c4b33a5b4161
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://www.group-ib.com/cert.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
content-encoding
gzip
content-length
10830
content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Thu, 02 Mar 2023 10:12:48 GMT
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(), accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy
no-referrer strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
x-xss-protection
1; mode=block 1; mode=block
bt-autoinject.js
fhp-aws-antibot-back.group-ib.com/d/
348 KB
146 KB
Script
General
Full URL
https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.64.98.252 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-98-252.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
x-envoy-upstream-service-time
1
server
istio-envoy
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
hubspot-form-0d3ea2cd.css
www.group-ib.com/hubspot-form/
4 KB
4 KB
Stylesheet
General
Full URL
https://www.group-ib.com/hubspot-form/hubspot-form-0d3ea2cd.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3831
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Sun, 22 May 2022 18:42:44 GMT
server
nginx
etag
"628a8424-ef7"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
main_26755_2be51925_563_1764.js
www.group-ib.com/build/
297 KB
298 KB
Script
General
Full URL
https://www.group-ib.com/build/main_26755_2be51925_563_1764.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-length
304595
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 25 May 2022 09:25:21 GMT
server
nginx
etag
"628df601-4a5d3"
vary
Accept-Encoding, Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
js
www.googletagmanager.com/gtag/
130 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-392399615
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e6a073e563e9a4f4b69d5f65b9cebc6f3878c49fb51b43fb47ef52349d349528
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51372
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 02 Mar 2023 10:12:48 GMT
css2
fonts.googleapis.com/
2 KB
894 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;500&display=swap
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f1a76ecbcbefc0b357ce381eba61f68a4d2c8c5297ec27ec3380ed03edbe5744
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 09:32:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 02 Mar 2023 10:12:48 GMT
css2
fonts.googleapis.com/
1 KB
535 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Prata&display=swap
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
96c4e58e8a03bbdefeb244e74873ce152349cdb30b308628dd7c3e2d7c7e118a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 10:00:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 02 Mar 2023 10:12:48 GMT
types-new-38330f89.css
www.group-ib.com/stylesheets/
462 KB
462 KB
Stylesheet
General
Full URL
https://www.group-ib.com/stylesheets/types-new-38330f89.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
472773
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 06 May 2021 06:58:10 GMT
server
nginx
etag
"60939382-736c5"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
all-508e897e.css
www.group-ib.com/stylesheets/
1 MB
1 MB
Stylesheet
General
Full URL
https://www.group-ib.com/stylesheets/all-508e897e.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
1516216
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:53:19 GMT
server
nginx
etag
"634d09ef-1722b8"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
jquery-96f076a3.js
www.group-ib.com/javascripts/
85 KB
85 KB
Script
General
Full URL
https://www.group-ib.com/javascripts/jquery-96f076a3.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
87307
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 18 Mar 2021 09:02:08 GMT
server
nginx
etag
"60531710-1550b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
all-2bd8fcd3.js
www.group-ib.com/javascripts/
199 KB
199 KB
Script
General
Full URL
https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
203894
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 04 Aug 2021 14:28:19 GMT
server
nginx
etag
"610aa403-31c76"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
first@2x.png
www.group-ib.com/images/cert-partners/
5 KB
6 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/first@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
5432
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-1538"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
ti@2x.png
www.group-ib.com/images/cert-partners/
5 KB
5 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/ti@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
5019
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-139b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
impact@2x.png
www.group-ib.com/images/cert-partners/
4 KB
4 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/impact@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3867
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-f1b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
oic@2x.png
www.group-ib.com/images/cert-partners/
12 KB
12 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/oic@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
12648
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-3168"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
azb-w@2x.png
www.group-ib.com/images/cert-partners/
18 KB
18 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/azb-w@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
18668
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-48ec"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
onc@2x.png
www.group-ib.com/images/cert-partners/
39 KB
39 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/onc@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
40133
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-9cc5"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
apwg@2x.png
www.group-ib.com/images/cert-partners/
11 KB
11 KB
Image
General
Full URL
https://www.group-ib.com/images/cert-partners/apwg@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
11163
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-2b9b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
award-2021_gold.png
www.group-ib.com/images/certificates/
11 KB
11 KB
Image
General
Full URL
https://www.group-ib.com/images/certificates/award-2021_gold.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
10858
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 12 May 2021 18:13:10 GMT
server
nginx
etag
"609c1ab6-2a6a"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
v2.js
js-eu1.hsforms.net/forms/
509 KB
159 KB
Script
General
Full URL
https://js-eu1.hsforms.net/forms/v2.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0123eded788d31af982c69073accde95512f79937578813e722c1bf4abbed27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-encoding
br
age
512
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=forms-embed/static-1.2759/bundles/project-v2.js&cfRay=7a18d089a6202bc3-FRA, 7a18d089a6202bc3-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"869bc78fe9fd236cb063fe2745027fbe"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.2759/bundles/project-v2.js
date
Thu, 02 Mar 2023 10:12:48 GMT
x-amz-version-id
fHf4ZmN_s8uqGdt86M.bqjroQdn5TwKN
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
56d30373-8be1-4831-afd0-924fbec242e5
last-modified
Wed, 01 Mar 2023 12:15:21 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Qmf7hogzMgtEqWQsQ%2F4U0reYdbhMNcNkSrvp9Ehbvmr4pCXDs1VKBCoSBYj3BM3XVKaRQxGFo2DtC43tF6wCfEu7HPPgLwBe5S1XHK4Dg%2B%2BQWiN72yc4F%2FtV%2Fa0%2Faw1970eGA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7cb8fdd96d-6m77k
cf-ray
7a18dd0a6c422bf6-FRA
x-amz-cf-id
Ixk-KQKViCimsx551YVyWSIL3OgmB_bo60sqn8NEXwinqrafOkPCag==
truncated
/
482 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
16ea0f37e7b893f9078384d11e94c9f9bad304b4752f4cea7d3504f527a340c3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a006ed69290a031c88da1ae803c48d2c1134d582a899e7be2724679f2bd6ecd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/
217 B
701 B
XHR
General
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d3241ad96ed64f4ba82370c58c77eecad95ffbfb35fdb32f992f799c2682efdc

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
lT9W73eb9c1652269bef95ea9225c9191ee2c053
x-cfids
6nUW8ygeXQXrPZ0a1Tb4H9RHH305TJiFg7hQpK22uZk2ltIbZK/Wp4sy9xGWJ/HE7GZh01WxrA8LynyQQI7I7zkNFPeFbNHWBuXeTL8UgKIsgh6O1qsOgLD7iPIOJw6u0bFiBXzbn9C4Dm1wrsirHrdy7vdEl7hjljbx

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"OYk2KZXJ3kd8pDRowpbz3twzoGM5zGUAGyM+WbP2vgEjGUpJNfsgc4jTPCgaEIWq4XToEkskSr/eJfOhTKYGAgKm8qLo0jX1BMgQTgda8c0+ktSQioT0KknyDuGYjXd+SauICtOZGFsLzafHUOVK9u2124O/FkubEVAS"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
1
gtm.js
www.googletagmanager.com/
261 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
826125051cec4d9fe617685587a67d8223a817fc0b847bc7b1e2adccba936dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86529
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 02 Mar 2023 10:12:48 GMT
sdk.js
www.group-ib.com/javascripts/
3 KB
3 KB
Script
General
Full URL
https://www.group-ib.com/javascripts/sdk.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
28aabea3885481e4a5fe0c4031bbea2e9ab1d4cca1adeac5ccde868d49ec0019
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3093
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 01 Mar 2023 22:10:01 GMT
server
nginx
etag
"63ffcd39-c15"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
icons.svg
www.group-ib.com/images/
440 KB
440 KB
Other
General
Full URL
https://www.group-ib.com/images/icons.svg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
450279
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 06 Feb 2023 09:02:09 GMT
server
nginx
etag
"63e0c211-6dee7"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
truncated
/
121 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
logo-new.svg
www.group-ib.com/images/
2 KB
2 KB
Image
General
Full URL
https://www.group-ib.com/images/logo-new.svg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
2432
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 02 Dec 2021 07:15:15 GMT
server
nginx
etag
"61a87283-980"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
truncated
/
75 KB
75 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
75 KB
75 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
486 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa228ae53ac82032794b0cb0c94d2841be5b91fa0ff87bb9caec1a9ed1e72726

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4feda8421fbc57d47dadbe5022d1644ecc61f4bf897337ebb8fdaa7350b43784

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
main-cover67.jpg
www.group-ib.com/images/covers/
58 KB
58 KB
Image
General
Full URL
https://www.group-ib.com/images/covers/main-cover67.jpg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:48 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
59118
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:53 GMT
server
nginx
etag
"6051a12d-e6ee"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/jpeg
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:48 GMT
truncated
/
75 KB
75 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
application/font-woff
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/?random=1677751968826&cv=11&fst=1677751968826&bg=ffffff&guid=ON&async=1&gtm=45be32r0h1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b5a3e3d06662b3695bd16dc8d9d3f9edb0be632864df248d57b758bee98378d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1241
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
130 KB
50 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e7c2bc3e403513bee0413687c80b67e0aada1180e6e4b3b084d320d34ff9444d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51443
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 02 Mar 2023 10:12:48 GMT
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/
217 B
718 B
XHR
General
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d975a5e434604dc8405e672c0f8ac8fda54c0e50f1da157cfef384d58686f413

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==, 727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
mR15cffb235605db05aee873501e4f7f56e137b9, Jfn5624798eea5a3c9289b98ff5ded8a21d9bcea
x-cfids
OYk2KZXJ3kd8pDRowpbz3twzoGM5zGUAGyM+WbP2vgEjGUpJNfsgc4jTPCgaEIWq4XToEkskSr/eJfOhTKYGAgKm8qLo0jX1BMgQTgda8c0+ktSQioT0KknyDuGYjXd+SauICtOZGFsLzafHUOVK9u2124O/FkubEVAS

Response headers

date
Thu, 02 Mar 2023 10:12:48 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"79fLxN0sdJ3S9z4EAKcMJCmOKqSY8FJcNF3U/pclYYJD6FPjvmWk0IFbdP9qhANW2vbi29pGW/2xsWss5OlWRl2VtuUGkrs8J7hDeTPPQjTrggRlUIWqDpqmdkyuyRouIsdhpLtjPyfW7ObjDVZLJjMR5u0A3ByDIJKh"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
1
idgib-w-group-ib
www.group-ib.com/api/fl/
0
42 B
XHR
General
Full URL
https://www.group-ib.com/api/fl/idgib-w-group-ib
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==, 727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
VnEHaa4ebf7e71b02aca4f60a274ad2eeec61b3f, g34Leb14d5ca5d708b6dab25c1ae2ed4b04ce1fa
x-cfids
-

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
x-envoy-upstream-service-time
5
server
istio-envoy
content-length
0
sdk.js
connect.facebook.net/ru_RU/
302 KB
86 KB
Script
General
Full URL
https://connect.facebook.net/ru_RU/sdk.js?hash=118d9dcb5e21ba0d88956e18eb06fc69&ua=modern_es6
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7061e8c6ca7c7b9eb635d5bc9154ade9f524ed694c9b4834f3404b2af189c610
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.group-ib.com/
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 10:12:49 GMT
content-md5
Bw3o7i0N0y8HGR91HbZy9w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87309
x-fb-rlafr
0
x-fb-debug
irBk/0vLyQPICd2nvONQIPTdVjKBIoCa7UEn8wyHwP9sC/D/aDxgcDOeoeQypACAir2Jc0fthnGv+gNODai0cw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
686109401
x-fb-content-md5
cd356d1520e034e0f361b4dfe5b72e6a
cross-origin-opener-policy
same-origin-allow-popups
etag
"7235fa370c560a64ee596ad1807c65a8"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options
DENY
timing-allow-origin
*
expires
Fri, 01 Mar 2024 09:35:21 GMT
forms2.min.js
app-lon09.marketo.com/js/forms2/js/
208 KB
69 KB
Script
General
Full URL
https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Thu, 12 Jan 2023 20:56:20 GMT
server
cloudflare
age
714
etag
"d20ea5-33e51-5f217594de500"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
7a18dd0e88e96909-FRA
expires
Thu, 02 Mar 2023 14:12:49 GMT
truncated
/
412 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
cert-video.mp4
www.group-ib.com/video/
6 MB
6 MB
Media
General
Full URL
https://www.group-ib.com/video/cert-video.mp4
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://www.group-ib.com/cert.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Range
bytes=0-

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
Content-Range
bytes 0-6019493/6019494
Content-Length
6019494
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:56 GMT
server
nginx
etag
"6051a130-5bd9a6"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
video/mp4
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
json
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/
68 KB
26 KB
XHR
General
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.2759&X-HubSpot-Static-App-Info=forms-embed-1.2759
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
651323c16e5e0db04c45eeb60e0588804fe63e1f3787ec7d8900a5d143ace7f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Thu, 02 Mar 2023 10:12:49 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
br
CF-Cache-Status
DYNAMIC
X-HubSpot-Correlation-Id
fa1b3d67-ec9d-447c-84f2-e8fc44038f83
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Server
cloudflare
X-Trace
2B4B828631F9760B0486917B8809F32385F0D9CCE8000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
7a18dd0f2bea2bd5-FRA
6si.min.js
j.6sc.co/
33 KB
10 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 09 Feb 2023 18:18:39 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63e538ff-820b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
10438
expires
Thu, 02 Mar 2023 10:12:49 GMT
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-vie6347-VIE
insight.min.js
snap.licdn.com/li.lms-analytics/
13 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4832 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=27837
accept-ranges
bytes
content-length
4777
fbevents.js
connect.facebook.net/en_US/
106 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 02 Mar 2023 10:12:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27843
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
ZgJaAJUUB2xEt0UCeJ7ZwVC1zNbRcTTiFpb8PNTBlUoDxZ/0EwQXDglg1AR7mD3HcjC1HNQ6oN2RzjdTmpQHWg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
NeverBounce.js
cdn.neverbounce.com/widget/dist/
96 KB
29 KB
Script
General
Full URL
https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 03:09:52 GMT
content-encoding
gzip
via
1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
last-modified
Mon, 02 Mar 2020 18:37:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
age
25378
etag
W/"c1e06621030dfcba15b88abbcaa546eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
MKVkXLiLBoLT3wHv_E9Uo1PCgF3wp5MS-tEQTSSLgyTk2SVDgp73rw==
63e267f61a03d71ea3df5fe7
ws.zoominfo.com/pixel/
2 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c84d46f144cc5fc65f5a33c94f8aa1453a336d65026e8c47c180411ccc9dee4e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
7a18dd0eff99383e-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js
www.googletagmanager.com/gtag/
248 KB
83 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a3f404492e86b93af64e3db44aeb74363d80df6ebea2a3b1ed567d8672ed27fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85172
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 02 Mar 2023 10:12:49 GMT
truncated
/
221 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
206 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/svg+xml
id.html
ru.id.group-ib.com/ Frame 2239
524 B
1 KB
Document
General
Full URL
https://ru.id.group-ib.com/id.html
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/build/main_26755_2be51925_563_1764.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.17.9.182 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash
13445e09e83701aae314900b2611e0d3e20f8a04404283fcfb5fa84c43b66775

Request headers

Referer
https://www.group-ib.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Thu, 02 Mar 2023 10:12:49 GMT
Server
nginx
Transfer-Encoding
chunked
cache-control
no-cache
content-encoding
gzip
etag
W/"mL3HoG9jXjhkzD7+MPhJAzN0bByj+FCrkEt8m+i8z73bNI45+tV-skn1S0viJO3xgZwjiM+WL24XYF2EvzL2MIvEuKn8rr1PvvfIwvSk9HyPnlU8Cz6MaDrKwZz0"
vary
Accept-Encoding
x-envoy-upstream-service-time
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=1677751969158&cv=11&fst=1677751969158&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
449a470b33874b82ecccb6ecb405b622f30b51fb699e36283abd053326f189a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1237
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/863262324/
3 KB
2 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/863262324/?random=1677751969168&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
29c26450d56f460fbb5634a4d7245180674a9bbcc06fafb8c489e9132eab4c16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1561
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 08:14:50 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
7079
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Thu, 02 Mar 2023 10:14:50 GMT
admin-ajax.php
www.group-ib.com/media/wp-admin/
796 B
381 B
XHR
General
Full URL
https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==, 727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
SslE72b0466d898394dd425ba28c93c39b6c9bd6, iO2O6c178150dce2166d9ae3084a62eee1adaaba

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-content-type-options
nosniff
x-frame-options
sameorigin
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
content-length
334
x-xss-protection
1; mode=block
fl
www.group-ib.com/api/
45 B
138 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=d5fb122505&mv=2&cfidsgib-w-group-ib=
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==, 727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Bo37e23ae7a363ce832542041acb633f62f51ed6, fsaf4332c1fc3f3371c80538ff1adaafa6c98cc8
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
/
www.google.com/pagead/1p-user-list/392399615/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/392399615/?random=1677751968826&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0h1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1256531387&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/392399615/
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/392399615/?random=1677751968826&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0h1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1256531387&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
counters.gif
forms.hsforms.com/embed/v3/
35 B
667 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 10:12:49 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
CF-Cache-Status
DYNAMIC
X-HubSpot-Correlation-Id
8851038f-7734-48b3-a4ae-8cb31fe04ad9
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
35
Server
cloudflare
X-Trace
2BC16ACC9F2E3B0ED8197E0895A897B1F9AA6151CF000000000000000000
Vary
origin
Content-Type
image/gif
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7a18dd106b26373b-FRA
arrow_white-right.png
www.group-ib.com/images/arrows/
1 KB
1 KB
Image
General
Full URL
https://www.group-ib.com/images/arrows/arrow_white-right.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
1113
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-459"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Thu, 09 Mar 2023 10:12:49 GMT
649324202964935
connect.facebook.net/signals/config/
380 KB
108 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/649324202964935?v=2.9.97&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5c383c66beae35484e29311a9e17e2be6dc409c6fcf365e5cf9b11df2e6fe336
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 02 Mar 2023 10:12:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
110789
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
3HrnDVNzSd3aXlDIBKjXZ3EFM3meD3+vEEQoGVk0MOdZbz98Sz2BaN5o/OlLByLfd7YUVr/13QnkN8fH13swZA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
getuidj
secure.adnxs.com/
11 B
823 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 02 Mar 2023 10:12:49 GMT
AN-X-Request-Uuid
d36efb5a-c725-4472-818d-3c024589de7e
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.group-ib.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
178.162.209.138; 178.162.209.138; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
203 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
24 B
319 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a:39e::1c91 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6d6b766a86ee59cc94e61ba039af69a6adf0dc75e9eaa15522072d970f5090fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a00:c98:2050:a007:2::10
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="466042_1600460636_1516600980_12_579_20_0";dur=1
content-length
24
expires
Thu, 02 Mar 2023 10:12:49 GMT
notify
api.neverbounce.com/v4/poe/
63 B
283 B
Script
General
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_349828
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.31.211 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-31-211.compute-1.amazonaws.com
Software
nginx /
Resource Hash
220c6818d32a04168722435f0bc20a89dec1beecf081b5b9d56c6b0534fa6972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
destination
www.googletagmanager.com/gtag/
192 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f1a4b4b0adef4a9dd7373973c90c92c8ed006a36133a1214cdee6e22408e98c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70303
x-xss-protection
0
last-modified
Thu, 02 Mar 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 02 Mar 2023 10:12:49 GMT
collect
region1.analytics.google.com/g/
0
255 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je32r0&_p=1895501306&_gaz=1&cid=881446011.1677751970&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1677751969&sct=1&seg=0&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dr=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
246 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=881446011.1677751970&gtm=45je32r0&aip=1
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:402::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=881446011.1677751970&gtm=45je32r0&aip=1&z=1079536648
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/
43 B
377 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=fd670ce0-9e48-464a-be0a-953dc6c8889b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f8678ad8-b20d-4fa1-ac95-00d0ee7e2e2e&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-response-time
111
date
Thu, 02 Mar 2023 10:12:49 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
3f6450794dcfe645
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
a44fffc638b6f67e1eafd3492f68a5714b46ca39fd3dcfde8086e41b06415325
content-length
43
adsct
analytics.twitter.com/i/
43 B
393 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=fd670ce0-9e48-464a-be0a-953dc6c8889b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=f8678ad8-b20d-4fa1-ac95-00d0ee7e2e2e&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-response-time
102
date
Thu, 02 Mar 2023 10:12:49 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
6a1419ac1f20be9b
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
cffa4925eebb79b428b8ff7b496db5d4f09278fe7a48baa87f93948202cbd771
content-length
43
token
cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/
36 B
374 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/token
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:da00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:00:57 GMT
content-encoding
gzip
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
712
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
ao-00ExOH5MG5yLN-Pw82g863k1qeQVIT3U-aF-KMI1CfAiAaZEVAw==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1677751969564%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fc...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLvpR8AOFSKIAAAAYahz2jRHW-739psH2flzn3_0og...
0
263 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLvpR8AOFSKIAAAAYahz2jRHW-739psH2flzn3_0ogrhQP3yb_-SbrjYu73t58Fls5tdWyqz90h8Q
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Server
13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:50 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 14CC4D67007942188E167D02DEA48BC0 Ref B: VIEEDGE2809 Ref C: 2023-03-02T10:12:50Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX16BI0dA7aYAs3laSO2A==

Redirect headers

date
Thu, 02 Mar 2023 10:12:49 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 9CC4BFD5A3564DE38A53D0324853E298 Ref B: FRAEDGE2019 Ref C: 2023-03-02T10:12:49Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1677751969564&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLvpR8AOFSKIAAAAYahz2jRHW-739psH2flzn3_0ogrhQP3yb_-SbrjYu73t58Fls5tdWyqz90h8Q
x-li-proto
http/2
content-length
0
x-li-uuid
AAX16BIxWxU3GX2z7himuA==
counters.gif
forms-eu1.hsforms.com/embed/v3/
35 B
667 B
Image
General
Full URL
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 10:12:49 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
CF-Cache-Status
DYNAMIC
X-HubSpot-Correlation-Id
a776cbfd-f501-41e5-9914-0bb97bc02d4f
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
35
Server
cloudflare
X-Trace
2B024AC8D3B916977082B1E11726A50481AD8FEF1E000000000000000000
Vary
origin
Content-Type
image/gif
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7a18dd13dde639ce-FRA
fl
www.group-ib.com/api/
665 B
757 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=OYk2KZXJ3kd8pDRowpbz3twzoGM5zGUAGyM%2BWbP2vgEjGUpJNfsgc4jTPCgaEIWq4XToEkskSr%2FeJfOhTKYGAgKm8qLo0jX1BMgQTgda8c0%2BktSQioT0KknyDuGYjXd%2BSauICtOZGFsLzafHUOVK9u2124O%2FFkubEVAS
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
16c7b60626b646d76a6664f0db2277711aa0c2690060275cb6702ee3fe182bdf

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==, 727xsAQMMAZwDeT15EBg6KnUoUXb23oHgVpZ6lfjQ2au6soj6ZcbJoDJKpkqDnZZ6n10tHflQGcG3UjJ4Pu21QlUsToUP5NRDycrXcYPkeGufZis0L6oaSJptQ844mUnC9xCTLmPLIGupY31mkibADEk6i4uRe4odlEzjqb1X2UAghmggiS8oSq1d5M+C+c0UxPmGgynH1oro+3vQVudj4OkyC+NuGPkShaSJnlm0bf0yPHRXRThZ0DQ/ywJnA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
ZxMRd96028df6a7be8eacc78b1f90cb13913f96b, vFhr7fe9c1350e4ab385e1b6e8cadc7ae3efc954
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
/
www.google.com/pagead/1p-user-list/863262324/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/863262324/?random=1677751969158&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2970128296&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/863262324/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/863262324/?random=1677751969158&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2970128296&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
151 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-25492706-2&cid=881446011.1677751970&jid=253758321&gjid=1168055987&_gid=498704587.1677751970&_u=YCDAgEABAAAAAEAEK~&z=645851865
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:402::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
194 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j99&a=1895501306&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ul=en-us&de=UTF-8&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgEABAAAAAAAEK~&jid=253758321&gjid=1168055987&cid=881446011.1677751970&tid=UA-25492706-2&_gid=498704587.1677751970&gtm=45He32r0n71PW7265&cg1=COM%3A%20CERT&cd1=881446011.1677751970&z=1143856046
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 02:17:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
28496
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/863262324/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs...
  • https://www.google.com/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleads...
  • https://www.google.de/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadse...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQkxzSG5MUDNDRk5CM0lGRmpCbWlaQWVRU0wtVnhUUTdzaGR1V29jR3hEYnBMRlRFMWZ0bVV5&is_vtc=1&ocp_id=oXYAZNSSDoqm1waqo5a4Bg&cid=CAQSKQDUE5ymXpymdC_cUgZdX6zVJX_TOOD-PW7E_qAbQ0ItmEvoG7bRCv0u&random=108973170&ipr=y&prhg=0
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/863262324/?random=2108219055&cv=11&fst=1677751969168&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQkxzSG5MUDNDRk5CM0lGRmpCbWlaQWVRU0wtVnhUUTdzaGR1V29jR3hEYnBMRlRFMWZ0bVV5&is_vtc=1&ocp_id=oXYAZNSSDoqm1waqo5a4Bg&cid=CAQSKQDUE5ymXpymdC_cUgZdX6zVJX_TOOD-PW7E_qAbQ0ItmEvoG7bRCv0u&random=108973170&ipr=y&prhg=0
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
107 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-25492706-2&cid=881446011.1677751970&jid=253758321&_u=YCDAgEABAAAAAEAEK~&z=211316191
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-25492706-2&cid=881446011.1677751970&jid=253758321&_u=YCDAgEABAAAAAEAEK~&z=211316191
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A49%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2010%3A12%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2010%3A12%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2002%20Mar%202023%2010%3A12%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
492 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A10%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&rl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&if=false&ts=1677751969671&sw=1600&sh=1200&v=2.9.97&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1677751969670.123136068&it=1677751969457&coo=false&rqm=GET
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 02 Mar 2023 10:12:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
img.gif
b.6sc.co/v1/beacon/
43 B
492 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=play&q=%7B%22event_id%22%3A%22%22%2C%22event_value%22%3A%22https%3A%2F%2Fwww.group-ib.com%2Fvideo%2Fcert-video.mp4%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:49 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.googleadservices.com/pagead/conversion/10865976765/
3 KB
2 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/10865976765/?random=1677751969701&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
83a2d11daac7c163ed6ce47d3a0c6fb25f7680ba9ad813774d739449dc3aec91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1568
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/10865976765/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3...
  • https://www.google.com/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googlead...
  • https://www.google.de/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleads...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQzVnUVRZN0puY3dLVUJBVExwVm1MNUNOV2ViTldQa1diZC10WFBKc2diU29lNlNxdUR3TFN5&is_vtc=1&ocp_id=oXYAZMeWLJb-xgLG-JuYDg&cid=CAQSKQDUE5ym7vv7BedtMYLGLBr_b3lzEQk4rbQMW8hkK2b2EgQOyQmpme1q&random=410223284&ipr=y&prhg=0
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:49 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/10865976765/?random=923213196&cv=11&fst=1677751969701&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0stQm9BWVE1cVQwaG9MQW8td3VFaVVBcVZVdjhXODFnQ0Z6ZjNwVTVzdjVxMnlmc1JuWWpyV2o1WEFtMWswZ0xObXhORTlrGlhDaEVJZ0stQm9BWVFuLVR3eEpfLTU5XzdBUkl0QUExSU5WQzVnUVRZN0puY3dLVUJBVExwVm1MNUNOV2ViTldQa1diZC10WFBKc2diU29lNlNxdUR3TFN5&is_vtc=1&ocp_id=oXYAZMeWLJb-xgLG-JuYDg&cid=CAQSKQDUE5ym7vv7BedtMYLGLBr_b3lzEQk4rbQMW8hkK2b2EgQOyQmpme1q&random=410223284&ipr=y&prhg=0
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fl
www.group-ib.com/api/
665 B
808 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=79fLxN0sdJ3S9z4EAKcMJCmOKqSY8FJcNF3U%2FpclYYJD6FPjvmWk0IFbdP9qhANW2vbi29pGW%2F2xsWss5OlWRl2VtuUGkrs8J7hDeTPPQjTrggRlUIWqDpqmdkyuyRouIsdhpLtjPyfW7ObjDVZLJjMR5u0A3ByDIJKh
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
3ae23bb79ff11cc16298dbd8c667c8af8b564cca3b2751814f811e42b93115bb

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
PqbFM5wXmHUWmZE849e7pxUETFkivCG4NBfrQbaqL8Io3DHpvqs6MAn5/Ki/4+Vy+8EMiWD+P4HvS6RWBQCkRekdA4aftJoEIwFHhQtviVzWlFwmiZAjOm8aigC9NMr0CLpC0PZ2Vbl6MNahtXXwO8d633IzEjFQ5JBSAYY6ZKTWx+Do8K3t5rVOsCMNWhpI0mC1b8lhRos6ys30jeNS2GB/wbAO3MUw8M8CpxrQiZF0g3JZnR5/8KaXZrt/7A==, PqbFM5wXmHUWmZE849e7pxUETFkivCG4NBfrQbaqL8Io3DHpvqs6MAn5/Ki/4+Vy+8EMiWD+P4HvS6RWBQCkRekdA4aftJoEIwFHhQtviVzWlFwmiZAjOm8aigC9NMr0CLpC0PZ2Vbl6MNahtXXwO8d633IzEjFQ5JBSAYY6ZKTWx+Do8K3t5rVOsCMNWhpI0mC1b8lhRos6ys30jeNS2GB/wbAO3MUw8M8CpxrQiZF0g3JZnR5/8KaXZrt/7A==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
f93f78cdf4857669625aaaabcbe3d381da800173, xItM47d176c2b2ed88544030cdab02af22ecd017
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:50 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1677751970199&cv=11&fst=1677751970199&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dform_start&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d37546c525b371b8fd8d00dad6e7e39db4ff9fcbffd19e1d0fe5bd6ddd665b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1241
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1677751970214&cv=11&fst=1677751970214&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=349820619.1677751969&uamb=0&uaw=0&data=event%3Dform_submit&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2f93810fe0e802f71d0d4f6edc8ea6c193cda0aff8bb20b8355fe59a72ec6027
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1238
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame 6EA4
0
73 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.group-ib.com
Referer
https://www.group-ib.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.group-ib.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Thu, 02 Mar 2023 10:12:50 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
10865976765
google.com/ccm/form-data/
0
246 B
Ping
General
Full URL
https://google.com/ccm/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=349820619.1677751969&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk&ecsid=644685070.1677751970
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
10865976765
google.com/pagead/form-data/
0
0
Ping
General
Full URL
https://google.com/pagead/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=349820619.1677751969&ec_mode=a&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

10865976765
google.com/ccm/form-data/
0
54 B
Ping
General
Full URL
https://google.com/ccm/form-data/10865976765?gtm=45be32r0&hn=www.googleadservices.com&auid=349820619.1677751969&uamb=0&uaw=0&em=tv.1~em.7t_xDy9vM7RQb0hGSYZfT5avdC_4aL3KQNrTANe8dhk&ecsid=644685070.1677751970
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10865976765/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10865976765/?random=1677751970199&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_start&fmt=3&is_vtc=1&random=2335692958&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10865976765/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10865976765/?random=1677751970199&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_start&fmt=3&is_vtc=1&random=2335692958&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10865976765/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10865976765/?random=1677751970214&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1001167544&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:803::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10865976765/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10865976765/?random=1677751970214&cv=11&fst=1677751200000&bg=ffffff&guid=ON&async=1&gtm=45be32r0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dform_submit&fmt=3&is_vtc=1&random=1001167544&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 10:12:50 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A49%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:50 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
fl
www.group-ib.com/api/
665 B
718 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=8j0uGFRixGEyFLcYt80kE9IOBHF6CvltZDUZp7VXpaqW09xj%2FIUK%2Fg7qosVAq9JDaVWHuhFveVr%2Bjk8CMUKQVIq56gWoir%2BlqugaBR3Y0V5oCGO%2FmIIOQNrrx8IHGXnGke9NbytepSiNVHRIBVcp09Bt3TaeIT1WWv2t
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d4bc3327d45126b17a584b3a1f0deaedf23d8b9326ef7a9c8e1646830a4d6719

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
oBOFWHC/ZJhEq8VAeP1xwRwKzH+9a9cw5EUtoHuFaYqjtrIc3r6Wecbb+C1eQTVyyiXzhtG8VK8CGZ1/TawC5sR10ri00xifmTLppRw0Ob/DdfSJJEIb2qBzFzrOtCKJfWzfX/nAEdGTHfQ+AlonJOT/CuXyLj+dStvOvBjqM0JVZGynuYZOBEJxdooSYWWsSfFYpIB1wKLs01HMA/Yr0ny4waZ/vpig7iw0tV9qH1MhpkyYL1NaYT7mhrX7Cw==, oBOFWHC/ZJhEq8VAeP1xwRwKzH+9a9cw5EUtoHuFaYqjtrIc3r6Wecbb+C1eQTVyyiXzhtG8VK8CGZ1/TawC5sR10ri00xifmTLppRw0Ob/DdfSJJEIb2qBzFzrOtCKJfWzfX/nAEdGTHfQ+AlonJOT/CuXyLj+dStvOvBjqM0JVZGynuYZOBEJxdooSYWWsSfFYpIB1wKLs01HMA/Yr0ny4waZ/vpig7iw0tV9qH1MhpkyYL1NaYT7mhrX7Cw==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
nzBE5be03778e426a1f823aae467016ec61125c4, nHsXcf8ee2e31f1afa57edb876f1ff2cfc09e2f2
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:50 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
fl
www.group-ib.com/api/
665 B
802 B
XHR
General
Full URL
https://www.group-ib.com/api/fl?u=6be38e00-b86b-11ed-b39e-b20c7082bf77&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=W9bF5gifoKtwYjcrXHye3NTa8AOnsHkVDO%2FWUtKDdhzxZQ6iqQKBcJL2Gm7%2BxoG69bhcYKvZSMIsYhVQLbMgYKEJp%2FH5xNV6ntlisS4U4FVdpufOOoukGzrFvwxTiKZi3f%2F9fHPoMGtzR8Tt7XWAobl1I2UCCocwf0R8
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
2744da55580a5a8a9c7467ffe69b064a0e0d26c1c80a6644569e0e70f007dd04

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
jVrujAxL8SegFvvDhLzOTeJdSnrweu1gFD/VYhJOuNXl+9O0YeYPK5NlDxJyPizW8TI3Yms8y4nRIzCT1PDNd51w3lVdOSfXWEJbRERinvk+WbamMN9Fky6GNjuBglUpQ/KtadEuZSPgfDK/bGaayGJyz3sXaMx7oQhuSE8ttpDOCqXQyrPeNALZR6rr61FSyitM0G/7ixZcfzu1n6NiKdt21isVPngyIf0D4VkUdO4uonQ++MFoNJjaUKeeDA==, jVrujAxL8SegFvvDhLzOTeJdSnrweu1gFD/VYhJOuNXl+9O0YeYPK5NlDxJyPizW8TI3Yms8y4nRIzCT1PDNd51w3lVdOSfXWEJbRERinvk+WbamMN9Fky6GNjuBglUpQ/KtadEuZSPgfDK/bGaayGJyz3sXaMx7oQhuSE8ttpDOCqXQyrPeNALZR6rr61FSyitM0G/7ixZcfzu1n6NiKdt21isVPngyIf0D4VkUdO4uonQ++MFoNJjaUKeeDA==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
HdhJ384fd9ee6f71907da0f797ac8240f9541307, c0qB86b5bdec60745ea81752f3ec7b70b303abe4
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 02 Mar 2023 10:12:51 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:51 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
492 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=3b3fe024-06b9-4a63-8545-9b5f32462022&session=7e760a41-19e7-401a-8c50-3e174d4d146f&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2002%20Mar%202023%2010%3A12%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=61ccac85-3dd5-49e7-8305-5afad7d46fd7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.64.113.114 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-113-114.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 10:12:52 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 boolean| credentialless object| gib boolean| __gibclatt boolean| __86a4b3f1c71b93a8cb28ae2a51a4c386__ function| gibSetAttribute function| gibSetAttributeCallback function| gibRemoveAttribute function| gibHash function| gibEncrypt string| __guc__1.0.0 object| dataLayer function| gtag function| $ function| jQuery object| conf function| fbAsyncInit object| google_tag_manager object| google_tag_data object| GooglebQhCsO function| _classCallCheck function| executeFunctionByName function| _createClass object| landing object| certainDomains object| publicDomains function| Tiles function| Action object| actions function| CubicGallery function| CubicGallery2 function| Parallax function| Popup function| SelectThis function| CubicForm function| CubicSticky function| SwipeDetector function| CubicSwitcher function| CubicTabs function| ChangeForm function| Shifter function| ClipboardJS function| raf object| gacid object| gaClientId object| FB function| Accordeon function| EmailsBase function| wr function| Cookies function| CrmForm function| Marketo object| merchPop function| metrics object| LinkedIn object| News object| showMore object| News2 function| PollForm function| fillPoll function| Share function| ShowMore2 function| CubicTags function| Test function| Tumbler function| initTumbler function| Unsubscribe object| hubspot object| HubSpotForms object| _hsq object| hbspt object| hsFormsOnReady object| _6si function| twq object| _linkedin_data_partner_ids boolean| _already_called_lintrk function| fbq function| _fbq object| _NBSettings string| GoogleAnalyticsObject function| ga object| popups function| initCrmForms object| __buffer object| MktoForms2 object| SENTRY_RELEASE undefined| Raven object| _nb function| __neverbounce_349828 function| onYouTubeIframeAPIReady object| gaGlobal object| regeneratorRuntime object| twttr function| lintrk object| gaplugins object| gaData object| ziws

37 Cookies

Domain/Path Name / Value
www.group-ib.com/ Name: gssc213174
Value:
.www.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.app-lon09.marketo.com/ Name: __cf_bm
Value: gMPyS0e4CxrPDFR71Mv9zs9OtkYldkFLRLmXKBAmGZU-1677751969-0-AQh958VQGI9uMnTvAJAFxcQlCKW/MMfL4pHTjY2JEM5cyrEOqsLaAg0soHL6uOh4ZDRnmWHwRHYloBdCFMy3518=
.www.group-ib.com/ Name: __zzatgib-w-group-ib
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: __zzatgib-w-group-ib
Value: MDA0dBA=Fz2+aQ==
.doubleclick.net/ Name: IDE
Value: AHWqTUmW5607Lo8e5rqC1e7nwuuVhtv9F1i_EvC9srtb1X9ItgQGPW2JnDcTH3KU
.ws.zoominfo.com/ Name: visitorId
Value: 95eef29ea0dc4d7402236beec87b84e91480379dbff6fad9c5f431c6822ee6fc
.zoominfo.com/ Name: __cf_bm
Value: fPW9wDdYRf54Il8aDGCghVqWhE07z1pSkZuJyVvYkiE-1677751969-0-ARsWawwIRzBwviPRng8JfJ8t/HZoyUTxIWWOInww4vd8aDAW3uV7aGmsts+ioltmEGPs+c/SbxC0GdWSpyMcrCw=
.zoominfo.com/ Name: _cfuvid
Value: LbHW9JQDM6IQAdaDIYO6H5JUE2a1pzQv8hyc676of20-1677751969255-0-604800000
.id.group-ib.com/ Name: gcfids
Value: mL3HoG9jXjhkzD7+MPhJAzN0bByj+FCrkEt8m+i8z73bNI45+tV-skn1S0viJO3xgZwjiM+WL24XYF2EvzL2MIvEuKn8rr1PvvfIwvSk9HyPnlU8Cz6MaDrKwZz0
.group-ib.com/ Name: _ga
Value: GA1.2.881446011.1677751970
.group-ib.com/ Name: _gid
Value: GA1.2.498704587.1677751970
.group-ib.com/ Name: _dc_gtm_UA-25492706-2
Value: 1
www.group-ib.com/ Name: ln_or
Value: eyI0NDk2NjAxIjoiZCJ9
www.group-ib.com/ Name: _an_uid
Value: 0
www.group-ib.com/ Name: _gd_visitor
Value: 3b3fe024-06b9-4a63-8545-9b5f32462022
www.group-ib.com/ Name: _gd_session
Value: 7e760a41-19e7-401a-8c50-3e174d4d146f
.group-ib.com/ Name: _fbp
Value: fb.1.1677751969670.123136068
.twitter.com/ Name: personalization_id
Value: "v1_8Gz16vo5dinhJbWKA1rNUQ=="
.t.co/ Name: muc_ads
Value: 75381d0c-a3ac-4f0b-8509-9f16a9adfafd
.linkedin.com/ Name: UserMatchHistory
Value: AQLztU7NG2Q31QAAAYahz2em_o67YAieTyXW6dX7JAH_o1qeJBQnuKOcvMpfNUYeKZORvKuve77DNg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJJ_EQU1kgvmQAAAYahz2emMgj0ifsHnSWMAzohovW3I7YXkXTYo2ZUzYKnd-pHzDZGLGidtftpQgtBaf4szw
.linkedin.com/ Name: bcookie
Value: "v=2&fec72b4b-f8d0-419d-8dff-aaeefe3acdb4"
.linkedin.com/ Name: lidc
Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2522:u=1:x=1:i=1677751969:t=1677838369:v=2:sig=AQGvDSWUsGA6ralcAD-qw1-cIZv1ZUDk"
.6sc.co/ Name: 6suuid
Value: 1f6ed4173f300000a176006475030000af221600
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230302101249331e4021-fd8f-49c8-87f6-90ecc4ad75ceAQGNGbSmjS0K3H6n8ET-GdxOib6B4O_h"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Nzc3NTE5Njk7MjswMjH5DXDAKkJo3jds7u+RIzNSrWOqxLIOVuq2s/Xp2nMQSw==
www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: W9bF5gifoKtwYjcrXHye3NTa8AOnsHkVDO/WUtKDdhzxZQ6iqQKBcJL2Gm7+xoG69bhcYKvZSMIsYhVQLbMgYKEJp/H5xNV6ntlisS4U4FVdpufOOoukGzrFvwxTiKZi3f/9fHPoMGtzR8Tt7XWAobl1I2UCCocwf0R8
.www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: W9bF5gifoKtwYjcrXHye3NTa8AOnsHkVDO/WUtKDdhzxZQ6iqQKBcJL2Gm7+xoG69bhcYKvZSMIsYhVQLbMgYKEJp/H5xNV6ntlisS4U4FVdpufOOoukGzrFvwxTiKZi3f/9fHPoMGtzR8Tt7XWAobl1I2UCCocwf0R8
.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: W9bF5gifoKtwYjcrXHye3NTa8AOnsHkVDO/WUtKDdhzxZQ6iqQKBcJL2Gm7+xoG69bhcYKvZSMIsYhVQLbMgYKEJp/H5xNV6ntlisS4U4FVdpufOOoukGzrFvwxTiKZi3f/9fHPoMGtzR8Tt7XWAobl1I2UCCocwf0R8
.www.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: oBOFWHC/ZJhEq8VAeP1xwRwKzH+9a9cw5EUtoHuFaYqjtrIc3r6Wecbb+C1eQTVyyiXzhtG8VK8CGZ1/TawC5sR10ri00xifmTLppRw0Ob/DdfSJJEIb2qBzFzrOtCKJfWzfX/nAEdGTHfQ+AlonJOT/CuXyLj+dStvOvBjqM0JVZGynuYZOBEJxdooSYWWsSfFYpIB1wKLs01HMA/Yr0ny4waZ/vpig7iw0tV9qH1MhpkyYL1NaYT7mhrX7Cw==
.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: oBOFWHC/ZJhEq8VAeP1xwRwKzH+9a9cw5EUtoHuFaYqjtrIc3r6Wecbb+C1eQTVyyiXzhtG8VK8CGZ1/TawC5sR10ri00xifmTLppRw0Ob/DdfSJJEIb2qBzFzrOtCKJfWzfX/nAEdGTHfQ+AlonJOT/CuXyLj+dStvOvBjqM0JVZGynuYZOBEJxdooSYWWsSfFYpIB1wKLs01HMA/Yr0ny4waZ/vpig7iw0tV9qH1MhpkyYL1NaYT7mhrX7Cw==
.www.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: lA2jb3bdfa9bd4520ac9e34e6e1639e2b1104149
.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: lA2jb3bdfa9bd4520ac9e34e6e1639e2b1104149
.group-ib.com/ Name: _ga_QMES53K3Y2
Value: GS1.1.1677751969.1.0.1677751970.59.0.0
.group-ib.com/ Name: _gcl_au
Value: 1.1.349820619.1677751969.644685070.1677751970.1677751970

5 Console Messages

Source Level URL
Text
network error URL: https://www.group-ib.com/cert.html
Message:
Failed to load resource: the server responded with a status of 403 ()
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network error URL: https://www.group-ib.com/api/fl/idgib-w-group-ib
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.neverbounce.com
app-lon09.marketo.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.neverbounce.com
cert-gib.com
connect.facebook.net
fhp-aws-antibot-back.group-ib.com
fonts.googleapis.com
forms-eu1.hsforms.com
forms.hsforms.com
google.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js-eu1.hsforms.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
ru.id.group-ib.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.group-ib.com
www.linkedin.com
104.16.93.80
104.244.42.67
104.244.42.69
104.64.113.114
13.107.43.14
13.225.78.122
142.250.186.130
172.65.232.43
172.65.255.172
185.17.9.182
199.232.16.157
2001:4860:4802:32::36
2600:9000:20eb:da00:2:53b2:240:93a1
2606:4700::6810:5805
2606:4700::6810:650c
2620:1ec:21::14
2a00:1450:4001:806::200e
2a00:1450:4001:810::200e
2a00:1450:4001:813::2008
2a00:1450:4001:829::2003
2a00:1450:400d:803::2004
2a00:1450:400d:807::2002
2a00:1450:400d:80e::200a
2a00:1450:4025:402::9b
2a02:26f0:11a:39e::1c91
2a02:26f0:11a::6867:4832
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.64.98.252
3.72.181.255
37.252.171.22
5.9.185.28
52.3.31.211
0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc
107489855354318ae43cf4be354432590663de1a874b4b813ba569457371b254
13445e09e83701aae314900b2611e0d3e20f8a04404283fcfb5fa84c43b66775
141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547
16c7b60626b646d76a6664f0db2277711aa0c2690060275cb6702ee3fe182bdf
16ea0f37e7b893f9078384d11e94c9f9bad304b4752f4cea7d3504f527a340c3
206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53
2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197
220c6818d32a04168722435f0bc20a89dec1beecf081b5b9d56c6b0534fa6972
2744da55580a5a8a9c7467ffe69b064a0e0d26c1c80a6644569e0e70f007dd04
28aabea3885481e4a5fe0c4031bbea2e9ab1d4cca1adeac5ccde868d49ec0019
29c26450d56f460fbb5634a4d7245180674a9bbcc06fafb8c489e9132eab4c16
2f93810fe0e802f71d0d4f6edc8ea6c193cda0aff8bb20b8355fe59a72ec6027
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3ae23bb79ff11cc16298dbd8c667c8af8b564cca3b2751814f811e42b93115bb
3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34
3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6
3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61
449a470b33874b82ecccb6ecb405b622f30b51fb699e36283abd053326f189a8
48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9
4feda8421fbc57d47dadbe5022d1644ecc61f4bf897337ebb8fdaa7350b43784
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5979e1170f6b2c707bf46ad3e998261a4d811ffca0b56200a47fb6f5fa799da8
5c383c66beae35484e29311a9e17e2be6dc409c6fcf365e5cf9b11df2e6fe336
651323c16e5e0db04c45eeb60e0588804fe63e1f3787ec7d8900a5d143ace7f3
66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d6b766a86ee59cc94e61ba039af69a6adf0dc75e9eaa15522072d970f5090fd
7061e8c6ca7c7b9eb635d5bc9154ade9f524ed694c9b4834f3404b2af189c610
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06
77d394a1dd590551f25748c1daceb7b5ebcb49d55ef7ec69dce4c4b33a5b4161
7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
826125051cec4d9fe617685587a67d8223a817fc0b847bc7b1e2adccba936dbc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a2d11daac7c163ed6ce47d3a0c6fb25f7680ba9ad813774d739449dc3aec91
844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5
84d37546c525b371b8fd8d00dad6e7e39db4ff9fcbffd19e1d0fe5bd6ddd665b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a006ed69290a031c88da1ae803c48d2c1134d582a899e7be2724679f2bd6ecd
8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1
96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645
96c4e58e8a03bbdefeb244e74873ce152349cdb30b308628dd7c3e2d7c7e118a
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355
9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246
a0123eded788d31af982c69073accde95512f79937578813e722c1bf4abbed27
a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54
a3f404492e86b93af64e3db44aeb74363d80df6ebea2a3b1ed567d8672ed27fa
a4dd9e4e76108e414d1700571feb305e53b097ea854e22dd20b123297658a51d
aa228ae53ac82032794b0cb0c94d2841be5b91fa0ff87bb9caec1a9ed1e72726
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b5a3e3d06662b3695bd16dc8d9d3f9edb0be632864df248d57b758bee98378d6
beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410
c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117
c84d46f144cc5fc65f5a33c94f8aa1453a336d65026e8c47c180411ccc9dee4e
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cab52dc3525d23d87fc3337ea17253060c6f723389a33e62699d510f1878972b
cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491
cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d3241ad96ed64f4ba82370c58c77eecad95ffbfb35fdb32f992f799c2682efdc
d434c29a6b883c342b28c613c750dc475913e189c6c3264bfd9a57cc8f033c06
d4bc3327d45126b17a584b3a1f0deaedf23d8b9326ef7a9c8e1646830a4d6719
d975a5e434604dc8405e672c0f8ac8fda54c0e50f1da157cfef384d58686f413
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4
e6a073e563e9a4f4b69d5f65b9cebc6f3878c49fb51b43fb47ef52349d349528
e7c2bc3e403513bee0413687c80b67e0aada1180e6e4b3b084d320d34ff9444d
e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a4b4b0adef4a9dd7373973c90c92c8ed006a36133a1214cdee6e22408e98c5
f1a76ecbcbefc0b357ce381eba61f68a4d2c8c5297ec27ec3380ed03edbe5744
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c