urlscan.io logo urlscan.io
SecurityTrails logo

www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cert-gib.com/
Effective URL: https://www.group-ib.com/cert.html
Submission: On May 10 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 5 countries across 23 domains to perform 88 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com. The Cisco Umbrella rank of the primary domain is 929301.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 28th 2022. Valid for: a year.
This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 5.9.185.28 24940 (HETZNER-AS)
1 35 3.72.181.255 16509 (AMAZON-02)
2 3.72.191.153 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 172.65.255.172 13335 (CLOUDFLAR...)
3 2a03:2880:f08... 32934 (FACEBOOK)
1 104.16.93.80 13335 (CLOUDFLAR...)
2 172.65.232.43 13335 (CLOUDFLAR...)
2 4 2a00:1450:400... 15169 (GOOGLE)
6 2.16.187.88 20940 (AKAMAI-ASN1)
1 146.75.116.157 54113 (FASTLY)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 13.225.78.122 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 185.17.9.182 49505 (SELECTEL)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 5 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
2 142.250.184.226 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 ()
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.195 13414 (TWITTER)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 52.23.106.100 14618 (AMAZON-AES)
2 2a03:2880:f17... 32934 (FACEBOOK)
88 30
1    5.9.185.28 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.28.185.9.5.clients.your-server.de
cert-gib.com
35    3.72.181.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
www.group-ib.com
2    3.72.191.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-191-153.eu-central-1.compute.amazonaws.com
fhp-aws-antibot-back.group-ib.com
5    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hsforms.net
3    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    104.16.93.80 (None, )

ASN13335 (CLOUDFLARENET, US)
app-lon09.marketo.com
2    172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)
forms-eu1.hsforms.com
4    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
6    2.16.187.88 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-187-88.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    13.225.78.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-122.fra2.r.cloudfront.net
cdn.neverbounce.com
1    2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
1    185.17.9.182 (St Petersburg, Russian Federation)

ASN49505 (SELECTEL, RU)
ru.id.group-ib.com
1    2606:4700::6811:d5f3 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
2    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
6    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
www.googleadservices.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2600:9000:20eb:6800:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (None, )

ASN- ()
px4.ads.linkedin.com
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    2a02:26f0:3500:14::1724:a258 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
1    52.23.106.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-106-100.compute-1.amazonaws.com
api.neverbounce.com
2    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
38 group-ib.com
www.group-ib.com — Cisco Umbrella Rank: 929301
fhp-aws-antibot-back.group-ib.com
ru.id.group-ib.com — Cisco Umbrella Rank: 230784
9 MB
7 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6710
c.6sc.co — Cisco Umbrella Rank: 9995
ipv6.6sc.co — Cisco Umbrella Rank: 7086
b.6sc.co — Cisco Umbrella Rank: 4613
13 KB
6 google.de
www.google.de — Cisco Umbrella Rank: 5171
861 B
6 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 4217
929 B
6 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 41
stats.g.doubleclick.net — Cisco Umbrella Rank: 91
4 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
349 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 414
www.linkedin.com — Cisco Umbrella Rank: 645
px4.ads.linkedin.com
4 KB
3 hsforms.com
forms-eu1.hsforms.com — Cisco Umbrella Rank: 39738
forms.hsforms.com — Cisco Umbrella Rank: 4477
4 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 161
221 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
235 B
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 179
4 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 39
21 KB
2 neverbounce.com
cdn.neverbounce.com — Cisco Umbrella Rank: 71746
api.neverbounce.com — Cisco Umbrella Rank: 58624
96 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 50
1 KB
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 690
394 B
1 t.co
t.co — Cisco Umbrella Rank: 510
377 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1034
376 B
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4932
2 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 885
5 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 718
15 KB
1 marketo.com
app-lon09.marketo.com — Cisco Umbrella Rank: 966959
69 KB
1 hsforms.net
js-eu1.hsforms.net — Cisco Umbrella Rank: 91662
165 KB
1 cert-gib.com
cert-gib.com
201 B
88 23
Domain Requested by
35 www.group-ib.com 1 redirects fhp-aws-antibot-back.group-ib.com
www.group-ib.com
6 www.google.de www.group-ib.com
5 www.google.com 2 redirects www.group-ib.com
5 www.googletagmanager.com www.group-ib.com
www.googletagmanager.com
4 b.6sc.co www.group-ib.com
4 googleads.g.doubleclick.net 2 redirects www.googletagmanager.com
3 connect.facebook.net www.group-ib.com
connect.facebook.net
2 www.facebook.com www.group-ib.com
2 px.ads.linkedin.com 2 redirects
2 stats.g.doubleclick.net fhp-aws-antibot-back.group-ib.com
2 www.googleadservices.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.group-ib.com
2 forms-eu1.hsforms.com fhp-aws-antibot-back.group-ib.com
www.group-ib.com
2 fonts.googleapis.com www.group-ib.com
2 fhp-aws-antibot-back.group-ib.com www.group-ib.com
1 api.neverbounce.com cdn.neverbounce.com
1 ipv6.6sc.co fhp-aws-antibot-back.group-ib.com
1 c.6sc.co fhp-aws-antibot-back.group-ib.com
1 analytics.twitter.com www.group-ib.com
1 t.co www.group-ib.com
1 px4.ads.linkedin.com www.group-ib.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io fhp-aws-antibot-back.group-ib.com
1 region1.analytics.google.com fhp-aws-antibot-back.group-ib.com
1 forms.hsforms.com www.group-ib.com
1 ru.id.group-ib.com www.group-ib.com
1 ws.zoominfo.com www.group-ib.com
1 cdn.neverbounce.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 j.6sc.co www.group-ib.com
1 app-lon09.marketo.com www.group-ib.com
1 js-eu1.hsforms.net www.group-ib.com
1 cert-gib.com 1 redirects
88 34
Subject Issuer Validity Valid
www.group-ib.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-28 -
2023-06-28		 a year crt.sh
*.group-ib.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-29 -
2023-07-04		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-15 -
2023-06-15		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-02-16 -
2023-05-17		 3 months crt.sh
app-lon09.marketo.com
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
6sc.co
R3		 2023-03-11 -
2023-06-09		 3 months crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-22 -
2023-08-22		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
neverbounce.com
Amazon RSA 2048 M02		 2023-02-13 -
2024-03-12		 a year crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2023-04-04 -
2024-04-03		 a year crt.sh
*.id.group-ib.com
R3		 2023-03-27 -
2023-06-25		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-02-24 -
2023-08-06		 5 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.group-ib.com/cert.html
Frame ID: 10281FF11C859152F6C91073182C5792
Requests: 100 HTTP requests in this frame

Frame: https://ru.id.group-ib.com/id.html
Frame ID: DB560CDB025B3283DA3FF10D1A17D04E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: AE7AEFF89F5D3DC260C39727683352DB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Response to information security incidents - CERT-GIB

Page URL History Show full URLs

  1. http://cert-gib.com/ HTTP 301
    http://www.group-ib.com/cert.html HTTP 301
    https://www.group-ib.com/cert.html Page URL
  2. https://www.group-ib.com/cert.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

88
Requests

97 %
HTTPS

52 %
IPv6

23
Domains

34
Subdomains

30
IPs

5
Countries

10542 kB
Transfer

12806 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cert-gib.com/ HTTP 301
    http://www.group-ib.com/cert.html HTTP 301
    https://www.group-ib.com/cert.html Page URL
  2. https://www.group-ib.com/cert.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cert-gib.com/ HTTP 301
  • http://www.group-ib.com/cert.html HTTP 301
  • https://www.group-ib.com/cert.html
Request Chain 76
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1683728446727%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fcert.html%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLT0DBgOQU8EwAAAYgGCTeSeNh5eKoJTX46eofhsXD8SUzo2MGjy1vrMrhpUlptFkyiQfg
Request Chain 93
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=PqhbZNSLL8G-9u8P6oWx4AY&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQzZLT3VGVDFKazdoRl9WSEVkUTJOUU8wWm03TjVNaGtTUTVGTnlteW0zUXJmVzVwX1FwaHZr HTTP 302
  • https://www.google.com/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQzZLT3VGVDFKazdoRl9WSEVkUTJOUU8wWm03TjVNaGtTUTVGTnlteW0zUXJmVzVwX1FwaHZr&is_vtc=1&ocp_id=PqhbZNSLL8G-9u8P6oWx4AY&cid=CAQSKQBygQiD-S1Xf87NvsqTJWDAteaOZy2CObug2kSrfgpk7aCGKGZsAc8X&random=3497623012 HTTP 302
  • https://www.google.de/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQzZLT3VGVDFKazdoRl9WSEVkUTJOUU8wWm03TjVNaGtTUTVGTnlteW0zUXJmVzVwX1FwaHZr&is_vtc=1&ocp_id=PqhbZNSLL8G-9u8P6oWx4AY&cid=CAQSKQBygQiD-S1Xf87NvsqTJWDAteaOZy2CObug2kSrfgpk7aCGKGZsAc8X&random=3497623012&ipr=y
Request Chain 95
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=PqhbZIvkMsnH7_UPnYq70Ac&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQi1EWTNZanVpdDNUQjVMY2JoUWxyRDNfbUxRcDV4NzVZNEhpbmN5UHJzWjRLYXZLODc2bmN0 HTTP 302
  • https://www.google.com/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQi1EWTNZanVpdDNUQjVMY2JoUWxyRDNfbUxRcDV4NzVZNEhpbmN5UHJzWjRLYXZLODc2bmN0&is_vtc=1&ocp_id=PqhbZIvkMsnH7_UPnYq70Ac&cid=CAQSKQBygQiDabIGX3X0pKUi5dy1jUqEUp6vwPvNfnz3xZuXxNDzobp7Zcpa&random=4042824703 HTTP 302
  • https://www.google.de/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQi1EWTNZanVpdDNUQjVMY2JoUWxyRDNfbUxRcDV4NzVZNEhpbmN5UHJzWjRLYXZLODc2bmN0&is_vtc=1&ocp_id=PqhbZIvkMsnH7_UPnYq70Ac&cid=CAQSKQBygQiDabIGX3X0pKUi5dy1jUqEUp6vwPvNfnz3xZuXxNDzobp7Zcpa&random=4042824703&ipr=y

88 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
cert.html
www.group-ib.com/
Redirect Chain
  • http://cert-gib.com/
  • http://www.group-ib.com/cert.html
  • https://www.group-ib.com/cert.html
7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-type
text/html
date
Wed, 10 May 2023 14:20:43 GMT

Redirect headers

Content-Length
70
Content-Type
text/html; charset=utf-8
Date
Wed, 10 May 2023 14:20:43 GMT
Location
https://www.group-ib.com:/cert.html
bt-autoinject.js
fhp-aws-antibot-back.group-ib.com/d/ 		350 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.191.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-191-153.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
96f7108983a979aebe3526cf2afe0328dbd28b3c75853c7662f58cc59601d526

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:43 GMT
content-encoding
gzip
x-envoy-upstream-service-time
0
server
istio-envoy
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
truncated
/ 		488 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73ee397124a24aed4fa3a24477d098902e8340edcb055b6f61e8274520937856

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b026b69d55919d7940aff24d3121a3455990df62d4eae6431ce0c48b47bb196

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ 		205 B
697 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
b86f0b10d409090faefb61af88754d403735938b241c00022e4842551d2a0a1a

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
x-cfids
-

Response headers

date
Wed, 10 May 2023 14:20:44 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"r/m+X41vTq4UXD+m6sj3BndbdLfeOWOpQCWdbIcVl+kqUGRq7XKi1393wghP+potEU/I+PzN66okkaZqkinvomttZNxwyuS5K+PWcyino4UjnIChQQaxneYl+IvlZMoRPpupIpcfDo7jOqlapw7ZalNz"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
2
fl
www.group-ib.com/api/ 		665 B
834 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=r%2Fm%2BX41vTq4UXD%2Bm6sj3BndbdLfeOWOpQCWdbIcVl%2BkqUGRq7XKi1393wghP%2BpotEU%2FI%2BPzN66okkaZqkinvomttZNxwyuS5K%2BPWcyino4UjnIChQQaxneYl%2BIvlZMoRPpupIpcfDo7jOqlapw7ZalNz
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
940fa912cd30d73bb9372d9dd057334d4dff6ef9ba5e221e4f9a32af2fd70562

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
fl
www.group-ib.com/api/ 		665 B
693 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=PvTO8ICeY1ls9pxYnCiE1EjRfh%2FbMS4hRA7FPBp0Zd38hfuWBbBw6dj5cl8z7p8l0s80VM6Sl%2B9a4i5uo1v5wONO%2BIhjs4lI0obUEuvHjYACQVfxPpkGIcsVJmZjpOA95wSSyyGk0cgP8ngtfb6LVZAPWGhz3i9OF3P1
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
Primary Request cert.html
www.group-ib.com/ 		45 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/cert.html
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a625bd704569c97f2c2f38cf7c0ee1a5308193435d4bf5a229a3c1a7b5c083d8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://www.group-ib.com/cert.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
content-encoding
gzip
content-length
10805
content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/ frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Wed, 10 May 2023 14:20:45 GMT
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(), accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy
no-referrer strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/ ALLOW-FROM https://groupib.pathfactory.com/ SAMEORIGIN sameorigin
x-xss-protection
1; mode=block 1; mode=block
bt-autoinject.js
fhp-aws-antibot-back.group-ib.com/d/ 		350 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.191.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-191-153.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
96f7108983a979aebe3526cf2afe0328dbd28b3c75853c7662f58cc59601d526

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
x-envoy-upstream-service-time
0
server
istio-envoy
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
hubspot-form-0d3ea2cd.css
www.group-ib.com/hubspot-form/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/hubspot-form/hubspot-form-0d3ea2cd.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:45 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3831
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Sun, 22 May 2022 18:42:44 GMT
server
nginx
etag
"628a8424-ef7"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:45 GMT
main_26755_2be51925_563_1764.js
www.group-ib.com/build/ 		297 KB
298 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/build/main_26755_2be51925_563_1764.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-length
304595
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 25 May 2022 09:25:21 GMT
server
nginx
etag
"628df601-4a5d3"
vary
Accept-Encoding, Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
js
www.googletagmanager.com/gtag/ 		135 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-392399615
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8d66100d06d7399e3c335b50d32b82613fcdc3cca870e0ec2aaa488089f5a2bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52962
x-xss-protection
0
last-modified
Wed, 10 May 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 May 2023 14:20:46 GMT
css2
fonts.googleapis.com/ 		2 KB
903 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;500&display=swap
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
492584db86b05db92e84082fb80ac2d2944bc4c7c8d9ef82cdf8c880b7cee02d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 10 May 2023 14:20:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 10 May 2023 14:20:45 GMT
css2
fonts.googleapis.com/ 		1 KB
539 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Prata&display=swap
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b6dae59b1696ffa3e74d2a5ea01c460be556d5a8cbb399c73cbcd765b812d251
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 10 May 2023 14:20:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 10 May 2023 14:20:45 GMT
types-new-38330f89.css
www.group-ib.com/stylesheets/ 		462 KB
462 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/stylesheets/types-new-38330f89.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:45 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
472773
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 06 May 2021 06:58:10 GMT
server
nginx
etag
"60939382-736c5"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:45 GMT
all-508e897e.css
www.group-ib.com/stylesheets/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/stylesheets/all-508e897e.css
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:45 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
1516216
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:53:19 GMT
server
nginx
etag
"634d09ef-1722b8"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:45 GMT
jquery-96f076a3.js
www.group-ib.com/javascripts/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/jquery-96f076a3.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:45 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
87307
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 18 Mar 2021 09:02:08 GMT
server
nginx
etag
"60531710-1550b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:45 GMT
all-2bd8fcd3.js
www.group-ib.com/javascripts/ 		199 KB
199 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
203894
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 04 Aug 2021 14:28:19 GMT
server
nginx
etag
"610aa403-31c76"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
first@2x.png
www.group-ib.com/images/cert-partners/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/first@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
5432
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-1538"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
ti@2x.png
www.group-ib.com/images/cert-partners/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/ti@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
5019
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-139b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
impact@2x.png
www.group-ib.com/images/cert-partners/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/impact@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3867
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-f1b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
oic@2x.png
www.group-ib.com/images/cert-partners/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/oic@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
12648
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-3168"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
azb-w@2x.png
www.group-ib.com/images/cert-partners/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/azb-w@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
18668
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-48ec"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
onc@2x.png
www.group-ib.com/images/cert-partners/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/onc@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
40133
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-9cc5"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
apwg@2x.png
www.group-ib.com/images/cert-partners/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/cert-partners/apwg@2x.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
11163
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-2b9b"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
award-2021_gold.png
www.group-ib.com/images/certificates/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/certificates/award-2021_gold.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
10858
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 12 May 2021 18:13:10 GMT
server
nginx
etag
"609c1ab6-2a6a"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
v2.js
js-eu1.hsforms.net/forms/ 		525 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hsforms.net/forms/v2.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef705ecaab5295915a5accd01dd71824d24c36c4e613565627088a6fb448bece
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-encoding
br
age
197
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3154/bundles/project-v2.js&cfRay=7c52ce5251a49a30-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"6976750f043e1f1e825d3c9c61d39afd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.3154/bundles/project-v2.js
date
Wed, 10 May 2023 14:20:45 GMT
x-amz-version-id
9yDX.NA092Y4xWwGmIqtbSpLzMA8xkbX
via
1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
e688cb2c-aec9-42bd-8be3-909b81428330
last-modified
Fri, 05 May 2023 09:21:52 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TA5J0%2B2nZs4y81N7x0dZUZjnWuJY6Oa5NIWxS7QsqnL86r3viKUat7mH%2BA6UkEQYeJhVQCShOWUPBzIg4AqlguKuwASRLTBDPou0lJ7O0aXlMiROc%2BDT%2Fswd0uj0h9zTIe3ZPw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-5b5d88fccc-6hs42
cf-ray
7c52d3235fb66904-FRA
x-amz-cf-id
cC1iB11f1ZFS9oROlNASqRMO8Y8fmlSPiJYsTeM6YyxcugRK-KAuog==
truncated
/ 		486 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01f543cea20de7e4b165a9f0f9d9340f706f21310921cb13144cf24bd9832fb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e44aa6f08674f1b946ced3adfd300e954f89dab171b80bda3226034f4b6f02ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ 		217 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1c1d06411e7fa045eb2f98c7c60690a2a7a78c0c7945110eb41fc4e91a11c7c7

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
rLzM76374b7b982b1c8ddeafe351537d3d01889a
x-cfids
PvTO8ICeY1ls9pxYnCiE1EjRfh/bMS4hRA7FPBp0Zd38hfuWBbBw6dj5cl8z7p8l0s80VM6Sl+9a4i5uo1v5wONO+Ihjs4lI0obUEuvHjYACQVfxPpkGIcsVJmZjpOA95wSSyyGk0cgP8ngtfb6LVZAPWGhz3i9OF3P1

Response headers

date
Wed, 10 May 2023 14:20:45 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"jA2kEVF/3chtQK7Z1mE3Eo9RQYMukZ1yWuME4LvKhsIqycYePV5pa/q6VvY6b7yAC307E2C4p6heHkLe0AXtau9Rzj1wLAHlPc43k68Po9aX7OuWLiqyRC1tBcFrUHUsPqM6uOIvd5ZzsSWak4UVECgsMVwZ/hpHuGHA"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
0
gtm.js
www.googletagmanager.com/ 		267 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ddc367f16ddfd0f0737fc43c482f3951e1575427a8258f5fd0259bcfcba4bf1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88646
x-xss-protection
0
last-modified
Wed, 10 May 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 May 2023 14:20:46 GMT
sdk.js
www.group-ib.com/javascripts/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/javascripts/sdk.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ded7aea5978af37c1d7bc4ed63a014e3d935548eb6392574188b9fcd25f919e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
3093
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Tue, 09 May 2023 22:10:01 GMT
server
nginx
etag
"645ac4b9-c15"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
icons.svg
www.group-ib.com/images/ 		440 KB
440 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/images/icons.svg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
450279
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Tue, 02 May 2023 11:05:20 GMT
server
nginx
etag
"6450ee70-6dee7"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
truncated
/ 		121 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
logo-new.svg
www.group-ib.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/logo-new.svg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
2432
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 02 Dec 2021 07:15:15 GMT
server
nginx
etag
"61a87283-980"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
main-cover67.jpg
www.group-ib.com/images/covers/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/covers/main-cover67.jpg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
59118
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:53 GMT
server
nginx
etag
"6051a12d-e6ee"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/jpeg
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
truncated
/ 		412 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1

Request headers

Referer
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
application/font-woff
idgib-w-group-ib
www.group-ib.com/api/fl/ 		0
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-group-ib
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==, yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
M1hBb70f41b0f81484c9e387acc9e4d7068fdc37, Mm2n7838a9fc74cf05f3cc955743cfa46be4f391
x-cfids
-

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
x-envoy-upstream-service-time
1
server
istio-envoy
content-length
0
truncated
/ 		486 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
884fe3e7b47accc7c38b5f4218df59c0f97d940e5d532e4e6134bbea8c6e22b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e66a8574968e43b37856abc7ea6c5b6b9c28b06e25ec95d29c0969769eb520b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ 		217 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
57cc223afdf555d0b02b6541a74f33090dad4c672b629333da37585eaf4e94d5

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==, yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
YBB1dace27708de3e6faf77aced6bba8fc494e92, aXJvcd6dfa193fb1a39eb8dfa3c2a4e58a62d540
x-cfids
jA2kEVF/3chtQK7Z1mE3Eo9RQYMukZ1yWuME4LvKhsIqycYePV5pa/q6VvY6b7yAC307E2C4p6heHkLe0AXtau9Rzj1wLAHlPc43k68Po9aX7OuWLiqyRC1tBcFrUHUsPqM6uOIvd5ZzsSWak4UVECgsMVwZ/hpHuGHA

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
server
istio-envoy
etag
W/"2zz6mByvUxAzte4dIRY6efVKGOVxAJYnFY0FA1kHkRuYLNgvKdwsWESrLMnmP2UzT5Xw7H0591ie8rHI3MgD3/dsnf/g1zjaE488bnWgWqv9NkQiOksSAHd02+UW1zLndCNo7VE9N8EdCW8SVSnCmU9Y5q4L2wN4LN4S"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
4
sdk.js
connect.facebook.net/ru_RU/ 		302 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/ru_RU/sdk.js?hash=118d9dcb5e21ba0d88956e18eb06fc69&ua=modern_es6
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
55a809cfdce5fcc4b65fe94b6691108b5acb40c6ba4bc9894ad26802298e86c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.group-ib.com/
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 10 May 2023 14:20:46 GMT
content-md5
LBsT41+RN1mN37w+0qPIVA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87428
x-fb-rlafr
0
x-fb-debug
90QjuILzi4HcCM8PqDBqX54y4kBMTe05vlyN23/BfXRE+cWohmaAoRS7gthlLitTssof1EpfIn6cSXE34XRa5Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
x-fb-content-md5
a590de3924cb974aa92254baf67ad933
cross-origin-opener-policy
same-origin-allow-popups
etag
"b63572052f1ff236a7bcdf92a9daf364"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=()
x-frame-options
DENY
timing-allow-origin
*
expires
Wed, 08 May 2024 11:21:23 GMT
forms2.min.js
app-lon09.marketo.com/js/forms2/js/ 		208 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-lon09.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/javascripts/all-2bd8fcd3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63113904
last-modified
Thu, 23 Mar 2023 21:46:36 GMT
server
cloudflare
cf-cache-status
HIT
age
6384
etag
"8c1c1f-33e51-5f79835f6a700"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
7c52d3267d002c22-FRA
expires
Wed, 10 May 2023 18:20:46 GMT
json
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.3154&X-HubSpot-Static-App-Info=forms-embed-1.3154
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07f12bc1a2da5f4970e2a39e9fc3d138ddb367da053c11470b1e237b2d5dbc2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-origin-hublet
eu1
date
Wed, 10 May 2023 14:20:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
117ba1d3-03ee-4a57-b673-f51ccab4b552
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
8
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
85e3d5b1-0b6d-4907-beba-f8fd23bafd17
server
cloudflare
x-trace
2BD9D4009FE46C4375BAA013DDF451F348FA891A43000000000000000000
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
7c52d3261b4f30d6-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-58d95cdb67-hrzpl
cert-video.mp4
www.group-ib.com/video/ 		6 MB
6 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/video/cert-video.mp4
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://www.group-ib.com/cert.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Range
bytes=0-

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
Content-Range
bytes 0-6019493/6019494
Content-Length
6019494
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:56 GMT
server
nginx
etag
"6051a130-5bd9a6"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
video/mp4
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
truncated
/ 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/392399615/?random=1683728446323&cv=11&fst=1683728446323&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b595ff39c0f100115b3fa804060d5923c548ddcee0a8451169a4c3478ecab07c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1237
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		135 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-392399615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
aafe9ea6434af82a53492a33d103001f3d0026c09762fb6dcabd071bb52f8acd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52972
x-xss-protection
0
last-modified
Wed, 10 May 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 May 2023 14:20:46 GMT
fl
www.group-ib.com/api/ 		45 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=d5fb122505&mv=2&cfidsgib-w-group-ib=
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==, yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
DiPb57e005a0ad019bb41ad28db34ceee2b7a555, QbWP37231b57d81986c4189cb9e272d138489768
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
6si.min.js
j.6sc.co/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 04 Apr 2023 21:13:35 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"642c92ff-8319"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
10492
expires
Wed, 10 May 2023 14:20:46 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-eddf8230068-FRA
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=27853
accept-ranges
bytes
content-length
4777
fbevents.js
connect.facebook.net/en_US/ 		106 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8dcee59828f1423ecefd552dd353e25bd4ac38a9557ee084604ee7c2d41d9b98
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 10 May 2023 14:20:46 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27538
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
ol6Ats11TabR4vIkki2/a/Af4P9pSX1RgmT/sroA74Gl0GOMyE962Jcv0QaRPVhRksAH9bmo6ZHRNol+aRKNzw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
NeverBounce.js
cdn.neverbounce.com/widget/dist/ 		96 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Tue, 09 May 2023 16:17:40 GMT
via
1.1 90cf045072373c2c671297de3161846e.cloudfront.net (CloudFront)
last-modified
Mon, 02 Mar 2020 18:37:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
age
79392
etag
"c1e06621030dfcba15b88abbcaa546eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
97984
x-amz-cf-id
G2Ft9-FYLXHDHAvMTXCP0KXJlQIRzkTByiihvWWqoG3t2fAyujsBSw==
63e267f61a03d71ea3df5fe7
ws.zoominfo.com/pixel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
aadadf8582c341bc6ee2d9d3cbb98031a27eac35cd76f68a1bf5251c8c23e3e9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/cert.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
7c52d3275807915e-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js
www.googletagmanager.com/gtag/ 		257 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
094d0850d2c1e7e7eedb6773d0b3f2d781258146ad759b6fc010974a7ee36ea0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87773
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 10 May 2023 14:20:46 GMT
admin-ajax.php
www.group-ib.com/media/wp-admin/ 		796 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==, yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
mOfRbee43168548324f30ed9879432efc6923a20, e5Rqab63b1ad04c00085fd59635e6cbdf5f7f691

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-content-type-options
nosniff
x-frame-options
sameorigin
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
content-length
334
x-xss-protection
1; mode=block
id.html
ru.id.group-ib.com/ Frame DB56 		524 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ru.id.group-ib.com/id.html
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/build/main_26755_2be51925_563_1764.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.17.9.182 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
nginx /
Resource Hash
ba089dcfcc52781af808e678e79b81ece82b1c96914a9135e6616eea0a74a6c5

Request headers

Referer
https://www.group-ib.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Wed, 10 May 2023 14:20:46 GMT
Server
nginx
Transfer-Encoding
chunked
cache-control
no-cache
content-encoding
gzip
etag
W/"ySVWodkisXzhnkI7vmiD7jZTYg6mE1EsQZJWYVPKU7X4w2WGgueFhSP5mlF2HmRmwGWdoKytRhIi7Iy2AAEs-+7BX8KGOYeUjHwuQH-DrD8TQZQtlqAlHE0CP7Na"
vary
Accept-Encoding
x-envoy-upstream-service-time
0
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
689 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
791c0541-d5f3-4750-96c8-f933d1854244
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b78b590c-e06c-430b-ae8a-35555d692e34
server
cloudflare
x-trace
2BCE046A6F0ABC513C5C0B462D9DDC5E419AFAFB1A000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-58fd596dd9-tpxx8
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
7c52d327a90e30e4-FRA
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 10 May 2023 12:35:39 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
6307
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Wed, 10 May 2023 14:35:39 GMT
arrow_white-right.png
www.group-ib.com/images/arrows/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/images/arrows/arrow_white-right.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/stylesheets/all-508e897e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/stylesheets/all-508e897e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://pathfactory.com/ https://groupib.pathfactory.com/, frame-ancestors 'self';
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-dns-prefetch-control
off
content-length
1113
x-xss-protection
1; mode=block, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Wed, 17 Mar 2021 06:26:52 GMT
server
nginx
etag
"6051a12c-459"
x-download-options
noopen
x-frame-options
ALLOW-FROM https://pathfactory.com/, ALLOW-FROM https://groupib.pathfactory.com/, SAMEORIGIN, sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=604800, private, max-age=3600
feature-policy
camera 'none'; microphone 'none'; geolocation 'none'; encrypted-media 'none'; payment 'none'; speaker 'none'; usb 'none';
permissions-policy
camera=(), microphone=(), geolocation=(), encrypted-media=(), payment=(), speaker=(), usb=(),, accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
expires
Wed, 17 May 2023 14:20:46 GMT
counters.gif
forms-eu1.hsforms.com/embed/v3/ 		35 B
689 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
a7307d7e-0654-4b89-bd78-06920599e814
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
5
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c5d8d8dd-c042-4d29-b2c6-a6dd85b7d457
server
cloudflare
x-trace
2BED874F99150300067D4CB5EC0F155B436FE4C417000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-58d95cdb67-4qtpl
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
7c52d329cbb03669-FRA
/
www.google.com/pagead/1p-user-list/392399615/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/392399615/?random=1683728446323&cv=11&fst=1683727200000&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=766799361&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/392399615/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/392399615/?random=1683728446323&cv=11&fst=1683727200000&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=766799361&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=1683728446629&cv=11&fst=1683728446629&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2b8cdcd858ba499445a12a36fba3957c108a7770aa33a3d784edaa78a76cb4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1242
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/863262324/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/863262324/?random=1683728446638&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-863262324&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
f1d339c8d5806c24ffbd3600ed209fc71e03ace9a467946cba1ec88af1ac1912
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1569
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
649324202964935
connect.facebook.net/signals/config/ 		379 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/649324202964935?v=2.9.104&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
12d3f6c46cfa13bd4236130c8388e8722111e88cfc3a53b22f6dd6b499db3633
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 10 May 2023 14:20:46 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
Egi/lkOsgibQGwCXqYHrSf1HlN7M9FLZ7XNBtbXreTi5kzJsVx6tKV/4ijq685qjQPvd7O49Y9wExcxIlu0qMQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
destination
www.googletagmanager.com/gtag/ 		205 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3b57d4fedef5c142c8d1e549fbebbd80079910b8b4923fbcad9e6169378d7d79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73899
x-xss-protection
0
last-modified
Wed, 10 May 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 May 2023 14:20:46 GMT
collect
region1.analytics.google.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je3580&_p=400316131&_gaz=1&cid=565216439.1683728447&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1683728446&sct=1&seg=0&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dr=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
246 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=565216439.1683728447&gtm=45je3580&aip=1
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=565216439.1683728447&gtm=45je3580&aip=1&z=609633828
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
token
cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/ 		36 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/4496601/domain/group-ib.com/token
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 12:13:09 GMT
content-encoding
gzip
via
1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7657
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=15512
x-amz-cf-id
6GKuRaI-vbuD8YO1bByK9KNAm_UA3mzA2jiI-gLzw6e7c_phLdWT7g==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1683728446727%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fc...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLT0DBgOQU8EwAAAYgGCTeSeNh5eKoJTX46eofhsXD...
0
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLT0DBgOQU8EwAAAYgGCTeSeNh5eKoJTX46eofhsXD8SUzo2MGjy1vrMrhpUlptFkyiQfg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Server
13.107.42.14 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 02A3ED5DF8D040BDB00AF7D0B12886D3 Ref B: DUS30EDGE0313 Ref C: 2023-05-10T14:20:47Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX7V5QGx9zIxnub5Y/7JQ==

Redirect headers

date
Wed, 10 May 2023 14:20:47 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F992C56DA6424F52A1DF3AFCFE2043E7 Ref B: FRAEDGE2006 Ref C: 2023-05-10T14:20:47Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1683728446727&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tm=gtmv2&liSync=true&e_ipv6=AQLT0DBgOQU8EwAAAYgGCTeSeNh5eKoJTX46eofhsXD8SUzo2MGjy1vrMrhpUlptFkyiQfg
x-li-proto
http/2
content-length
0
x-li-uuid
AAX7V5QAu2/II6zxw5QNqg==
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=ce50d9ea-834f-430f-a4b3-6e3d3ecf81af&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4f5f3970-9109-4b17-be95-9503c2d601d0&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-response-time
108
date
Wed, 10 May 2023 14:20:46 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
4380efd6960e2729
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
8f6e954e01d4285ff03cbb5e9e929b479d5b99d18a82a56878b4d3cdf38cca45
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=ce50d9ea-834f-430f-a4b3-6e3d3ecf81af&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4f5f3970-9109-4b17-be95-9503c2d601d0&tw_document_href=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6fwj&type=javascript&version=2.3.29
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-response-time
104
date
Wed, 10 May 2023 14:20:46 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
53927242004f21c2
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
537e8de98380b3c943ec9ea68e0446fd09a382c6754002d7f0dce746fd0d8cf8
content-length
43
/
c.6sc.co/ 		7 B
203 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		19 B
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:14::1724:a258 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:1338:92::7
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467702_388276248_115859620_19_954_38_0";dur=1
content-length
19
expires
Wed, 10 May 2023 14:20:46 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=a2d787fe-d040-4dad-8228-f50b9e999100&session=a63a5bfd-9550-4c74-8cc8-c0c177a3edf0&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2010%20May%202023%2014%3A20%3A46%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2010%20May%202023%2014%3A20%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2010%20May%202023%2014%3A20%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2010%20May%202023%2014%3A20%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=8f2e3cd4-2b20-4150-8c9e-bfc242515695
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-25492706-2&cid=565216439.1683728447&jid=2144867640&gjid=1206986673&_gid=1850538112.1683728447&_u=YCDAgEABAAAAAEAEK~&z=1850651564
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=400316131&t=pageview&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ul=en-us&de=UTF-8&dt=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgEABAAAAAAAEK~&jid=2144867640&gjid=1206986673&cid=565216439.1683728447&tid=UA-25492706-2&_gid=1850538112.1683728447&gtm=45He3580n71PW7265&cg1=COM%3A%20CERT&cd1=565216439.1683728447&z=303729615
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 04:11:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
36578
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=a2d787fe-d040-4dad-8228-f50b9e999100&session=a63a5bfd-9550-4c74-8cc8-c0c177a3edf0&event=play&q=%7B%22event_id%22%3A%22%22%2C%22event_value%22%3A%22https%3A%2F%2Fwww.group-ib.com%2Fvideo%2Fcert-video.mp4%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=8f2e3cd4-2b20-4150-8c9e-bfc242515695
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.google.com/pagead/1p-user-list/863262324/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/863262324/?random=1683728446629&cv=11&fst=1683727200000&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4236789514&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/863262324/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/863262324/?random=1683728446629&cv=11&fst=1683727200000&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4236789514&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
notify
api.neverbounce.com/v4/poe/ 		62 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_33037
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.23.106.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-106-100.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4a0cb5df7361a20dd5311bbfdffa06019e8ec2b69fdf6f6b9a619e4d4b6de2fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
/
www.googleadservices.com/pagead/conversion/10865976765/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/10865976765/?random=1683728446802&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10865976765&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
b7a6a2ce958f7a8a1660b10563236b0c9635b67e8c95fce6267e1b02d50f6b36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1568
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-25492706-2&cid=565216439.1683728447&jid=2144867640&_u=YCDAgEABAAAAAEAEK~&z=1474650620
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-25492706-2&cid=565216439.1683728447&jid=2144867640&_u=YCDAgEABAAAAAEAEK~&z=1474650620
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&rl=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&if=false&ts=1683728446919&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1683728446918.889013677&cs_est=true&it=1683728446686&coo=false&rqm=GET
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 10 May 2023 14:20:47 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
fl
www.group-ib.com/api/ 		665 B
762 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=jA2kEVF%2F3chtQK7Z1mE3Eo9RQYMukZ1yWuME4LvKhsIqycYePV5pa%2Fq6VvY6b7yAC307E2C4p6heHkLe0AXtau9Rzj1wLAHlPc43k68Po9aX7OuWLiqyRC1tBcFrUHUsPqM6uOIvd5ZzsSWak4UVECgsMVwZ%2FhpHuGHA
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
6004ead3a45eadda4425d55ddd0be3b5b13634fbda72aa606c2887cd890ac117

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==, yk+cMxmVRZsn/M1skAApSyrfRXJFTEbs+WUYufxp/NvFZfZRs4nKrtQRBNJ9bNBr6eYV5+/9MLudgLL2aGFpoHaYjDhciRY023wzKyHCX4KgD0y4rMCXyjhNdDzU5JfRG/7G8SKmcObEm3KatniRLILfm9r33wVpU8IPtxHtpBUZImA9Zk0h5tjbc2/MgB/GL9D/RD5PSGckd47TIiJDMV0qbTcnZKYNZ7uBLpaq4vVo7K7GRsbS4rp3iETJpQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
7InDd535a7204799cd2a8f4942a547cd4c7c7d7f, 7z5F646c6dfc4444527606f1cfcd3fafe8353456
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:46 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
/
www.google.de/pagead/1p-conversion/863262324/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.g...
  • https://www.google.com/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.ht...
  • https://www.google.de/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.htm...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQzZLT3VGVDFKazdoRl9WSEVkUTJOUU8wWm03TjVNaGtTUTVGTnlteW0zUXJmVzVwX1FwaHZr&is_vtc=1&ocp_id=PqhbZNSLL8G-9u8P6oWx4AY&cid=CAQSKQBygQiD-S1Xf87NvsqTJWDAteaOZy2CObug2kSrfgpk7aCGKGZsAc8X&random=3497623012&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/863262324/?random=553213498&cv=11&fst=1683728446638&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=NAwCCJTDvd8CEPSs0ZsD&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQzZLT3VGVDFKazdoRl9WSEVkUTJOUU8wWm03TjVNaGtTUTVGTnlteW0zUXJmVzVwX1FwaHZr&is_vtc=1&ocp_id=PqhbZNSLL8G-9u8P6oWx4AY&cid=CAQSKQBygQiD-S1Xf87NvsqTJWDAteaOZy2CObug2kSrfgpk7aCGKGZsAc8X&random=3497623012&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=a2d787fe-d040-4dad-8228-f50b9e999100&session=a63a5bfd-9550-4c74-8cc8-c0c177a3edf0&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=8f2e3cd4-2b20-4150-8c9e-bfc242515695
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.google.de/pagead/1p-conversion/10865976765/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fww...
  • https://www.google.com/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert...
  • https://www.google.de/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert....
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQi1EWTNZanVpdDNUQjVMY2JoUWxyRDNfbUxRcDV4NzVZNEhpbmN5UHJzWjRLYXZLODc2bmN0&is_vtc=1&ocp_id=PqhbZIvkMsnH7_UPnYq70Ac&cid=CAQSKQBygQiDabIGX3X0pKUi5dy1jUqEUp6vwPvNfnz3xZuXxNDzobp7Zcpa&random=4042824703&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H3
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 10 May 2023 14:20:47 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/10865976765/?random=1526351858&cv=11&fst=1683728446802&bg=ffffff&guid=ON&async=1&gtm=45be3580&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&ref=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&label=FfadCJnh_KkDEL3Lpr0o&hn=www.googleadservices.com&frm=0&tiba=Response%20to%20information%20security%20incidents%20-%20CERT-GIB&gtm_ee=1&auid=493566688.1683728446&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOElIdG9nWVF1WjM1dXYyNV9JNTVFaVVBcEtjWlVGSEkyc1k2cVY4TjFYdFBhdWY5eFZVZ3k5Tm9ScU9ZUXZpRVFhRmRxaC1OGlhDaEVJOElIdG9nWVFvdld4NGN1bHBLUGxBUkl0QUJGMGRPQi1EWTNZanVpdDNUQjVMY2JoUWxyRDNfbUxRcDV4NzVZNEhpbmN5UHJzWjRLYXZLODc2bmN0&is_vtc=1&ocp_id=PqhbZIvkMsnH7_UPnYq70Ac&cid=CAQSKQBygQiDabIGX3X0pKUi5dy1jUqEUp6vwPvNfnz3xZuXxNDzobp7Zcpa&random=4042824703&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fl
www.group-ib.com/api/ 		665 B
791 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=2zz6mByvUxAzte4dIRY6efVKGOVxAJYnFY0FA1kHkRuYLNgvKdwsWESrLMnmP2UzT5Xw7H0591ie8rHI3MgD3%2Fdsnf%2Fg1zjaE488bnWgWqv9NkQiOksSAHd02%2BUW1zLndCNo7VE9N8EdCW8SVSnCmU9Y5q4L2wN4LN4S
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
2b69c01da7a43e4aa154cf70a752456a25105b0bffd99958c1ce110fcabffa82

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
NLcL7xABb2mTey0CHpoGhV9EIwrQ9xMNhljnh4HP8xZzXeqJKo9GAOJTmQ2vMmTcgzhD7Cm6mjhoWvoJ//J9me3xRbzDEPzWWZ5L8uTfmlvth+XfCerr1Tbgn3KXy4dZd6co5Bp2Z8OXhbGPgaM8uSUJjf0TNkgvmX2zZYTWvGXIHH32tutjzP6CT47UrJ0PlRnA9Jr9aoYKH7TN2Fjy7n7SLq4ugi0n+qlLXfsSlNKJUk4+Oec5SKBcZHW5VQ==, NLcL7xABb2mTey0CHpoGhV9EIwrQ9xMNhljnh4HP8xZzXeqJKo9GAOJTmQ2vMmTcgzhD7Cm6mjhoWvoJ//J9me3xRbzDEPzWWZ5L8uTfmlvth+XfCerr1Tbgn3KXy4dZd6co5Bp2Z8OXhbGPgaM8uSUJjf0TNkgvmX2zZYTWvGXIHH32tutjzP6CT47UrJ0PlRnA9Jr9aoYKH7TN2Fjy7n7SLq4ugi0n+qlLXfsSlNKJUk4+Oec5SKBcZHW5VQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
ChH2a98718541efe53859fbe537b32859b717767, q9hq5028bc15f4d4bb92f24c4a872b87fcd0cdc8
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
/
www.facebook.com/tr/ Frame AE7A 		0
50 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.group-ib.com
Referer
https://www.group-ib.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.group-ib.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Wed, 10 May 2023 14:20:47 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
img.gif
b.6sc.co/v1/beacon/ 		43 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=a2d787fe-d040-4dad-8228-f50b9e999100&session=a63a5bfd-9550-4c74-8cc8-c0c177a3edf0&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2010%20May%202023%2014%3A20%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2010%20May%202023%2014%3A20%3A46%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20provides%20professional%20assistance%20in%20response%20to%20DDoS%20attacks%2C%20unsanctioned%20access%2C%20phishing%2C%20infection%20by%20malware%20and%20etc.%20Inform%20us%20about%20the%20incident%20and%20we%20will%20help%20you.%22%2C%22keywords%22%3A%22response%2C%20center%2C%20incident%2C%20cert%2C%20computer%2C%20emergency%2C%20SOC%2C%20team%2C%20DDoS%2C%20phishing%2C%20malware%2C%20fraud%2C%20online%22%2C%22title%22%3A%22Response%20to%20information%20security%20incidents%20-%20CERT-GIB%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fcert.html&pageViewId=8f2e3cd4-2b20-4150-8c9e-bfc242515695
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/cert.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-187-88.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
fl
www.group-ib.com/api/ 		665 B
735 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=QkY0dDEvmajLyTzp45IaE6lJ%2BzterluAg%2FZN4EoulPhpgtPk1EhHSVXckRwqTTRoZ4PTisG1eGNKu4tQi%2Fmm8F8U1mQMAQV%2FG7jM%2F8zYRPVZldMJCy%2BY5dttKrtddyt%2BWu9RRNnQ%2F9b%2B52xJz8l8wlgG6Axjq%2Fepkw%2Fu
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1f90ebe846805f858710215d831192834abb4aa65e46f6d88e00c06eb69a2f4e

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
rrvvcwLGB9yhJLPWiMjeXM3CZYBFA5b/cBFoDIwEG1rA5IadMgo9pIqlgC1XlFBCwPTNWYuE2+tV+CsjyffTvlNjitMSQ3ClwXv/qMLOZxivABN9RvO8RLKqKXzu+Cl+GKSV7MFcxMftFYmwma4vTp2ns95VxIwSFY3E9BvZXkhbmc3l7FR6VkR9LlDisEDaXajQBe64QY+ZmqgtsPYqCr8aUL0an1vVUV4Ge0kLOEOaue+i4AkstSqhqjrnGQ==, rrvvcwLGB9yhJLPWiMjeXM3CZYBFA5b/cBFoDIwEG1rA5IadMgo9pIqlgC1XlFBCwPTNWYuE2+tV+CsjyffTvlNjitMSQ3ClwXv/qMLOZxivABN9RvO8RLKqKXzu+Cl+GKSV7MFcxMftFYmwma4vTp2ns95VxIwSFY3E9BvZXkhbmc3l7FR6VkR9LlDisEDaXajQBe64QY+ZmqgtsPYqCr8aUL0an1vVUV4Ge0kLOEOaue+i4AkstSqhqjrnGQ==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
ABkx270be298b7b7c87aa85f7e700b15123d840d, 84Bqb9a9cf6a6d4b1a30fd3f0a49a865155781f8
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:47 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
fl
www.group-ib.com/api/ 		665 B
801 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=b58b50d0-ef28-11ed-bfbb-892cd0e43bb7&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=hbS%2BzBnzE2RHTgJZVGFJiSzOBP%2BNoNul2QFC0OceHs8vuqiaNvxt7ZA1%2FT5vucD73NhCM%2Bqg9UrNmWCzekqdx9ecb%2BHsXDMKHYIUiWwyQY1rQp%2BN6pV8OKJPZqcoMLpFWsHCOcDDM%2BZOkdBXy7M8uZt9gVDDMG11IcCW
Requested by
Host: fhp-aws-antibot-back.group-ib.com
URL: https://fhp-aws-antibot-back.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
44fd719ea81474d429712cadf9c268e1c533558f46b857db4e7ea18c57d2836b

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
NcuQ8X8tBe99QQTZ4LE/QcvFpWsB3d25lQczctX4C52ONsCBaeScNvusld2jsDVdEvfHAbzDB/JldqQ9w7mbKgPOiF/s37RSXVbNJ8RFicDAIlRoXPuTsJv2k735Azs/WzeUWTNbLrqC7YgAmLAzlz6CRIHLK/v9eXi3IuO24JpGbzB4b2gFNfoJLRxTIzU9mNKdgc6Zda8fakneZNaCPyfI3BTCFXirCXBbG4Hi9c9bLEj6fsU+kPmGozfJ4w==, NcuQ8X8tBe99QQTZ4LE/QcvFpWsB3d25lQczctX4C52ONsCBaeScNvusld2jsDVdEvfHAbzDB/JldqQ9w7mbKgPOiF/s37RSXVbNJ8RFicDAIlRoXPuTsJv2k735Azs/WzeUWTNbLrqC7YgAmLAzlz6CRIHLK/v9eXi3IuO24JpGbzB4b2gFNfoJLRxTIzU9mNKdgc6Zda8fakneZNaCPyfI3BTCFXirCXBbG4Hi9c9bLEj6fsU+kPmGozfJ4w==
Referer
https://www.group-ib.com/cert.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
xaGx223e6e9a0bc917ac325a36638e5efca5b6b9, GrHb78416e3205122a87f7482790da6af0d53194
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 May 2023 14:20:48 GMT
content-encoding
gzip
server
istio-envoy
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 boolean| credentialless object| gib boolean| __gibclatt boolean| __86a4b3f1c71b93a8cb28ae2a51a4c386__ function| gibSetAttribute function| gibSetAttributeCallback function| gibRemoveAttribute function| gibHash function| gibEncrypt string| __guc__1.0.0 object| dataLayer function| gtag function| $ function| jQuery object| conf function| fbAsyncInit object| hubspot object| HubSpotForms object| _hsq object| hbspt object| hsFormsOnReady function| _classCallCheck function| executeFunctionByName function| _createClass object| landing object| certainDomains object| publicDomains function| Tiles function| Action object| actions function| CubicGallery function| CubicGallery2 function| Parallax function| Popup function| SelectThis function| CubicForm function| CubicSticky function| SwipeDetector function| CubicSwitcher function| CubicTabs function| ChangeForm function| Shifter function| ClipboardJS function| raf object| gacid object| gaClientId object| FB function| Accordeon function| EmailsBase function| wr function| Cookies function| CrmForm function| Marketo object| merchPop function| metrics object| LinkedIn object| News object| showMore object| News2 function| PollForm function| fillPoll function| Share function| ShowMore2 function| CubicTags function| Test function| Tumbler function| initTumbler function| Unsubscribe object| google_tag_manager object| google_tag_data object| GooglebQhCsO object| _6si function| twq object| _linkedin_data_partner_ids boolean| _already_called_lintrk function| fbq function| _fbq object| _NBSettings object| popups function| initCrmForms string| GoogleAnalyticsObject function| ga object| __buffer object| MktoForms2 function| onYouTubeIframeAPIReady object| gaGlobal function| lintrk object| regeneratorRuntime object| twttr object| gaplugins object| gaData object| SENTRY_RELEASE undefined| Raven object| _nb function| __neverbounce_33037 object| ziws

36 Cookies

Domain/Path Name / Value
www.group-ib.com/ Name: gssc213174
Value:
.www.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.www.group-ib.com/ Name: __zzatgib-w-group-ib
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: __zzatgib-w-group-ib
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: _gcl_au
Value: 1.1.493566688.1683728446
.app-lon09.marketo.com/ Name: __cf_bm
Value: PwxtvZXWDg7DdLGT3yZBMzmqjMb4bEFosPZFeBPpd54-1683728446-0-AQ/iNL8NyZqwaoKgEwBTOiLnshWRbIVsH1aXOnULRegBxUkKMLsWtt7cw9qjj7omMSOLQqJroikKxTQ602y1nfQ=
.group-ib.com/ Name: _ga_QMES53K3Y2
Value: GS1.1.1683728446.1.0.1683728446.60.0.0
.doubleclick.net/ Name: IDE
Value: AHWqTUmI2mCOLmkga6AhjfomcYVEZh5gJkqysswBFZs8A2wS_138hnHebhxqVWNX
www.group-ib.com/ Name: _gd_visitor
Value: a2d787fe-d040-4dad-8228-f50b9e999100
www.group-ib.com/ Name: _gd_session
Value: a63a5bfd-9550-4c74-8cc8-c0c177a3edf0
.id.group-ib.com/ Name: gcfids
Value: ySVWodkisXzhnkI7vmiD7jZTYg6mE1EsQZJWYVPKU7X4w2WGgueFhSP5mlF2HmRmwGWdoKytRhIi7Iy2AAEs-+7BX8KGOYeUjHwuQH-DrD8TQZQtlqAlHE0CP7Na
.group-ib.com/ Name: _ga
Value: GA1.2.565216439.1683728447
.group-ib.com/ Name: _gid
Value: GA1.2.1850538112.1683728447
.group-ib.com/ Name: _dc_gtm_UA-25492706-2
Value: 1
.ws.zoominfo.com/ Name: visitorId
Value: 6508fc8b9f1f9d802cfbe3ca2b2e40b1cf87a685a0c21495f799994ef0ca9db2
.zoominfo.com/ Name: __cf_bm
Value: WwcHw75ZgsHHXetN3WR6DPph60KTVM3CZqPWCJZ4QEw-1683728446-0-AZ1qPCynV2QjvDx1pr8yC0JSRpFxwWC+pcAEf3oym7zDwlhVOfu1wYTwFJIkzpzOjXeDm5VySh1hPW7r418/VzY=
.zoominfo.com/ Name: _cfuvid
Value: t7qCRa4C6lOz.bUfhrSf329fsy3NjrETgmRkI_7yQOg-1683728446774-0-604800000
www.group-ib.com/ Name: ln_or
Value: eyI0NDk2NjAxIjoiZCJ9
.group-ib.com/ Name: _fbp
Value: fb.1.1683728446918.889013677
.t.co/ Name: muc_ads
Value: a02cdb37-5d5d-4e51-bbae-b12d909751aa
.twitter.com/ Name: personalization_id
Value: "v1_Yfn9TNYe5UsijATml7ZTWg=="
.linkedin.com/ Name: UserMatchHistory
Value: AQIu5zrnUGGXoQAAAYgGCTXQ7Fz25CXISikNDFKCu360KQO6mU4jYib93Q7KUTeANuwzdFSPUjOjzw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQL4BaE0wrz5uwAAAYgGCTXQ284gmKclO6lG3e8WzIlxtfor3yEw2cpzMiy6ZJWokzXnZQg0lllEa0j32ZcNIQ
.linkedin.com/ Name: bcookie
Value: "v=2&b81a9abe-f6c2-4d97-8604-a63e18956bc6"
.linkedin.com/ Name: lidc
Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2762:u=1:x=1:i=1683728446:t=1683814846:v=2:sig=AQGjGeqUdUQE7h_Fs4l7tCE0LBiVSSl2"
.6sc.co/ Name: 6suuid
Value: 54bb1002323601003fa85b64b3000000ffcd1500
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230510142047876a404e-5df4-4b9a-82af-15e3bfc0fc8aAQE25EzweVg3gGqNtRqwK6r0TA5cDTGw"
.linkedin.com/ Name: li_gc
Value: MTswOzE2ODM3Mjg0NDc7MjswMjG8H3y42o8k3yuj/RK87FvX03DxYSCsHo8Fex0wW6F/UA==
www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: hbS+zBnzE2RHTgJZVGFJiSzOBP+NoNul2QFC0OceHs8vuqiaNvxt7ZA1/T5vucD73NhCM+qg9UrNmWCzekqdx9ecb+HsXDMKHYIUiWwyQY1rQp+N6pV8OKJPZqcoMLpFWsHCOcDDM+ZOkdBXy7M8uZt9gVDDMG11IcCW
.www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: hbS+zBnzE2RHTgJZVGFJiSzOBP+NoNul2QFC0OceHs8vuqiaNvxt7ZA1/T5vucD73NhCM+qg9UrNmWCzekqdx9ecb+HsXDMKHYIUiWwyQY1rQp+N6pV8OKJPZqcoMLpFWsHCOcDDM+ZOkdBXy7M8uZt9gVDDMG11IcCW
.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: hbS+zBnzE2RHTgJZVGFJiSzOBP+NoNul2QFC0OceHs8vuqiaNvxt7ZA1/T5vucD73NhCM+qg9UrNmWCzekqdx9ecb+HsXDMKHYIUiWwyQY1rQp+N6pV8OKJPZqcoMLpFWsHCOcDDM+ZOkdBXy7M8uZt9gVDDMG11IcCW
.www.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: rrvvcwLGB9yhJLPWiMjeXM3CZYBFA5b/cBFoDIwEG1rA5IadMgo9pIqlgC1XlFBCwPTNWYuE2+tV+CsjyffTvlNjitMSQ3ClwXv/qMLOZxivABN9RvO8RLKqKXzu+Cl+GKSV7MFcxMftFYmwma4vTp2ns95VxIwSFY3E9BvZXkhbmc3l7FR6VkR9LlDisEDaXajQBe64QY+ZmqgtsPYqCr8aUL0an1vVUV4Ge0kLOEOaue+i4AkstSqhqjrnGQ==
.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: rrvvcwLGB9yhJLPWiMjeXM3CZYBFA5b/cBFoDIwEG1rA5IadMgo9pIqlgC1XlFBCwPTNWYuE2+tV+CsjyffTvlNjitMSQ3ClwXv/qMLOZxivABN9RvO8RLKqKXzu+Cl+GKSV7MFcxMftFYmwma4vTp2ns95VxIwSFY3E9BvZXkhbmc3l7FR6VkR9LlDisEDaXajQBe64QY+ZmqgtsPYqCr8aUL0an1vVUV4Ge0kLOEOaue+i4AkstSqhqjrnGQ==
.www.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: AJNDd3f0342e0c514b7751f19b21b287be45bae8
.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: AJNDd3f0342e0c514b7751f19b21b287be45bae8

5 Console Messages

Source Level URL
Text
network error URL: https://www.group-ib.com/cert.html
Message:
Failed to load resource: the server responded with a status of 403 ()
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network error URL: https://www.group-ib.com/api/fl/idgib-w-group-ib
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.group-ib.com/media/wp-admin/admin-ajax.php?action=mediaforcert
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.neverbounce.com
app-lon09.marketo.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.neverbounce.com
cert-gib.com
connect.facebook.net
fhp-aws-antibot-back.group-ib.com
fonts.googleapis.com
forms-eu1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js-eu1.hsforms.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
ru.id.group-ib.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.group-ib.com
www.linkedin.com
104.16.93.80
104.244.42.195
104.244.42.69
13.107.42.14
13.225.78.122
142.250.184.226
146.75.116.157
172.65.232.43
172.65.255.172
185.17.9.182
2.16.187.88
2001:4860:4802:32::36
2600:9000:20eb:6800:2:53b2:240:93a1
2606:4700::6810:a852
2606:4700::6811:d5f3
2620:1ec:21::14
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:831::2008
2a00:1450:400c:c0b::9b
2a02:26f0:3500:14::1724:a258
2a02:26f0:3500:16::215:149b
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.72.181.255
3.72.191.153
5.9.185.28
52.23.106.100
01f543cea20de7e4b165a9f0f9d9340f706f21310921cb13144cf24bd9832fb9
0430dd3b974561238dac03eb963a67da014965080c3d2de38d5b7aa318f3053e
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
077dad3be3a10854dc97527ce83bbf6422309d807f6e4b3492de78005d786cdc
07f12bc1a2da5f4970e2a39e9fc3d138ddb367da053c11470b1e237b2d5dbc2f
094d0850d2c1e7e7eedb6773d0b3f2d781258146ad759b6fc010974a7ee36ea0
12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f
12d3f6c46cfa13bd4236130c8388e8722111e88cfc3a53b22f6dd6b499db3633
141397708f146e91f2a8137f1897e36d558af1c3c2e552c6aeda5f5d0a7448b0
163907259fa19c5b768aea83f82db575b01aad0fd5fbf9ac448d3db383229547
1c1d06411e7fa045eb2f98c7c60690a2a7a78c0c7945110eb41fc4e91a11c7c7
1f90ebe846805f858710215d831192834abb4aa65e46f6d88e00c06eb69a2f4e
206d8cf5d1a0149c666651755b0f7b0b62a50882d61a5d18eaddc7317bb92a53
2182c7c52d0d00a3867cd805e699903609504621a5088a51c9cdd07ad5a53197
2b69c01da7a43e4aa154cf70a752456a25105b0bffd99958c1ce110fcabffa82
3b57d4fedef5c142c8d1e549fbebbd80079910b8b4923fbcad9e6169378d7d79
3cbdeb53c566f58fa2298177c12defc90c733843c50e2fd4147d9597d33a1e34
3dd4b088ab105f30c06ccea664b41ad4d8308bca0d79497bfd795113e7d616c6
3dfb83a15a1a69fb2c6355797651535983e30f2ebee4666b987b217780a18f61
44fd719ea81474d429712cadf9c268e1c533558f46b857db4e7ea18c57d2836b
48dcfb6f699f2b4601e387a2c338ecd86589342e957bdc153650df90f3c175a9
492584db86b05db92e84082fb80ac2d2944bc4c7c8d9ef82cdf8c880b7cee02d
4a0cb5df7361a20dd5311bbfdffa06019e8ec2b69fdf6f6b9a619e4d4b6de2fa
4b026b69d55919d7940aff24d3121a3455990df62d4eae6431ce0c48b47bb196
55a809cfdce5fcc4b65fe94b6691108b5acb40c6ba4bc9894ad26802298e86c7
57cc223afdf555d0b02b6541a74f33090dad4c672b629333da37585eaf4e94d5
5ded7aea5978af37c1d7bc4ed63a014e3d935548eb6392574188b9fcd25f919e
6004ead3a45eadda4425d55ddd0be3b5b13634fbda72aa606c2887cd890ac117
66d609b0c975493c48e785524fbb6cfa5d28ea59d8d7e5e12bd4a8c5b8556f67
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
73ee397124a24aed4fa3a24477d098902e8340edcb055b6f61e8274520937856
74711bb799e7d4712bcdc9fdf42f5acb835448d1ec23936a1d46a087e192e378
74a02ff107402492b9e19e4c7c550a9db662bfcb3a8bebc372d4ac8fb0a90fff
756fc1c26e7451568fba7f9b0e1365c1d3f3585d911c49020ee0678564da7d06
7b12bc0e3c26c7489b7b00b5eac170133e840e004baac496b88c23db28353ad4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844bb56d9d924583139e6f89aa998b215f3a7516cafc5e448c64e8cde29361e5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
884fe3e7b47accc7c38b5f4218df59c0f97d940e5d532e4e6134bbea8c6e22b9
8b3ecc577e9722ca0bb5fd08ce6e5b800b114001af146f2a03865ab2859e9eb1
8d66100d06d7399e3c335b50d32b82613fcdc3cca870e0ec2aaa488089f5a2bb
8dcee59828f1423ecefd552dd353e25bd4ac38a9557ee084604ee7c2d41d9b98
940fa912cd30d73bb9372d9dd057334d4dff6ef9ba5e221e4f9a32af2fd70562
96a6001a342e4c3f87e5bf80a35541f4967c0a2d94eb185d030a752d5b05f645
96f7108983a979aebe3526cf2afe0328dbd28b3c75853c7662f58cc59601d526
98798d0e87b53006f4a5e5225a1c3f968075937b75aa0d7cca0506bda9063e55
9ee338bd03594461a939b661840e43fec02d7345e19e3ad12509c06ba37ad355
9f76fca582f32f2da3a5f6c1fbfd29f75a599227fc58c9a3acde24fd25550246
a138c249b501af8ef53ac907a5cc8f9ba7a7a75b35d7c4cd4951eda4c4aa6e54
a2b8cdcd858ba499445a12a36fba3957c108a7770aa33a3d784edaa78a76cb4b
a625bd704569c97f2c2f38cf7c0ee1a5308193435d4bf5a229a3c1a7b5c083d8
aadadf8582c341bc6ee2d9d3cbb98031a27eac35cd76f68a1bf5251c8c23e3e9
aafe9ea6434af82a53492a33d103001f3d0026c09762fb6dcabd071bb52f8acd
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b595ff39c0f100115b3fa804060d5923c548ddcee0a8451169a4c3478ecab07c
b6dae59b1696ffa3e74d2a5ea01c460be556d5a8cbb399c73cbcd765b812d251
b7a6a2ce958f7a8a1660b10563236b0c9635b67e8c95fce6267e1b02d50f6b36
b86f0b10d409090faefb61af88754d403735938b241c00022e4842551d2a0a1a
ba089dcfcc52781af808e678e79b81ece82b1c96914a9135e6616eea0a74a6c5
c678f7ebeaf42ae73a6b84255ed78e47baa5f2fa1718892dd24d5064bfe67117
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cba8dab9146aa4c7695c71ec3c6dd57b5e7c3c26cf53709866aa9ca7da1de491
cbd38f4d44ad316257c6d3179f980798a97688e6ff1df6d94f66cad4b46945a7
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddc367f16ddfd0f0737fc43c482f3951e1575427a8258f5fd0259bcfcba4bf1c
dfef3b3b725657391e24cf6811a83b43162d15068bc0ce8544e88f06512b9450
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44aa6f08674f1b946ced3adfd300e954f89dab171b80bda3226034f4b6f02ed
e51d180997efe01b05d525240cff9025620bf4cc3b34487c6890742a2b1ed7d4
e66a8574968e43b37856abc7ea6c5b6b9c28b06e25ec95d29c0969769eb520b4
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e879f79cf3432a5c0e30fe7ff7bbbccf97fb8adf675ea88a3349f22936b73a9d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef705ecaab5295915a5accd01dd71824d24c36c4e613565627088a6fb448bece
f1d339c8d5806c24ffbd3600ed209fc71e03ace9a467946cba1ec88af1ac1912
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f861bad7e2c91ffabeed5b2eceeb943001ebe1c4ff4fa131a2b574e1a6c34b1a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe9a7ca1e475140e6b37fbc86a5efcd3251be4348137aa07231bd91ee8678b7c