www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.group-ib.com/blog/mxdr-cryptominer/ Page URL
2. https://www.group-ib.com/blog/mxdr-cryptominer/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92

• https://website.cdn.group-ib.com/wp-content/uploads/bg-blog-1.webp HTTP 301
• https://www.group-ib.com/wp-content/uploads/bg-blog-1.webp

Request Chain 113

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1695410347690%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fmxdr-cryptominer%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKe9CFxmEsjagAAAYq-VOCvJjpqayO-Kq7Apd1-6HBb3W24PgSjAkaRJB3z_oMU0UjVsy8U-z5E-2UsoQlxugWDkYsgfA

Request Chain 116

• https://mc.yandex.com/sync_cookie_image_check HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10134.ZSBXXIJazlBmQZt6I7bsthV1nnSWhuG-K8SZpNerrz6EAR3Zn2zjND4-HxEUk5GF.0VjVRdL_Qf6msfnzx-rPyzSgTCQ%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide?token=10134.UikHdStK_bBuREWHM8ut85y-4hG6e_ltibrwq9uGdllb7cyOqfkE0qQ-zGnYy7bTDIjJXBG_i0ue0N5Gvdk-3GXuZ0Gft8S--9sjp5QXMMU%2C.ueta1cLtrfkKSH6roNU1vgpScJ0%2C

Request Chain 129

• https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A344%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211907%3Aet%3A1695410348%3Ac%3A1%3Arn%3A894558512%3Arqn%3A1%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C28%2C7%2C0%2C0%2C%2C456%2C22%2C%2C%2C%2C527%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348%3At%3AIt%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
• https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A344%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211907%3Aet%3A1695410348%3Ac%3A1%3Arn%3A894558512%3Arqn%3A1%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C28%2C7%2C0%2C0%2C%2C456%2C22%2C%2C%2C%2C527%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348%3At%3AIt%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1

Request Chain 135

• https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
• https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10134.CibmdqmRuvljRL0_XBD6V-FpK_6WvGGW4p9DB5cmHcpdfdVymeJyOI3OUkAp7zdi.HiZKtWXvylNf07W4YkwCmC70x3I%2C HTTP 302
• https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10134.QIfh8teNYtEJ1NFB0-v-6PyrwrlP-HK0bthGCO55aHhY1PFFcDH-vHT6Z5A3ENmiS7-RY2QtGy25zLI7o4HE01c-yYF9f-eymvasln9wsVA%2C.icsqO2fhd5pdVaGM4lb9gtcoPRk%2C

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
32 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	403	/ Show response www.group-ib.com/blog/mxdr-cryptominer/	7 KB 7 KB	71ms 8ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software / Resource Hash 94663690e568d9c17f906c8f8d4b71ffad5e12e7730d96bef82ba685d160a7cf Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, no-store, must-revalidate content-type text/html date Fri, 22 Sep 2023 19:19:05 GMT
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	351 KB 138 KB	85ms 19ms	Script text/javascript	138.201.59.158 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 138.201.59.158 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.158.59.201.138.clients.your-server.de Software nginx / Resource Hash 8a609c8ebc5383e71635b12641c806807880ea95cc28ee538240705c0379a81b Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:05 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET DATA	200 OK	truncated /	486 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f8cf95065eac39ed82a0e8dba49ff639809ff104544b0dffb8af072db73b691d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4e4aa518274d43bee6f5285f6b1a78f4e0f064665f6e4e8ea7413768853a6803 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	205 B 664 B	16ms 16ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 519b5d79e5477a5b69cb8064c9e6946820cf9e7c0d01d1514a28f314685b93fb Request headers Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 x-cfids - Response headers date Fri, 22 Sep 2023 19:19:05 GMT content-encoding gzip server nginx etag W/"zmv1A7z39mLbFUYIb2A7zhnUAwiVD9F4nw3d8ASD1gFEsWkrZbDPnYGfmZQMU2lA+7LSZYVW3XUWMyibp3Dn/y1UkMkS03bowIIyeLKw7FQCU1SGJMydkINY+Lu2T4x3CoMAYgb++BpYEajQk76dgmaV" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 1
POST H2	200	fl Show response www.group-ib.com/api/	665 B 982 B	31ms 31ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=106e9120-5963-11ee-b911-12c4af0fa9ea&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=zmv1A7z39mLbFUYIb2A7zhnUAwiVD9F4nw3d8ASD1gFEsWkrZbDPnYGfmZQMU2lA%2B7LSZYVW3XUWMyibp3Dn%2Fy1UkMkS03bowIIyeLKw7FQCU1SGJMydkINY%2BLu2T4x3CoMAYgb%2B%2BBpYEajQk76dgmaV Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 73a26659d817afa7ea1dbc1f492b5129e4d3b9ce20c622146223c25112b60929 Request headers Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Sep 2023 19:19:06 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 2 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
POST H2	200	fl www.group-ib.com/api/	665 B 692 B	16ms 16ms	Ping application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=106e9120-5963-11ee-b911-12c4af0fa9ea&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=VJlL2daSyvgQ34XB5m2SSuaGJqPGYRhg45KfEgEH7ouhxwet%2B%2F5vN0xAY43tdkRdpw0OUdOB6d%2BzGhRq%2FjRBdPA2asgxc1QW8mHjd7fM9%2BdPoNo7S23Lf5gpd6WPw1zGsgfqmEOBQOPztqSos2JHjdfYtTy0CYuoMCh0 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Sep 2023 19:19:06 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 1 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	Primary Request / Show response www.group-ib.com/blog/mxdr-cryptominer/	104 KB 24 KB	28ms 28ms	Document text/html	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/blog/mxdr-cryptominer/ Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 6dfccb79a1a08d7f0e895aaa5ab958d4325b4e62308500ac8cad816d1ee21c25 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/blog/mxdr-cryptominer/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin https://www.group-ib.com cache-control private, max-age=3600 content-encoding gzip content-length 23564 content-security-policy frame-ancestors 'self'; content-type text/html; charset=UTF-8 date Fri, 22 Sep 2023 19:19:06 GMT etag "5b0d-605f276f0898c" last-modified Fri, 22 Sep 2023 13:19:55 GMT permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security max-age=31536000; includeSubDomains vary X-Forwarded-Proto,Accept-Encoding,Cookie x-content-type-options nosniff x-frame-options sameorigin x-xss-protection 1; mode=block
GET H/1.1	200 OK	bt-autoinject.js Show response fhp-de-js.group-ib.com/d/	351 KB 138 KB	23ms 23ms	Script text/javascript	138.201.59.158 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://fhp-de-js.group-ib.com/d/bt-autoinject.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 138.201.59.158 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.158.59.201.138.clients.your-server.de Software nginx / Resource Hash 8a609c8ebc5383e71635b12641c806807880ea95cc28ee538240705c0379a81b Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:06 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/javascript; charset=UTF-8 Access-Control-Allow-Methods GET, POST, OPTIONS x-envoy-upstream-service-time 0 Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	lazyload.min.js Show response www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/	6 KB 2 KB	26ms 24ms	Script application/x-javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 2356 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 29 Jun 2023 07:01:06 GMT server nginx etag "1883-5ff3f43abc651-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	swiper-bundle.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	140 KB 39 KB	125ms 61ms	Script application/x-javascript	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 39504 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:41:14 GMT server nginx etag "22ede-5e7e9344df9f2-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id k7Oup6deHkF2aLPy2R98RhW_e0xVmYHuBXyBwanHLYOnQFP3wJmnzw== expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	classic-themes.min.css website.cdn.group-ib.com/wp-includes/css/	217 B 1008 B	106ms 43ms	Stylesheet text/css	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/classic-themes.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 189 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "d9-5ed309cf15c82-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id fg7So_WbuXlbQtoxvrahy_CLaEAESLW3L3lOv3wvD0XcPUTTPU8UbA== expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	dashicons.min.css website.cdn.group-ib.com/wp-includes/css/	58 KB 36 KB	112ms 48ms	Stylesheet text/css	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/css/dashicons.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 35730 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 10 Jun 2022 07:03:36 GMT server nginx etag "e688-5e112897ec200-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id kS1NvfdBuL0RKRwpvmqNmB02WRVazgKvFO_55Kd4wf_oIVUY0YBNUQ== expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	frontend.min.css www.group-ib.com/wp-content/plugins/post-views-counter/css/	215 B 310 B	25ms 23ms	Stylesheet text/css	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash ed70c2cf61d0f24d03299ffc5896c7abd86bb858501987dc10e3afec086c01df Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 160 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 26 Apr 2023 07:26:40 GMT server nginx etag "d7-5fa38293ec798-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	jquery.min.js Show response website.cdn.group-ib.com/wp-includes/js/jquery/	88 KB 31 KB	114ms 51ms	Script application/x-javascript	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-includes/js/jquery/jquery.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 30995 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 11 Nov 2022 11:58:50 GMT server nginx etag "15e54-5ed309cf21802-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id eJH8x0P2uPY_ljlQlqPNkX9_Y-WKQO225zTcxCbkI4TzucTCb7G5og== expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	single-blog-post.css website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/	271 KB 39 KB	130ms 67ms	Stylesheet text/css	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 5f3eb686a53660713a24f146256d6184081e7a42a15833d98367b19162e611f6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:06 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 39011 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 22 Sep 2023 19:18:58 GMT server nginx etag "43aea-605f77afced90-gzip" x-frame-options sameorigin vary Accept-Encoding content-type text/css access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ufzgKBtLeFOi0HjatNLnd9rGqRZmwl35IciluDyflsciDQXlMc-LPw== expires Fri, 22 Sep 2023 19:49:06 GMT
GET H2	200	v2.js Show response js-eu1.hsforms.net/forms/	549 KB 175 KB	77ms 19ms	Script application/javascript	172.65.255.172 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsforms.net/forms/v2.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-encoding br age 244 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3812/bundles/project-v2.js&cfRay=80acdfd30f829a33-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"84d6c03b19ba72ee08ca8c27dee147c2" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3812/bundles/project-v2.js date Fri, 22 Sep 2023 19:19:06 GMT x-amz-version-id 4b09e6_AhU37WJHx62r2StyRWH0KMlOF via 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 4cb0983e-7123-44f1-9a63-b98f9d8387ef x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 4cb0983e-7123-44f1-9a63-b98f9d8387ef last-modified Fri, 22 Sep 2023 08:13:06 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GRVtAVSu9lubVtYbG3Q7oObcnyE0ChgYwqJqzMTzFu6FOooBh%2FTTqpMSzhTY11bDqHAoryez%2FgNhy43e%2FSuPQER5k5l5dK5mT%2BR3qfEdSe7wots1rWsCzYlFosBpCB0scsYQQ%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-5749f454f8-7v7zv cf-ray 80ace5cc3a73697f-FRA x-amz-cf-id nshRzLeEsk-zQILr_orpy1msDyE7E0VcMD2ramNsiKBI7u3PfvYcEQ==
GET H2	200	3-14.webp website.cdn.group-ib.com/wp-content/uploads/	86 KB 86 KB	73ms 71ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/3-14.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7cd394c0f1ee88b94529ada28bebedc6592575fa2201f2f86a286002f0c0558b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 87680 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:13:21 GMT server nginx etag "15680-605b0fe73628b" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ifEA-PAZYG55ODL7ILKKqlIcpAZCJthPLtm-7sJb4eLki6LiB-IcGA== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	4-12.webp website.cdn.group-ib.com/wp-content/uploads/	62 KB 63 KB	83ms 81ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/4-12.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8c889bca1cc140d9c4602ffacef89f03d93198468d05c4c5ef37b47124941c99 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 63870 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:13:27 GMT server nginx etag "f97e-605b0fecbc402" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id _jY-IBsHXVtpm6Uk-WhYXR5Ip0dCUvQV6JoWVuM0vp0AxuXt7I3azQ== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	26-1.webp website.cdn.group-ib.com/wp-content/uploads/	156 KB 157 KB	63ms 62ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/26-1.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6a22abdbb5df0d463811faeb1704d5b038ea4bcfea094fce14e20a9eaec22ac8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 159728 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:15:45 GMT server nginx etag "26ff0-605b10705e357" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id sI-t9NantOb-EBoTCnRWcKNziVnfPVU9GLVgAXKM-EzHvfJFlLu_8A== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	27-1.webp website.cdn.group-ib.com/wp-content/uploads/	89 KB 90 KB	80ms 78ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/27-1.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cff77734f714db0b67f6e3bf7391a2373e6da15ef7eb0ebe5ce2452554e1671f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 91628 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:15:51 GMT server nginx etag "165ec-605b10763e256" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id hPP4LUYJfh5qgY2ze_camAst8UCGn77-KR8WlE3Bh94pt4sODANvjw== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	28-1.webp website.cdn.group-ib.com/wp-content/uploads/	62 KB 63 KB	88ms 86ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/28-1.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8f9d33cc5a29da1c257ebdae17916f7eef4d9cbfc6fc36ea1462690d33712ad9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 63294 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:15:57 GMT server nginx etag "f73e-605b107bf8f91" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id K9Cke6GTPJj5RERFQsgaqfW9W9FWX8DmLqiBhtLNXtv1P1oLZAIRoA== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	main.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	211 KB 46 KB	57ms 56ms	Script application/x-javascript	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 9e74da602eceae93875543dd9a235f2fbbbca8c254c125bcb733fa6a0486c9bd Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 45806 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 18 Sep 2023 12:05:43 GMT server nginx etag "34b3c-605a0f63455a5-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ojBOwgL94oBLHjPTGRV1-frCCBWJLCRTd9BjS8ZXJShPpacDl43V-g== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	fancybox.umd.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/	103 KB 30 KB	27ms 26ms	Script application/x-javascript	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 29634 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 05 Sep 2022 07:24:28 GMT server nginx etag "19ca6-5e7e8f85cb376-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id LD5O2x7-XhQgkwLG0JNFuAmw2eZsqLBkJX7ItBNJZ9PfPy_pYv_h9g== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	frontend.min.js Show response www.group-ib.com/wp-content/plugins/post-views-counter/js/	1 KB 746 B	21ms 20ms	Script application/x-javascript	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/wp-content/plugins/post-views-counter/js/frontend.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 12475fdd5d48640d7ad60670a2342f02cf560b8cd977cf8e7e624e6a22576f82 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 628 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 26 Apr 2023 07:26:40 GMT server nginx etag "484-5fa38293ec798-gzip" vary X-Forwarded-Proto,Accept-Encoding x-frame-options sameorigin content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	25755956.js Show response js-eu1.hs-scripts.com/	2 KB 1 KB	98ms 44ms	Script application/javascript	172.65.208.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-scripts.com/25755956.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d4a19d1f4c7d1677614d76f7a64f99b5cf073ed670f34e0336a2287b9a95c191 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 24ec0c6a-a143-4239-8bff-fda18ad45de9 x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 24ec0c6a-a143-4239-8bff-fda18ad45de9 last-modified Fri, 22 Sep 2023 19:17:26 GMT server cloudflare x-trace 2BBB96B5534931387092D82971FD0AB50818E91F2E000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control public, max-age=30 access-control-allow-credentials true x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-6c99cf4b6b-65v9j cf-ray 80ace5cd2ffd2bdc-FRA
GET DATA	200 OK	truncated /	483 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 90b2bc7cc53b24b04cbfa434a3e0fdb917f46c469937a29410fffe519b2e0501 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 34fee328f6fae47dfa161a578aec1f52f68febef44ab1260d0cd2ae4c12f4131 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/png
GET H2	200	idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Show response www.group-ib.com/api/fl/	217 B 619 B	15ms 15ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 41663553c6041e61775750499c11a37e5efa4602135ee30e2a7a7ae2a5d2870d Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 AxmrfY9zNUkVVN6imIT4bJBVpPEYBqbUIbHWTULfKPI5JN2Ow7CITOcWyWtNeB1cfp7UDKf1N/O/b3ey66xYvyQ+Oh15mH6CaImcNlsCrOIjKGyjG2trQnDjnioiZ9B7M20oPTsYMsI7XTjxRg5Xl3uSz7MKazhlJrx2QWMxyDV4UhTfJyFqNMd5mU5jameEMq6RCoLc6QiDOj9NIMCQN5xcsIyGs7TH+hAWeIYKbja1cOId6gdgtSRd+A818w== Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Fcc2a47c7be64ab50f9cf65dfdce1461a075cb7c x-cfids VJlL2daSyvgQ34XB5m2SSuaGJqPGYRhg45KfEgEH7ouhxwet+/5vN0xAY43tdkRdpw0OUdOB6d+zGhRq/jRBdPA2asgxc1QW8mHjd7fM9+dPoNo7S23Lf5gpd6WPw1zGsgfqmEOBQOPztqSos2JHjdfYtTy0CYuoMCh0 Response headers date Fri, 22 Sep 2023 19:19:06 GMT content-encoding gzip server nginx etag W/"gYT3YErE+6ZIr6WgoiVVknPQRHjwe8jLxDk7+Uhgm13+pfM1u/yoewYWc5CUmM67zclJ6f9u33l/xSbD8Xf0DGhccO7+CjiuDdiKmbh80Rdeyb4IdmfvX5MLRBLY9USAu6GdlqptyxCg4yTLOVJ3SR8r/+yquVxL6HT1" vary Accept-Encoding content-type application/json; charset=utf-8 cache-control no-cache x-envoy-upstream-service-time 0
GET H2	200	G-font-Medium.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	60 KB 35 KB	57ms 43ms	Font application/x-font-otf	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 35382 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "eed4-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id Uq3Svg3aA-i6bw-Do2ttmResLkcKWgmd2jinItO9PUj6_5FsenfHVQ== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	G-font-Regular.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	47 KB 31 KB	44ms 30ms	Font application/x-font-otf	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 30798 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "bbf8-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id FZ4pz_nWlLhSlRBzc3og36fQV3K9wSAxtEVmSVFkuyfCq12PhEQ5HA== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/	9 KB 3 KB	105ms 44ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0544b573e8c5b09d6a9101271492a4ad0e9a758da55291f75d6a23c3dfcbc316 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 9241f2cd-79c7-4016-935c-5d8c4fde298c Transfer-Encoding chunked x-envoy-upstream-service-time 9 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9241f2cd-79c7-4016-935c-5d8c4fde298c Server cloudflare X-Trace 2B8DBF62CDC1D1D9FC9EF773415FCAC8E33387B74C000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 80ace5cd7abe1997-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-svqcz
GET H2	200	cross.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	342 B 1 KB	24ms 24ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 207 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "156-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id bU_63G1cwAmlj62xBHPwpPdfo16mSrPReMZYLBSRDatma-he6XuOQw== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/	112 KB 30 KB	106ms 77ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f2161d4d844a100e2d42d94163862a955cf00388e5503c495b77622207deb238 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id bb933f81-cc58-49d4-950b-5d35d810f570 Transfer-Encoding chunked x-envoy-upstream-service-time 26 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id bb933f81-cc58-49d4-950b-5d35d810f570 Server cloudflare X-Trace 2BF91BF1A353A61F4F5A77A3D3A9658004C41FD12C000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 80ace5cd7f0d9b9b-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-z9cvw
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 81cc2a3a0c0b6e8335f5f3143390b8b6f036dc573e73d3f4b5742482f0bdca73 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash acaada4e47f4ceae296159dbb33de7d42113b211c678c6d28f3e71223891e6e8 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f6e2fc76c7738628cff7e8da000270b3e255a26d72fbdf694750b0ce46f942e3 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	dropdown_before.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	154 B 973 B	27ms 27ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 150 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "9a-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id k82mFI3LE1Ugwqv9Ihzyb3ovsR5fILU7C3PKO2MHmyBcp0U5krW2MQ== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	link-arrow.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	409 B 1 KB	28ms 27ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 267 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "199-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id C3Z9yPks0w_WBfIPYr9gtglK95lc8UyLiFd14zD9fERN0_a-mCNFVw== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	Close.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	227 B 288 B	52ms 51ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Close.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 180 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 12:14:21 GMT server nginx etag "e3-5ee9aed8bc981-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	file_copy.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	668 B 438 B	52ms 52ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/file_copy.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 352 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 28 Nov 2022 13:01:55 GMT server nginx etag "29c-5ee8779d1a6cb-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	success.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	386 B 359 B	53ms 52ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/success.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 254 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 11:07:05 GMT server nginx etag "182-5ee99fd05f106-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	Dropdown-right.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/	503 B 1 KB	53ms 52ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/Dropdown-right.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 4d4a484a100e469b6e3dcf880a37755086e246cc291bab46e3edd4529e3d5d6a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 307 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 16 Dec 2022 09:56:36 GMT server nginx etag "1f7-5efeefc3ee1d1-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id l6nfQj86FJUJ5doUFKj4zuYhP-IvsBHstUt42Z-YZoJgak-zFwg9UA== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	G-font-Bold.otf website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/	49 KB 32 KB	31ms 30ms	Font application/x-font-otf	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.otf Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 31918 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "c320-5e27d5c025780-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-font-otf access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id WWbKIClAoNrIXOqHKGbctl9eL7L4WMmGeqqEWbIR_oRQomNwVw0d3g== expires Fri, 22 Sep 2023 19:49:07 GMT
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bf6187472950189d5cfbdeb5538eec71c06f0403852052b83be7d8953c837bf7 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 54d8c933b442d09ca4330e7714999b08af62c8ff3471c875f51709c3c5a4fe91 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4fc532421a866c2a95947ae5a6dc053806a544dc397fcbe0bd52846199acb9ca Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7159b53786f7353b70ad9af93223e801a0462b02a3125cf54624e594022f7da3 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9440428cfa1f438bf2124d67be88542193267eea97828c072eae0154cc4e05e8 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63b7219172532185b6b8e2cabdfed9ebfd917782b66488bfced1a07b600f31f3 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 40110bbbf9981a0e27af33a6911f373205b3f0be2b020656546fd118a4444303 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d16766bacdad36aa061559eacbe20b2fc9a3535c7d35e7d1a97ea0568774eef4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 536e3c84683deb417e273d27f458104866d0340db054e9d546371d1f3fd6647a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f2e13ee42ed0f5f8adf1d104ab371523ba6f9e998ae33692331657f65ed63a8a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 501744e5eba1a451aa9181e1c01551816071ad07dd2de9d237c0ad703fa25c3d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1ad6a999316d622c181227080122060d87b6d45fd50b730ce05acd1e216084c4 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ab514d76a6bcf110f602c14c02edcadc752789a37ed83521a4b9df61f2772d6c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	list-dot.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	313 B 290 B	32ms 30ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/list-dot.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 205 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 08 Sep 2022 12:02:57 GMT server nginx etag "139-5e82935d2238c-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	Material-Icons.woff2 website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/	125 KB 126 KB	33ms 31ms	Font application/font-woff2	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/Material-Icons.woff2 Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 12 Sep 2022 13:11:21 GMT server nginx etag "1f560-5e87aa1cf30ee-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/font-woff2 access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 1fnjyvh0CK4v4Gf-SKBMj8qcp41bYxK9eJJvEU8mcPMimoc4cXeAOQ== expires Fri, 22 Sep 2023 19:49:07 GMT
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 836c1616e3d415243f687ebb452b6aa76a0813e895175178321ea7a642cc73da Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ea5376230fe845301ca713b357a084af4bb43bcb4323744ec1363f852a9da00b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	70 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash eb8bb291baa26d17b3ae001aa380233d5ff90818b8bb64eab717f0dc5be3b72c Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3240c22054db04175ea714ad9a74dfc243c82b545d959b0933b2e51b739fc9fe Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c49b74ecc48985600b255db34c688aad050eb10dfd5c1f40a2b23ec2fa94e1c0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cc50e6053771ee2cce3158edc2897cd0d1bd41411940d8ec9653e793a202517d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	67 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ee1c0b8cf19655cc15956b9da6edecba2e248f8b211e32a8548f3ca62a00d973 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7c098cae4836456d9e6929015857abcf25e48227c5c87f1c8d9745d92e820d39 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 649bc8f41f235c37e5289ba490ef69ba3411a2817e52b5d08cf304c44430e2fc Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e87928287bb202f15b36bf0ffe80e558159e70f40053140d59a4e459fc4222ae Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 34e0bb5c5ed1184e6452cf7562faf332af1a26e95e50e035ff0a9f7065e6df9e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/	8 KB 3 KB	45ms 45ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f0604fa5cf6ae7dd1e4b321e9c5df79c05e15c780b1ee7c85cb53bf3f26abd78 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 26900742-aac6-4e66-87f5-d97c2a377476 Transfer-Encoding chunked x-envoy-upstream-service-time 14 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 26900742-aac6-4e66-87f5-d97c2a377476 Server cloudflare X-Trace 2BA66FBB366BFD7C6CF05DADF9D769B89C7B42299D000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 80ace5ce38279b9b-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-hnndp
GET H2	200	gtm.js Show response www.googletagmanager.com/	273 KB 89 KB	57ms 27ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ba43594b8d6c8f81df5ae48898649f2f37505eea977590be07ec60e38bc725d5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 90498 x-xss-protection 0 last-modified Fri, 22 Sep 2023 18:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 22 Sep 2023 19:19:07 GMT
GET H2	200	insight.min.js Show response website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/	8 KB 4 KB	18ms 18ms	Script application/x-javascript	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 3085 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 15 Jul 2022 14:12:57 GMT server nginx etag "1e5a-5e3d89d6a8c40-gzip" x-frame-options sameorigin vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id UqNwUsH-_FBKoM6KFffyeWJjSS4eTYLnPjrduAbJL3oY3Bau6Qa6Sw== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	collectedforms.js Show response js-eu1.hscollectedforms.net/	69 KB 25 KB	96ms 26ms	Script application/javascript	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hscollectedforms.net/collectedforms.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1b5aca028dd8447199f3c06601e38f5b8aba3b29be5ccd2de504a561fed2558 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT x-amz-version-id 99Y.E0UsJAdqqpubte3vKq3r2MOVQh4K via 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED x-amz-cf-pop FRA56-P2 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 3d866c1f-7264-4057-adbb-40d051bd25a2 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.425/bundles/project.js&cfRay=80ace5cecfc49968-FRA x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3d866c1f-7264-4057-adbb-40d051bd25a2 last-modified Fri, 22 Sep 2023 08:42:59 UTC server cloudflare etag W/"526bb173ed1384afadfc2b0eb6b0846e" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all x-hs-cache-status HIT cache-control s-maxage=600, max-age=300 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-5749f454f8-7v7zv cf-ray 80ace5cecfc49968-FRA x-amz-cf-id yd2krZQgfchyKpaYkmaBZvT_VsaMoPeqPy-GWa7TckUe7Frai_MlcQ== x-hs-target-asset collected-forms-embed-js/static-1.425/bundles/project.js
GET H2	200	web-interactives-embed.js Show response js-eu1.hubspot.com/	74 KB 22 KB	98ms 31ms	Script application/javascript	172.65.236.181 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hubspot.com/web-interactives-embed.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 67086be44b34af81faa7570f0fb7d386bd829fa51f00be9094c2d02457700969 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.group-ib.com/ Origin https://www.group-ib.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.539/bundles/project.js&cfRay=80ace5cec8e32bc3-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"b01108181457056f08cd184d0451cfbc" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.539/bundles/project.js date Fri, 22 Sep 2023 19:19:07 GMT x-amz-version-id CHaSKqxinPLGzgYJzkiY20bXhNU5xmiF via 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 x-hubspot-correlation-id 9ef806d0-1f89-4734-9ce4-3cb7c09b4b08 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-evy-trace-route-configuration listener_https/all x-request-id 9ef806d0-1f89-4734-9ce4-3cb7c09b4b08 last-modified Tue, 19 Sep 2023 09:01:45 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q81opbSxmIaGl3da3OBCGy9L4Jl5q2hNDPF2RJSISPMWOmbbi3P5EjPMKzLFwbAuvNL8Or1QKSXQghEZYnGYLoMNZNvfuqS0k2GOzl6EalX7UK6Y18nm7sww99z2RZ4oplGoOg%3D%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-5749f454f8-7v7zv cf-ray 80ace5cec8e32bc3-FRA x-amz-cf-id pugKVVYW0UXSuEJRrZjmmf0LwpF6PdBmt3Oy7p7mHDhx97rz2pOc6g==
GET H2	200	fb.js Show response js-eu1.hsadspixel.net/	6 KB 4 KB	82ms 19ms	Script application/javascript	172.65.219.229 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hsadspixel.net/fb.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT x-amz-version-id MiORZOji2P27E5f3usS102mv5dcg0lYn via 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop FRA56-P2 age 597 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.485/bundles/pixels-release.js&cfRay=80acd73a9f084da1-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 2495b2cd-a2ed-4d10-924c-215237ed115e cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 0 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2495b2cd-a2ed-4d10-924c-215237ed115e last-modified Tue, 19 Sep 2023 08:21:28 UTC server cloudflare etag W/"1bce211846e6a6691aa314979e0a21fb" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-5749f454f8-7v7zv cf-ray 80ace5cec9454d61-FRA x-amz-cf-id wi_K9M53y1TmGLlVdY7MT5XHBYoVAd4RGDqhz7c4efXerYBLlOe-7Q== x-hs-target-asset adsscriptloaderstatic/static-1.485/bundles/pixels-release.js
GET H2	200	25755956.js Show response js-eu1.hs-analytics.net/analytics/1695410100000/	66 KB 21 KB	126ms 71ms	Script text/javascript	172.65.238.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-analytics.net/analytics/1695410100000/25755956.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb6d4b072a3600313d26823a5904a0d86b638e99bbbb7f28df4d01f9fc54c1bf Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br cf-cache-status MISS x-amz-request-id 0SNG1Z16AJH4DJ2P x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id e7619fdb-f6b9-4140-9056-f0d563152c14 x-envoy-upstream-service-time 31 x-amz-id-2 vu+n9ty1SqPhC2jVQr87WX40en7jbCccKw4bxRyX6cmLh4+qR1TXb5OYUtvbN7uE8KjW2tWPyqA= x-evy-trace-listener listener_https x-request-id e7619fdb-f6b9-4140-9056-f0d563152c14 x-evy-trace-route-configuration listener_https/all last-modified Fri, 15 Sep 2023 18:22:56 GMT server cloudflare etag W/"bddf65f21de48f070df8e8508c7a77e6" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-55f7b4ccdf-wgfm8 cache-control max-age=300,public access-control-allow-credentials false cf-ray 80ace5ceba979016-FRA expires Fri, 22 Sep 2023 19:24:07 GMT
GET H2	200	banner.js Show response js-eu1.hs-banner.com/v2/25755956/	66 KB 20 KB	132ms 41ms	Script text/javascript	172.65.202.201 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-eu1.hs-banner.com/v2/25755956/banner.js Requested by Host: js-eu1.hs-scripts.com URL: https://js-eu1.hs-scripts.com/25755956.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 76cad6003ccfa9b83430a57d5c8365dec62d0799619adcf257e4d762fe499c0a Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT x-amz-version-id Gr5hDFYfL2RydCQo7DZDtOTuBy6zWKNp content-encoding br cf-cache-status REVALIDATED x-amz-request-id 1M7BE9HA38EQWTGT x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 8300b6c5-4616-4d90-9db1-bd160700b6e6 x-envoy-upstream-service-time 31 x-amz-id-2 X7YAyj3p7BmVNcF3UajMFyyOsfJBuyxrDuDk+jcibpmPbPt95IMTg65qsEzlDvoj8GzD+YYmnrQ= x-evy-trace-listener listener_https x-request-id 8300b6c5-4616-4d90-9db1-bd160700b6e6 x-evy-trace-route-configuration listener_https/all last-modified Tue, 05 Sep 2023 17:16:06 GMT server cloudflare etag W/"521e41ed5a9a8b6bea16ac212e4e6633" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod fra04/analytics-js-proxy-td/envoy-proxy-85d65fb994-k9w6j vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 80ace5ceffc29a1e-FRA expires Fri, 22 Sep 2023 19:24:07 GMT
GET H/1.1	200 OK	json Show response forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/	7 KB 3 KB	44ms 43ms	XHR application/json	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e2fc40db6a9738ab42c1fec738ffb0ed9333e281cbbbb6eda8265c6e653711e4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers X-Origin-Hublet eu1 Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 3fdc6148-d15d-4f11-8b7f-7688184cddc3 Transfer-Encoding chunked x-envoy-upstream-service-time 12 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3fdc6148-d15d-4f11-8b7f-7688184cddc3 Server cloudflare X-Trace 2BC264EBE46BE3D9774A57454BBE46672D08697C87000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.group-ib.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 80ace5ce6c271997-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-qb6sg
GET H2	200	main-logo.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	3 KB 2 KB	102ms 97ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 589c9a6a159cf2ecc8555bc4457827f21002eaec9a24e3bc54401ed0b4d30ac8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 1527 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Mon, 30 Jan 2023 11:16:06 GMT server nginx etag "d82-5f379576be685-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	ti.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	107ms 101ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 5919 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "171f-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id b7YbfUY-d-Dz2W4fVYpHRinvvY4vHGgfB_if1DitaV5hmHYe6HfwdA== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	asm.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	105ms 99ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 5941 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1735-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id C0HaaUbLzixIs5xT6j-7jnTS17udrJsIX5UcfQj3O8kzaEJkGqmcLA== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	fp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	8 KB 8 KB	49ms 43ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 7844 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1ea4-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id IyRQxRpZUCaHdukhu0NaHP-Iz-cLFi7-LgdtZ8443IUMD4PFawqbeg== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	drp.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	5 KB 6 KB	82ms 77ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 5398 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "1516-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id zfgAOtXjbEO1pexAAjdevo4coWgrkP8q9FKtHYFQDnklqqBAT9fRig== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	mxdr.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	28ms 22ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 6506 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "196a-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id TC0iXqjYhsb4HgSOBMn2yz-tHKxyCvkkVsrRPROp6imZn5sv8RD1XQ== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	bep.png website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/	6 KB 7 KB	51ms 45ms	Image image/png	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 6362 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 28 Jun 2022 07:55:26 GMT server nginx etag "18da-5e27d5c025780" x-frame-options sameorigin content-type image/png access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 8Radvkal7Lyz6HxpT1GixsOoYtHcpiZq5s0vva0Z964Ztz7gC1RYfQ== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	share-black.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	1 KB 561 B	102ms 97ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/share-black.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 500 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 22 Nov 2022 11:16:45 GMT server nginx etag "468-5ee0d4eb0feca-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	wb_sunny-black.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	724 B 470 B	102ms 96ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/wb_sunny-black.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 385 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 22 Nov 2022 11:16:45 GMT server nginx etag "2d4-5ee0d4eb0feca-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	moon.svg www.group-ib.com/wp-content/themes/gib-theme/assets/images/	627 B 505 B	103ms 97ms	Image image/svg+xml	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/moon.svg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains content-length 361 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 24 Nov 2022 12:37:03 GMT server nginx etag "273-5ee36a9860213-gzip" vary Accept-Encoding x-frame-options sameorigin content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	mxdr-blog.webp website.cdn.group-ib.com/wp-content/uploads/	807 KB 808 KB	104ms 99ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/mxdr-blog.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash e3370465913c74e2e79e75294a017adecbb8899d059b5330c706f24189ad88f0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 825930 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 06:50:37 GMT server nginx etag "c9a4a-605b0ad2b47a9" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id h1ZgpjG4JUTIhCAX1VkaWVahgY2D7lM3oj4xr-E6NDRLDaO_00TlUA== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	1-14.webp website.cdn.group-ib.com/wp-content/uploads/	176 KB 177 KB	26ms 21ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/1-14.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 35ef4320f32a5bc95c9e6c3127123ea794ec7a4c9823905f91d0e92211fc3525 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 179940 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 19 Sep 2023 07:16:15 GMT server nginx etag "2bee4-605b108d287a4" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 0IT3nX9pHdYzOFX9OGlssRtRXfzH1NPJwUV5l0gmZ3ejJtEb1_O_Yw== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	hunting-rituals_red.jpg website.cdn.group-ib.com/wp-content/uploads/	127 KB 128 KB	48ms 44ms	Image image/jpeg	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/hunting-rituals_red.jpg Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash a8db2c5feaeae215fc02c7a068b7c1f624adf29f5344f1ed90e5eaac466f6517 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 129927 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 16 Aug 2023 12:43:11 GMT server nginx etag "1fb87-60309a367a354" x-frame-options sameorigin content-type image/jpeg access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id arzu0nRFx_VLRoyBolj-RxJLmdrI5ryMKgW7d3WUqDoVu_NnF9OCVw== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	bg-blog-1.webp www.group-ib.com/wp-content/uploads/ Redirect Chain https://website.cdn.group-ib.com/wp-content/uploads/bg-blog-1.webp https://www.group-ib.com/wp-content/uploads/bg-blog-1.webp	78 KB 79 KB	39ms 39ms	Image image/webp	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.group-ib.com/wp-content/uploads/bg-blog-1.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 262bf2c92169d5c716192eeefffdbf6733a931638effa19c924d1d645e438c75 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains content-length 80256 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Fri, 15 Sep 2023 10:04:13 GMT server nginx etag "13980-60562ea252000" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes expires Fri, 22 Sep 2023 19:19:06 GMT Redirect headers date Fri, 22 Sep 2023 18:57:53 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 1274 x-cache Hit from cloudfront content-type text/html; charset=utf-8 location https://www.group-ib.com/wp-content/uploads/bg-blog-1.webp content-length 93 x-amz-cf-id dUI1fyxPpcn1YHukjIVhvhay4njpufOdQIcH8qWKM-HjpMGXz4W9Sw==
GET H2	200	investment-scam-global-small.webp website.cdn.group-ib.com/wp-content/uploads/	140 KB 141 KB	59ms 55ms	Image image/webp	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/uploads/investment-scam-global-small.webp Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 8fd12740461147a867c96750f2040e646997e6c747bf4ad8f071794931a0dd0b Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 143070 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Wed, 06 Sep 2023 09:05:12 GMT server nginx etag "22ede-604ad0a7dc04c" x-frame-options sameorigin content-type image/webp access-control-allow-origin https://www.group-ib.com cache-control no-cache, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 2AnTQXG0_5iHyVr0DlJSTSPo2ZeWTbEXXLhUUI2MJJ05ZoUflPlEeQ== expires Fri, 22 Sep 2023 19:19:06 GMT
GET H2	200	tag.js Show response mc.yandex.ru/metrika/	202 KB 70 KB	231ms 107ms	Script application/javascript	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.ru/metrika/tag.js Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 92d967aa9f47d13c45fa328edf25255a86f1b4cabf5673a516166a274da4c235 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br strict-transport-security max-age=31536000 last-modified Wed, 20 Sep 2023 14:40:48 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "650ada40-11420" content-type application/javascript access-control-allow-origin * cache-control max-age=3600 timing-allow-origin * content-length 70688 expires Fri, 22 Sep 2023 20:19:07 GMT
GET H/1.1	200 OK	counters.gif forms.hsforms.com/embed/v3/	35 B 1015 B	161ms 142ms	Image image/gif	2606:4700::6811:cff9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id a8ab7c16-b553-4d9f-bf86-a4170e6f3574 x-envoy-upstream-service-time 9 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a8ab7c16-b553-4d9f-bf86-a4170e6f3574 Server cloudflare X-Trace 2B18F7F128BD067974BBA011CBCF1A8FFF49619E23000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-5cf6855b8-krlxg Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5cf1bdd1989-FRA
POST		admin-ajax.php www.group-ib.com/wp-admin/	0 0
GET H2	200	twitter-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 1 KB	28ms 27ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 554 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "426-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id E6c1JEACQP9cs4SIZFjWlfov94b7Lv7mUenMWoIJUcHr2SQFDed1PA== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	twitter-lbg.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	2 KB 2 KB	57ms 56ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-lbg.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 294fdc878aa8c42b19edc18d385880ad886397846aca640c305f3eb53a965e13 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 742 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "8f2-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id lI1zkos1d2AszNb3JpgiyOy23ksV9nquMJYajW4InwV9kgTmHl-hYQ== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	linkedin-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	919 B 1 KB	31ms 30ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 470 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "397-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 2GfwWNTgH7T080lQ8fJAqHFUQMGeAY_2rzzXqEpBtiDF1jaNjoPPhw== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	linkedin-lbg.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	2 KB 1 KB	29ms 28ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-lbg.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash c33709a20ca4cd516d65b07a79c1d75445892fcb6d8c6f3871a47ab38d85e075 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 639 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "7ca-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id ILPptmthqi7YUE_p-xoNf3Od306SQUJJyH3KjcZXwYzxN6lGqpObkw== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	telegram-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 2 KB	32ms 31ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 787 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "5fc-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id 1GzKGiPI2z3R63odprch7JfqKdG3YvpucnjN02UW4MhDcVFhZP3vow== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	telegram-lbg.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	3 KB 2 KB	29ms 29ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-lbg.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash ac57c7130d61697977d2ed1796c27eefed8249083472716e474e5604b20636aa Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:07 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 949 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "bf1-5ee9716179e8a-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id TaAR5KDpzWjWGhYmwhTYv0RCDf6ai0J8MpIEWCdLtzoQ5u8--gzq0A== expires Fri, 22 Sep 2023 19:49:07 GMT
GET H2	200	collect px.ads.linkedin.com/	0 530 B	205ms 188ms	Image application/javascript	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1695410347516&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 7AA5649DED33418793E6774AC452D9F3 Ref B: FRAEDGE1311 Ref C: 2023-09-22T19:19:07Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYF93uEpcy3Y7avxy0WJw==
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	72ms 49ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id fe513a3e-af0f-434d-91a1-ad2c831d6e97 x-envoy-upstream-service-time 4 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id fe513a3e-af0f-434d-91a1-ad2c831d6e97 Server cloudflare X-Trace 2BE3BA7081F7D1B3EDDC4C0B064D8A0F85E358E98D000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-qb6sg Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5d038462bdd-FRA
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	55ms 36ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:07 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id a367b196-4047-473c-acdf-5bc06db634f2 x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a367b196-4047-473c-acdf-5bc06db634f2 Server cloudflare X-Trace 2B2B13005BC93207A5541444DF7C6AF2B1A61B4311000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-qb6sg Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5d0591c2c2d-FRA
GET H2	200	combinedConfigs Show response cta-eu1.hubspot.com/web-interactives/public/v1/embed/	171 B 1 KB	274ms 49ms	Fetch application/json	172.65.198.159 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6bc87468387163b201b6ad804182c8ee68b7f52e33fa23666e536b678f1a0ef0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3fecd30f-a015-401e-bce5-de0571eb7d75 content-encoding br x-envoy-upstream-service-time 10 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3fecd30f-a015-401e-bce5-de0571eb7d75 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXNbCPdDHviBm40sGlWuKfklPJg02rbDi7yY%2B1BKEs4fE8TAf7tyTc2WWo7JwYfCRunj11W8U0Zg0GC%2FwOcLQiYNBFpEdouZLYsoSgHZHSUFt8GQpraVAkXxDopyrUDs41hgrW8%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 80ace5d228066909-FRA x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-z9cvw
GET H2	200	6si.min.js Show response j.6sc.co/	51 KB 15 KB	675ms 167ms	Script application/javascript	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 , United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 24 Aug 2023 22:29:49 GMT server nginx/1.14.0 (Ubuntu) etag "64e7d9dd-cc38" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 14993 expires Fri, 22 Sep 2023 19:19:08 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/	3 KB 2 KB	237ms 52ms	Script text/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/?random=1695410347683&cv=11&fst=1695410347683&bg=ffffff&guid=ON&async=1&gtm=45He39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&hn=www.googleadservices.com&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&auid=2010193239.1695410348&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c55c231e6dcd30d54d5afafa0884b9a23063b3d1935f081e0e19a0585c2fbdee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1381 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	NeverBounce.js Show response cdn.neverbounce.com/widget/dist/	96 KB 29 KB	202ms 19ms	Script application/javascript	18.244.28.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.neverbounce.com/widget/dist/NeverBounce.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.28.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-28-20.cdg52.r.cloudfront.net Software AmazonS3 / Resource Hash c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 17:52:49 GMT content-encoding gzip via 1.1 12266090f262e2cbf3bc7d817e84ed14.cloudfront.net (CloudFront) last-modified Mon, 02 Mar 2020 18:37:33 GMT server AmazonS3 x-amz-cf-pop CDG52-P5 age 5178 etag W/"c1e06621030dfcba15b88abbcaa546eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id kbovbzY3AqEAicyARMG6_Uh77TKWLbocBL0dCKRcQuTpVC8YAdkvag==
GET H2	200	63e267f61a03d71ea3df5fe7 Show response ws.zoominfo.com/pixel/	3 KB 2 KB	352ms 170ms	Script text/javascript	2606:4700::6810:880f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 6d2b4144efa42b7c89f522de40d0cfb78da2b6f7bea8170891725d9046d3b169 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/blog/mxdr-cryptominer/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin * access-control-allow-credentials true cf-ray 80ace5d22d973624-FRA access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok alt-svc h3=":443"; ma=86400
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	197 KB 53 KB	188ms 7ms	Script application/x-javascript	2a03:2880:f083:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:100:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b02d00f123297597d6e4b02dfbee910cfe211687b2d454309d5dd9b1b39fd0e4 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 22 Sep 2023 19:19:07 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 53243 x-xss-protection 0 pragma public x-fb-debug PMRTqMknmfEYfp5ko/ATM+A19Th6WK2iAW58fSvvpfTyn6XH7BWtR0SGAhA6kkhHi1NwJRkRToQ/lfuWiWyRng== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	287 KB 94 KB	28ms 27ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 55e5429a684b965b249361dd17bdf0a64070c563421efa6cced1d74a6c777a0d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96047 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 22 Sep 2023 19:19:07 GMT
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1695410347690%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fb... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKe9CFxm...	0 265 B	260ms 117ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKe9CFxmEsjagAAAYq-VOCvJjpqayO-Kq7Apd1-6HBb3W24PgSjAkaRJB3z_oMU0UjVsy8U-z5E-2UsoQlxugWDkYsgfA Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: F2C56FB7EC894E89849A5A5564224A26 Ref B: FRAEDGE1312 Ref C: 2023-09-22T19:19:08Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAYF93uRnPNHM0oRqwUhhQ== Redirect headers date Fri, 22 Sep 2023 19:19:07 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: E853CF00FCE64D658BB203AF13BBCEFC Ref B: FRAEDGE1311 Ref C: 2023-09-22T19:19:08Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1695410347690&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKe9CFxmEsjagAAAYq-VOCvJjpqayO-Kq7Apd1-6HBb3W24PgSjAkaRJB3z_oMU0UjVsy8U-z5E-2UsoQlxugWDkYsgfA x-li-proto http/2 content-length 0 x-li-uuid AAYF93uNkScrSmt7V1i6gQ==
GET H2	200	json Show response api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	250 B 1 KB	201ms 31ms	XHR application/json	2a06:98c1:3200::90:0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3200::90:0 , United Kingdom, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3f3e2704-f480-47ba-826b-8d92770d8edf content-encoding br x-envoy-upstream-service-time 9 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3f3e2704-f480-47ba-826b-8d92770d8edf server cloudflare x-trace 2B95780DFCF52AC783658045E8E9B74CF4C3771157000000000000000000 vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false x-evy-trace-served-by-pod fra04/hubapi-td/envoy-proxy-6c99cf4b6b-wdlb4 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZwAysuNmhFSQcHpY5SaDhne93%2FHuQ98C5gWlQs5vouKN9up%2BIluvi88ZSwV5c7kREOLUyWgMWFplOjayFMfYOW6Biurmvi2r6CyaVWOo1ewefHB%2Ba0IKKds2ZbUzQI47T7ZeakgNxTtwk9g4excbw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 80ace5d228d52bc6-FRA access-control-allow-headers *
GET H2	200	json Show response forms-eu1.hscollectedforms.net/collected-forms/v1/config/	116 B 404 B	40ms 32ms	XHR application/json	172.65.192.122 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=25755956&utk= Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 944f4148-25f7-4d86-ad94-110b593cb7f8 x-envoy-upstream-service-time 8 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 944f4148-25f7-4d86-ad94-110b593cb7f8 server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.group-ib.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod fra04/app-td/envoy-proxy-5749f454f8-7v7zv access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 80ace5d12ab09968-FRA
GET H2	200	sync_cookie_image_decide mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10134.ZSBXXIJazlBmQZt6I7bsthV1nnSWhuG-K8SZpNerrz6EAR3Zn2zjND4-HxEUk5GF.0VjVRdL_Qf6msfnzx-rPyzSgTCQ%2C https://mc.yandex.com/sync_cookie_image_decide?token=10134.UikHdStK_bBuREWHM8ut85y-4hG6e_ltibrwq9uGdllb7cyOqfkE0qQ-zGnYy7bTDIjJXBG_i0ue0N5Gvdk-3GXuZ0Gft8S--9sjp5QXMMU%2C.ueta1cLtrfkKSH6roNU1vgpScJ0%2C	43 B 67 B	54ms 54ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide?token=10134.UikHdStK_bBuREWHM8ut85y-4hG6e_ltibrwq9uGdllb7cyOqfkE0qQ-zGnYy7bTDIjJXBG_i0ue0N5Gvdk-3GXuZ0Gft8S--9sjp5QXMMU%2C.ueta1cLtrfkKSH6roNU1vgpScJ0%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide?token=10134.UikHdStK_bBuREWHM8ut85y-4hG6e_ltibrwq9uGdllb7cyOqfkE0qQ-zGnYy7bTDIjJXBG_i0ue0N5Gvdk-3GXuZ0Gft8S--9sjp5QXMMU%2C.ueta1cLtrfkKSH6roNU1vgpScJ0%2C date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H2	200	advert.gif mc.yandex.com/metrika/	43 B 114 B	54ms 54ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/metrika/advert.gif Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000 last-modified Wed, 20 Sep 2023 14:40:48 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA etag "650ada40-2b" content-type image/gif access-control-allow-origin * cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 43 expires Fri, 22 Sep 2023 20:19:07 GMT
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	339ms 38ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:08 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 813d273e-6454-4d74-8a0e-81125a1b5eb0 x-envoy-upstream-service-time 4 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 813d273e-6454-4d74-8a0e-81125a1b5eb0 Server cloudflare X-Trace 2B5EC18C158E848CE358D959B2DD21F09D86F8575D000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-qb6sg Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5d40d892bdd-FRA
POST H2	204	collect region1.analytics.google.com/g/	0 255 B	35ms 13ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je39k0&_p=1302431272&_gaz=1&cid=2031855647.1695410348&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&sid=1695410347&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&dt=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 255 B	63ms 20ms	Ping text/plain	2a00:1450:400c:c07::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=2031855647.1695410348&gtm=45je39k0&aip=1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.group-ib.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	82ms 50ms	Image image/gif	2a00:1450:4001:81c::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=2031855647.1695410348&gtm=45je39k0&aip=1&z=317123916 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	226 KB 79 KB	24ms 23ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Requested by Host: js-eu1.hsadspixel.net URL: https://js-eu1.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash eabc742b4204309b1db076d83f9c4c0d5fbfb418958573a51027c83702461030 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80607 x-xss-protection 0 last-modified Fri, 22 Sep 2023 18:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 22 Sep 2023 19:19:07 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	226 KB 79 KB	27ms 27ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ef299d238f77aea1aec4c1225e4180fa182db834582be7af3474c9591a057027 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:07 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 80632 x-xss-protection 0 last-modified Fri, 22 Sep 2023 18:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 22 Sep 2023 19:19:07 GMT
GET H2	200	649324202964935 Show response connect.facebook.net/signals/config/	145 KB 37 KB	155ms 154ms	Script application/x-javascript	2a03:2880:f083:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/649324202964935?v=2.9.128&r=stable&domain=www.group-ib.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:100:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 2aa99a9cc885ac3a3cdf1d6feba2dffe4738e5a488731dfc1f4ac845c3b35b31 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 22 Sep 2023 19:19:08 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug DN0AqdHyl+NDBWLSOf/O7LhMTD8KbqKr0FcEvF+3zb9J7W1Tv8NlfCfIJwJ0/5jtPX7fOC0luf5KKwaoHI8QTw== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	373ms 133ms	Script application/javascript	52.203.132.70 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_994507 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.203.132.70 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-203-132-70.compute-1.amazonaws.com Software nginx / Resource Hash 4a63e15c37e9be9259932ea32b287ec1a6d8cc678f2e766f219f9aee05f71034 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	366ms 128ms	Script application/javascript	52.203.132.70 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_961209 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.203.132.70 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-203-132-70.compute-1.amazonaws.com Software nginx / Resource Hash 9a8198e921ba73ef13e7a738fb96b9a1776cb11dd4a5ed6f1c42f66f24d7c164 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 282 B	370ms 132ms	Script application/javascript	52.203.132.70 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_201659 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.203.132.70 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-203-132-70.compute-1.amazonaws.com Software nginx / Resource Hash aef81225b301e0c375096cb4632cfe04c67fc266b08ebee6f4fb2a32c79730a1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 283 B	348ms 111ms	Script application/javascript	52.203.132.70 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_326395 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.203.132.70 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-203-132-70.compute-1.amazonaws.com Software nginx / Resource Hash d2766dfe92115991b966b71ab48494b9e50bf13264d88059544e5751c22d0181 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	1 Show response mc.yandex.com/watch/26812653/ Redirect Chain https://mc.yandex.com/watch/26812653?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2... https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq...	435 B 844 B	55ms 54ms	XHR application/json	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A344%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211907%3Aet%3A1695410348%3Ac%3A1%3Arn%3A894558512%3Arqn%3A1%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C28%2C7%2C0%2C0%2C%2C456%2C22%2C%2C%2C%2C527%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348%3At%3AIt%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash a236a26c72e1bbd61c1fa9bca25b5364267fa08ebd36a1285dc0f87431dc310f Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff last-modified Fri, 22-Sep-2023 19:19:08 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 435 x-xss-protection 1; mode=block expires Fri, 22-Sep-2023 19:19:08 GMT Redirect headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT strict-transport-security max-age=31536000 last-modified Fri, 22-Sep-2023 19:19:07 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA location /watch/26812653/1?wmode=7&page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&site-info=%7B%22shareVersion%22%3A2%2C%22strategy%22%3A%22d%2Fn%2Fq%2Fr%2Fs%2Ft%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A344%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211907%3Aet%3A1695410348%3Ac%3A1%3Arn%3A894558512%3Arqn%3A1%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C28%2C7%2C0%2C0%2C%2C456%2C22%2C%2C%2C%2C527%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348%3At%3AIt%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1 access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true x-xss-protection 1; mode=block expires Fri, 22-Sep-2023 19:19:07 GMT
GET H/1.1	200 OK	counters.gif perf-eu1.hsforms.com/embed/v3/	35 B 1 KB	203ms 32ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:08 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 602c8565-3209-4264-906b-9e1b71301f22 x-envoy-upstream-service-time 6 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 602c8565-3209-4264-906b-9e1b71301f22 Last-Modified Fri, 22 Sep 2023 19:19:08 GMT Server cloudflare X-Trace 2B89A62B71A8583CF3DDF3E4D9A78EC1332780F75D000000000000000000 Vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-hnndp Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false Accept-Ranges bytes X-Robots-Tag none CF-RAY 80ace5d3ca3e18d7-FRA
GET H2	200	/ www.google.com/pagead/1p-user-list/10897073384/	42 B 455 B	55ms 32ms	Image image/gif	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10897073384/?random=1695410347683&cv=11&fst=1695409200000&bg=ffffff&guid=ON&async=1&gtm=45He39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&fmt=3&is_vtc=1&random=1445474559&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/10897073384/	42 B 455 B	21ms 20ms	Image image/gif	2a00:1450:4001:81c::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10897073384/?random=1695410347683&cv=11&fst=1695409200000&bg=ffffff&guid=ON&async=1&gtm=45He39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&fmt=3&is_vtc=1&random=1445474559&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:07 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 991 B	30ms 29ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=106e9120-5963-11ee-b911-12c4af0fa9ea&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=gYT3YErE%2B6ZIr6WgoiVVknPQRHjwe8jLxDk7%2BUhgm13%2BpfM1u%2FyoewYWc5CUmM67zclJ6f9u33l%2FxSbD8Xf0DGhccO7%2BCjiuDdiKmbh80Rdeyb4IdmfvX5MLRBLY9USAu6GdlqptyxCg4yTLOVJ3SR8r%2F%2ByquVxL6HT1 Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash 36d7778ddbf34c679837b34bb762e5643ce8d81b13ff0ee62045b4b2d8f3131a Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 AxmrfY9zNUkVVN6imIT4bJBVpPEYBqbUIbHWTULfKPI5JN2Ow7CITOcWyWtNeB1cfp7UDKf1N/O/b3ey66xYvyQ+Oh15mH6CaImcNlsCrOIjKGyjG2trQnDjnioiZ9B7M20oPTsYMsI7XTjxRg5Xl3uSz7MKazhlJrx2QWMxyDV4UhTfJyFqNMd5mU5jameEMq6RCoLc6QiDOj9NIMCQN5xcsIyGs7TH+hAWeIYKbja1cOId6gdgtSRd+A818w== Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 x3MF6762d7e60121ed3dc0ada2d97a3ac3c19e44 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Sep 2023 19:19:08 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 3 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/	3 KB 2 KB	27ms 27ms	Script text/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1695410348240&cv=11&fst=1695410348240&bg=ffffff&guid=ON&async=1&gtm=45be39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&hn=www.googleadservices.com&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&did=dZTQ1Zm&gdid=dZTQ1Zm&auid=2010193239.1695410348&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash c702b7cca42dee5883c4988059f5d92f48520157e5c97763e6fda40d8c1f3cb6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1401 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	sync_cookie_image_decide_secondary mc.yandex.com/ Redirect Chain https://mc.yandex.com/sync_cookie_image_check_secondary https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10134.CibmdqmRuvljRL0_XBD6V-FpK_6WvGGW4p9DB5cmHcpdfdVymeJyOI3OUkAp7zdi.HiZKtWXvylNf07W4YkwCmC70x3I%2C https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10134.QIfh8teNYtEJ1NFB0-v-6PyrwrlP-HK0bthGCO55aHhY1PFFcDH-vHT6Z5A3ENmiS7-RY2QtGy25zLI7o4HE01c-yYF9f-eymvasln9wsVA%2C.icsqO2fhd5pdVaGM4...	43 B 79 B	55ms 55ms	Image image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Show image Full URL https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10134.QIfh8teNYtEJ1NFB0-v-6PyrwrlP-HK0bthGCO55aHhY1PFFcDH-vHT6Z5A3ENmiS7-RY2QtGy25zLI7o4HE01c-yYF9f-eymvasln9wsVA%2C.icsqO2fhd5pdVaGM4lb9gtcoPRk%2C Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 content-length 43 x-xss-protection 1; mode=block content-type image/gif Redirect headers location https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10134.QIfh8teNYtEJ1NFB0-v-6PyrwrlP-HK0bthGCO55aHhY1PFFcDH-vHT6Z5A3ENmiS7-RY2QtGy25zLI7o4HE01c-yYF9f-eymvasln9wsVA%2C.icsqO2fhd5pdVaGM4lb9gtcoPRk%2C date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 x-xss-protection 1; mode=block
GET H2	200	/ www.facebook.com/tr/	0 185 B	153ms 10ms	Image text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&if=false&ts=1695410348280&sw=1600&sh=1200&v=2.9.128&r=stable&ec=0&o=30&fbp=fb.1.1695410348277.1163368691&cs_est=true&it=1695410347953&coo=false&rqm=GET Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 22 Sep 2023 19:19:08 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.google.com/pagead/1p-user-list/10882981508/	42 B 108 B	21ms 20ms	Image image/gif	2a00:1450:4001:802::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10882981508/?random=1695410348240&cv=11&fst=1695409200000&bg=ffffff&guid=ON&async=1&gtm=45be39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=716126680&rmt_tld=0&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/10882981508/	42 B 108 B	22ms 21ms	Image image/gif	2a00:1450:4001:81c::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/10882981508/?random=1695410348240&cv=11&fst=1695409200000&bg=ffffff&guid=ON&async=1&gtm=45be39k0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&frm=0&tiba=It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=716126680&rmt_tld=1&ipr=y Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	1 Show response mc.yandex.com/watch/26812653/	43 B 74 B	60ms 59ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&hittoken=1695410348_8a8c6e824084d7bf30a54b49b6cce0b941d5171f2197c2652bda412768e6952c&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A1%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211908%3Aet%3A1695410348%3Ac%3A1%3Arn%3A763671966%3Arqn%3A2%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(2)lt(21200)aw(1)ti(2) Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 last-modified Fri, 22-Sep-2023 19:19:08 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type image/gif access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Fri, 22-Sep-2023 19:19:08 GMT
POST H2	200	1 Show response mc.yandex.com/watch/26812653/	43 B 74 B	56ms 55ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&hittoken=1695410348_8a8c6e824084d7bf30a54b49b6cce0b941d5171f2197c2652bda412768e6952c&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A1%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211908%3Aet%3A1695410348%3Ac%3A1%3Arn%3A590604529%3Arqn%3A3%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(3)lt(21200)aw(1)ti(2) Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 last-modified Fri, 22-Sep-2023 19:19:08 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type image/gif access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Fri, 22-Sep-2023 19:19:08 GMT
POST H2	200	1 Show response mc.yandex.com/watch/26812653/	43 B 74 B	60ms 59ms	XHR image/gif	2a02:6b8::1:119 GLOBAL_DC
General Check archive.org Show headers Download Go to Full URL https://mc.yandex.com/watch/26812653/1?page-url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&charset=utf-8&hittoken=1695410348_8a8c6e824084d7bf30a54b49b6cce0b941d5171f2197c2652bda412768e6952c&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A1%3Als%3A88880919940%3Ahid%3A430425706%3Az%3A120%3Ai%3A20230922211908%3Aet%3A1695410348%3Ac%3A1%3Arn%3A591797260%3Arqn%3A4%3Au%3A1695410348855540257%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1695410346824%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695410348&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(4)lt(21200)aw(1)ti(2) Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Referer https://www.group-ib.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT strict-transport-security max-age=31536000 last-modified Fri, 22-Sep-2023 19:19:08 GMT accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-type image/gif access-control-allow-origin https://www.group-ib.com cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true content-length 43 x-xss-protection 1; mode=block expires Fri, 22-Sep-2023 19:19:08 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	209ms 201ms	XHR text/html	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 , United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.group-ib.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	36 B 338 B	277ms 190ms	XHR text/html	2a02:26f0:2c::216:f230 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:2c::216:f230 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 20d1b60a3eee314a0257bcfa40d00a10bf6c7d014b92c5cf0e04238f48e1aa0b Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers pragma no-cache date Fri, 22 Sep 2023 19:19:08 GMT vary Origin content-type text/html access-control-allow-origin https://www.group-ib.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2001:ac8:20:3a00:1011:ddca:3af0:2da5 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695410348566_35058220_136154656_29_1042_18_69_219";dur=1 content-length 36 expires Fri, 22 Sep 2023 19:19:08 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	455ms 445ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=021d0319-d28e-4c1b-8925-909619b4d69b&session=53de8dc9-e94d-47c1-8025-e252a0025fb2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2022%20Sep%202023%2019%3A19%3A08%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2022%20Sep%202023%2019%3A19%3A08%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2022%20Sep%202023%2019%3A19%3A08%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2022%20Sep%202023%2019%3A19%3A08%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20analysts%20discovered%20and%20analyzed%20a%20cryptojacking%20campaign%20on%20a%20popular%20educational%20resource%20using%20Group-IB%20Managed%20XDR.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pageViewId=518b334e-47ca-438b-83f1-a4feee139617&v=1.1.6 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 , United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:08 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	332ms 31ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:09 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 51ac2683-3d65-4628-bd35-a9daca25aa48 x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 51ac2683-3d65-4628-bd35-a9daca25aa48 Server cloudflare X-Trace 2B49B66EA58DC4C48EBE8CAF5928360BDE7C0865EC000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-hnndp Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5d9bd5c2bdd-FRA
POST H2	200	/ Show response www.facebook.com/tr/ Frame CDD7	0 50 B	7ms 7ms	Document text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://www.group-ib.com Referer https://www.group-ib.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://www.group-ib.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Fri, 22 Sep 2023 19:19:08 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	413ms 410ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=021d0319-d28e-4c1b-8925-909619b4d69b&session=53de8dc9-e94d-47c1-8025-e252a0025fb2&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3a00%3A1011%3Addca%3A3af0%3A2da5%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20analysts%20discovered%20and%20analyzed%20a%20cryptojacking%20campaign%20on%20a%20popular%20educational%20resource%20using%20Group-IB%20Managed%20XDR.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pageViewId=518b334e-47ca-438b-83f1-a4feee139617&v=1.1.6 Requested by Host: www.group-ib.com URL: https://www.group-ib.com/blog/mxdr-cryptominer/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 , United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
POST H2	200	fl Show response www.group-ib.com/api/	665 B 776 B	25ms 25ms	XHR application/json	3.72.181.255 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.group-ib.com/api/fl?u=106e9120-5963-11ee-b911-12c4af0fa9ea&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=axFAW%2BDzzAGl5TVt03Yjhk7wDZHRwY5Eg2WA5BkLgUOhRdbF7EnmZrH7Ek7PXqA3d%2FMwdZzHa5ACzQn9yEcDd1KnJdfVZIZSb16MBAO6Jjej0X1LAM1XrbRnCN2YJYCAouyVC7H5Iqjct6jg4Hhjbw8LgM0wY5ShNh3o Requested by Host: fhp-de-js.group-ib.com URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.72.181.255 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-72-181-255.eu-central-1.compute.amazonaws.com Software nginx / Resource Hash c70fb5a5f056dfcb7ceb274cd6e3c8a59847ff975ae007797ec940cafa1149d8 Request headers X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Jtb0Zow0XpURNz3q7lRf8+MTxs12daXLu1n6lXmQ8r3IxM1GOF+xPqeXrBO6+jqfydTVkuYbdb5Ms+GM9L1HBSXs4GYVTC/ImUuMPVVl1pqEtUTBzjdSfsUPqlCsfV5Kve/CE7rASO7S3KZIY/xSWEzixvEDsj/3z1ikL3RXVFAt8cekr3+t8OIBEZD4KyhZKZ4bHhO8vUI8mhrXiNnkr2xyOp9nae+CqBh7cBbBDwZqNJPjQF9IUgXevwP7BQ== Referer https://www.group-ib.com/blog/mxdr-cryptominer/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24 Spl4e4f955bf5cbfb72f55f7cdf3fdcccdc52d69 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 22 Sep 2023 19:19:09 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://www.group-ib.com cache-control no-store access-control-allow-credentials true x-envoy-upstream-service-time 2 access-control-allow-headers Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
GET H3	200	709834390277869 Show response connect.facebook.net/signals/config/	142 KB 37 KB	136ms 136ms	Script application/x-javascript	2a03:2880:f083:100:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/709834390277869?v=2.9.128&r=stable&domain=www.group-ib.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f083:100:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b688ed0c2133f1c56c7f8b7a4a05797bbfb814c5ea8dccd0bfc5c912957250ef Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 22 Sep 2023 19:19:09 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug MzhWkAVv+C9e5CXAYzzDRzRH+chHto6wPHpQvIqumbqigHgeEB9kZxS5ZQQW1AlDLD12g2KqWeZetMfVyHxKKA== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 636 B	331ms 40ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349462&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 14c0aefd-0464-4335-9114-de91d37a844d p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 14c0aefd-0464-4335-9114-de91d37a844d last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPXrcLnmhC1rEhjmfICSEeiW%2BWsYpVmzkIlqB2f4MiCD8z74Qp0yHL4oT8EW09BofVXUTUY%2BBrPUAiQTsiy8REuzzLCo9M%2FAvOkNt1dHHFF7LiysPdMWIDdkClhT7g5x5qDlmpTbhA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-gk5dj x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbd02bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	309ms 42ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=88c6e34f-0ee7-4706-85ba-273d8ba1c6ea&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349463&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id adde177e-2792-4292-986f-cca03c913f52 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id adde177e-2792-4292-986f-cca03c913f52 last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0glZ6%2F%2B5BFDZ2vZiUKNBTxn3QY0%2Bh4Cw4g%2BEHbs942xtngPBLyliYrnhgXSqlF5%2B%2FKrzhICoDSCTy3mlCLadzqi0tHsZaRP5YVkbF40SKMoF%2FPqPYzPpak3OwfpeQTJ9O6PJ0FhZ3Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-ddlvx x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbd42bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	306ms 40ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=8e31c3d4-4532-458c-9f7b-a81708eb19dc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349467&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id eb7da3ad-6be5-4d4b-8f97-372c5f251cd0 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id eb7da3ad-6be5-4d4b-8f97-372c5f251cd0 last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSSf%2FiCl6KU1MkHgsPz95qoFnJlcbEW79fjTfJjWLmm2Ob0XIUqZc8kTvChhR3gYZtO3tQlTmsYF9QPECYrxyCtIW0RGT5kE3K6Z5mAMm1Acz%2FA9LMdn%2BDCxACEGbtxWzwIBw2dcxg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-5p84t x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbd62bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 635 B	308ms 41ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=e9dc6e62-9161-4411-98b2-dffb4f602ee1&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349468&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 6e322183-bbb9-48b5-b1fa-6ff909a4de3e p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6e322183-bbb9-48b5-b1fa-6ff909a4de3e last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BL1jctI8PHyOjLv%2FPXs%2BvQgj1ZA1hhVayQBO87eLI%2B4IGNmvvn3kygigy1s952wYxR5e4e3e5OS6rlOCa6CSLLqKfl%2BkzpAW%2BoKkkfkZMoGEKDugWLYSutWAXtXM6OzpQEk9u0bZQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-s7nbc x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbd92bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 637 B	313ms 46ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=eb903dab-0ef3-43b5-bdeb-71372e6ad0f0&fci=e57ae741-3000-427a-b3d9-b19408dfbcd5&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349469&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d50f6d8e-6ea7-4678-9ddf-f8b178e54b95 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 1 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d50f6d8e-6ea7-4678-9ddf-f8b178e54b95 last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48cd5%2B5Uskl2ZL9o3OtOP2BriC1kqfHxZJKHDQmKlQUmCVr2%2FxvTVc%2FZ7JnoamWwDChpNXlaJ6rl7zOFZcHs%2FQE%2FbbFg9gmxfwEl9bjrJPsY0JHTYGjTLOiCNNQpR4mXPqKYwlCXaQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-hxv52 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbdb2bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 634 B	312ms 45ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=88c6e34f-0ee7-4706-85ba-273d8ba1c6ea&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349472&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8377e2fc-393e-4e9b-af35-914fc2e26c70 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 1 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8377e2fc-393e-4e9b-af35-914fc2e26c70 last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wufrq0L1rRBwFQDxKa4%2FXq9gDtoMx808pqV636sfm1qgIJSPO6vY6xiAVsAaDgR8nMYzuCkrxHO5q6EE5CwiubT2A7efrsqhU4cU6GL%2BwsLQqcW7PqEq0ric0H%2Bs36IGzL2UjMcAUg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-nz6k8 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbde2bb5-FRA x-robots-tag none
GET H2	200	__ptq.gif track-eu1.hubspot.com/	45 B 1 KB	47ms 47ms	Image image/gif	172.65.240.166
General Check archive.org Show headers Download Go to Show image Full URL https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=8e31c3d4-4532-458c-9f7b-a81708eb19dc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=296660058&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&t=It%E2%80%99s+a+trap%3A+Detecting+a+cryptominer+on+a+popular+website+using+Group-IB+MXDR+%7C+Group-IB+Blog&cts=1695410349473&vi=b742532debcf117ccfe225ec105cfef9&nc=true&u=84897990.b742532debcf117ccfe225ec105cfef9.1695410349459.1695410349459.1695410349459.1&b=84897990.1.1695410349459&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.65.240.166 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 95fa8003-f920-42d7-a1ac-2ee0dbb36276 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 2 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 95fa8003-f920-42d7-a1ac-2ee0dbb36276 last-modified Fri, 22 Sep 2023 19:19:09 GMT server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=az%2FR1oSf%2FX38F%2FGHeQudj%2FaRPoA14MU8w%2BBK8V5OiDXYVdsTDo09oi0ocwZxGHDAshUCv7S0oEX%2BNGECBKXsjyt0wiaXayDV%2ByosfKorpDH%2FLTYi8PSyixwYpv357bn4YtrIfJJDGg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod fra04/analytics-tracking-td/envoy-proxy-69d5865876-8nv96 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false accept-ranges bytes cf-ray 80ace5ddfbe02bb5-FRA x-robots-tag none
GET H2	200	facebook-64.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	627 B 1 KB	18ms 18ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:09 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 376 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "273-5ee9716178eea-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id M3YQxoKy9Y4bnb-DoOkJTVvqleYqKKE8ZbzEg0G3axIEI6bQ1xjtCQ== expires Fri, 22 Sep 2023 19:49:09 GMT
GET H2	200	facebook-lbg.svg website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/	1 KB 1 KB	19ms 18ms	Image image/svg+xml	2600:9000:2490:6800:9:7af6:1700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-lbg.svg Requested by Host: website.cdn.group-ib.com URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:6800:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 1e0e607b314623cf3e5ba71869ca47d1549556369988daa5e8a1bf56559c2973 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers content-security-policy frame-ancestors 'self'; content-encoding gzip x-content-type-options nosniff date Fri, 22 Sep 2023 19:19:09 GMT via 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 522 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Tue, 29 Nov 2022 07:39:21 GMT server nginx etag "4f0-5ee9716178eea-gzip" x-frame-options sameorigin vary Accept-Encoding content-type image/svg+xml access-control-allow-origin https://www.group-ib.com cache-control max-age=1800, private, max-age=3600 permissions-policy accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=() accept-ranges bytes x-amz-cf-id _4n1fhsR8fXhxDddy52ZmyCtoUmvvKKXzw5FBAHPy7Qmf5U4ibZN1Q== expires Fri, 22 Sep 2023 19:49:09 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 484 B	357ms 356ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=021d0319-d28e-4c1b-8925-909619b4d69b&session=53de8dc9-e94d-47c1-8025-e252a0025fb2&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2022%20Sep%202023%2019%3A19%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2022%20Sep%202023%2019%3A19%3A08%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20analysts%20discovered%20and%20analyzed%20a%20cryptojacking%20campaign%20on%20a%20popular%20educational%20resource%20using%20Group-IB%20Managed%20XDR.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pageViewId=518b334e-47ca-438b-83f1-a4feee139617&v=1.1.6 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 , United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Fri, 22 Sep 2023 19:19:09 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H3	200	/ www.facebook.com/tr/	0 18 B	10ms 10ms	Image text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&if=false&ts=1695410349753&sw=1600&sh=1200&ud[external_id]=b742532debcf117ccfe225ec105cfef9&v=2.9.128&r=stable&ec=0&o=30&fbp=fb.1.1695410348277.1163368691&cs_est=true&it=1695410347953&coo=false&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 22 Sep 2023 19:19:09 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0 priority u=3,i
GET H/1.1	200 OK	counters.gif forms-eu1.hsforms.com/embed/v3/	35 B 1016 B	336ms 35ms	Image image/gif	172.65.232.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 Requested by Host: js-eu1.hscollectedforms.net URL: https://js-eu1.hscollectedforms.net/collectedforms.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.group-ib.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers Date Fri, 22 Sep 2023 19:19:10 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 8fed831d-4c6e-40db-924b-b6f5c7d82c90 x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8fed831d-4c6e-40db-924b-b6f5c7d82c90 Server cloudflare X-Trace 2BA3E10823200F2E5045D22B63404E79BCE1E21B5C000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod fra04/star-hubspot-td/envoy-proxy-68fc9978fc-hnndp Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 80ace5e2ea552bdd-FRA
POST H3	200	/ Show response www.facebook.com/tr/ Frame FB7F	0 15 B	7ms 7ms	Document text/plain	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://www.group-ib.com Referer https://www.group-ib.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://www.group-ib.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Fri, 22 Sep 2023 19:19:10 GMT priority u=0,i server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET		img.gif b.6sc.co/v1/beacon/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.group-ib.com

URL

https://www.group-ib.com/wp-admin/admin-ajax.php

Domain

b.6sc.co

URL

https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=021d0319-d28e-4c1b-8925-909619b4d69b&session=53de8dc9-e94d-47c1-8025-e252a0025fb2&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2022%20Sep%202023%2019%3A19%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2022%20Sep%202023%2019%3A19%3A09%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20analysts%20discovered%20and%20analyzed%20a%20cryptojacking%20campaign%20on%20a%20popular%20educational%20resource%20using%20Group-IB%20Managed%20XDR.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22It%E2%80%99s%20a%20trap%3A%20Detecting%20a%20cryptominer%20on%20a%20popular%20website%20using%20Group-IB%20MXDR%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fmxdr-cryptominer%2F&pageViewId=518b334e-47ca-438b-83f1-a4feee139617&v=1.1.6