Report - samosapis.ru/

Report Overview

Submitted URL
samosapis.ru/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-02 10:38:43
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.218.164.174
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
samosapis.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	800 kB	172.67.143.65
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	samosapis.ru/	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/css/game.css?ver=0.0.225	Malware
2022-12-02	medium	samosapis.ru/wp-content/plugins/custom-rating/public/css/custom-rating-public.css?ver=2.6.0	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3	Malware
2022-12-02	medium	samosapis.ru/wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0	Malware
2022-12-02	medium	samosapis.ru/wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/js/main.js?ver=0.16	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/js/jquery-3.6.0.min.js	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/libs/swiper/js/swiper.min.js	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/images/to_top_1.svg	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/images/icons/search-icon.svg	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/images/icons/search-icon-a.svg	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Bold.ttf	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Medium.ttf	Malware
2022-12-02	medium	samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Regular.ttf	Malware
2022-12-02	medium	samosapis.ru/wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	samosapis.ru/wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5	2.8 kB	2023-03-07	2024-05-06
Pretty URL samosapis.ru/wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5 IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15:34 Last Seen2024-05-06 15:16:27 Times Seen257 Hash 1f6da197c574e35c4ff0357736293856 99632675e1320d3a25e25ec5b7b93472e1ee89a0 319c898e8248fd610b8d4cae1419b2ad5b519319609795743cfc41c72a7c7ca6 Loading...

	samosapis.ru/	1.5 kB	2023-03-08	2023-03-08
Pretty URL samosapis.ru/ IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-03-08 19:40:30 Times Seen1 Hash 687dbcdb4e43f9669ad7c78761a8fefb f6ef8a4cad6a46343f9bdd158eb511b1a302bc14 7e10a219346ca7cbf69b32f924925150cf4ac7c2620a33a42db2739198b3a5bf Loading...

	samosapis.ru/wp-content/themes/4634/libs/loadmore-nojQuery/loadmore.min.js?ver=0.12	797 B	2023-03-08	2023-05-21
Pretty URL samosapis.ru/wp-content/themes/4634/libs/loadmore-nojQuery/loadmore.min.js?ver=0.12 IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-05-21 13:37:47 Times Seen3 Hash 47c5584bf5821e48809ce99514a734da bdc5bb795ccc970c5f7af72967c3e5dbb934cb5d 1e7d8bbd4f178f11e9b2d221a0c5dd8d6fe31955ff4117b9aa3d02117af9e8a5 Loading...

	samosapis.ru/	185 B	2023-03-08	2023-03-08
Pretty URL samosapis.ru/ IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-03-08 19:40:30 Times Seen1 Hash 148594aa3592f0fd9eb35aff6c21e9dd 5e0bdb44ed2abb72a068c8651403719389e5197b 8da5b42ccad0b4695ea600aa050ab8be76cd0454ed0b0e501d822997c2a50f92 Loading...

	samosapis.ru/wp-content/themes/4634/js/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-10
Pretty URL samosapis.ru/wp-content/themes/4634/js/jquery-3.6.0.min.js IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:21 Last Seen2024-05-10 19:16:17 Times Seen6104 Hash 3e4bb227fb55271bfe9c9d4a09147bd8 156837f75f6600ccb602b4efcbd393636c33f35e ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127 Loading...

	samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12	100 kB	2023-03-08	2023-05-21
Pretty URL samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12 IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-05-21 13:37:47 Times Seen3 Hash 976336884973876959405156eceb8518 4cee8bab31f09bf7dfd2a42679fbafa19aa25073 e691dda7e3cdd29026f33a3cfa959b1d7a497868dcc9d705bfb1748c09fbf08e Loading...

	samosapis.ru/wp-content/themes/4634/libs/swiper/js/swiper.min.js	128 kB	2023-03-07	2024-05-10
Pretty URL samosapis.ru/wp-content/themes/4634/libs/swiper/js/swiper.min.js IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:30 Last Seen2024-05-10 14:00:44 Times Seen3328 Hash 53fc0155c6c3cb55f34b749325ebb370 a0738b4767a38b90e17792041d648ed621dab2ae b9c90c601bc81ad71ed8be557ff9b095de5aae947926e84011e2728cf65250a6 Loading...

	samosapis.ru/wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js	4.1 kB	2023-03-07	2024-02-05
Pretty URL samosapis.ru/wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:22 Last Seen2024-02-05 05:49:06 Times Seen120 Hash 5e45763aea8c147b1061c888351b992e d5ee5230a8c3462737998ea41a9f271682b1f630 09200cde8656d4bc2ddfaf543bf73c99c43b10b974b5ef6cb5de63360204a6d9 Loading...

	samosapis.ru/wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0	8.8 kB	2023-03-08	2023-12-23
Pretty URL samosapis.ru/wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0 IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:55:21 Last Seen2023-12-23 21:26:55 Times Seen31 Hash 8050116989950c425604b4fc1a7b2964 1978febe4ee70574fb3adb10ff5f870286a49e14 886d7b8d8772ee7f68839e83d9d166a9a9f3d309f6fdb381a491bb81705a9771 Loading...

	samosapis.ru/	102 B	2023-03-08	2023-03-08
Pretty URL samosapis.ru/ IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-03-08 14:36:20 Times Seen1 Hash 562fee5db348ad4908ea9d44898714bb dc24dba19d708ac924a16e874735f94533ff58d6 7e07b733145c861b471fc2a364ac97bbcc66569f9d354260dfadca974ac51e5e Loading...

	samosapis.ru/wp-content/themes/4634/js/main.js?ver=0.16	14 kB	2023-03-08	2023-05-21
Pretty URL samosapis.ru/wp-content/themes/4634/js/main.js?ver=0.16 IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-05-21 13:37:47 Times Seen3 Hash e1e20a533ed7ab5e4de198ddfa8f52c0 4bfd6ea8dc0a8301213b9c5dd19991fbdc184e3a 94b828b92307060672fa96c21ebf26f24edc673d4601958b5e02732514da18ed Loading...

	samosapis.ru/	133 B	2023-03-08	2023-03-08
Pretty URL samosapis.ru/ IP 172.67.143.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:20 Last Seen2023-03-08 14:36:20 Times Seen1 Hash ed7681141244af8216b0a5e4b8eaaa1d 42e9f03809b26ea4a1c7f35525873c629b454eb5 9f22eb09b0904abcd16de7cac7b5880776087a7146ee970375aaaff7cb6f5d4d Loading...

HTTP Transactions (48)

URL IP Response Size

samosapis.ru/

172.67.143.65

200 OK

17 kB

URL HTTP/1.1
samosapis.ru/
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805), with CRLF, LF line terminators
Size
17 kB (17386 bytes)
Hash
64f621d57679b8d613de39b00408b218
b291baa26e0f40bcf6efe6879d4c65887038d949
64b23d1a293e69df6be045f08ca5b780a7857eeef225ac867ae7c02964cb8037

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
a: 2:{i:0;s:62:"Link: <http://samosapis.ru/wp-json/>; rel="https://api.w.org/"";i:1;s:91:"Link: <http://samosapis.ru/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json"";}
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTMHyVHXost9LcfcgmgZ6Z6zsp4scJ5HIxTILcK56IWfPLRiisYfbo1ZefhEwLmExAYcaueiinOmJ50MLfJgH8rtZb5WjEWyLSPPZsa7vKP3qcGVLvP6%2Bp4L%2FPe1OCM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77336efd8b18b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3997
Expires: Fri, 02 Dec 2022 11:45:09 GMT
Date: Fri, 02 Dec 2022 10:38:32 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3997
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 10:38:32 GMT
Last-Modified: Fri, 02 Dec 2022 09:31:55 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9074
Expires: Fri, 02 Dec 2022 13:09:46 GMT
Date: Fri, 02 Dec 2022 10:38:32 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 10:19:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1117
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Sn5X/OBIz3ebCTTGdnbqQ5nvfZ0SApX/X+Wgehz/PCEtS3RAiIFf4Zp2be43AyybWT5Ysw/F5BQ=
x-amz-request-id: VD4SYWCX37Z2YQR8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 09:46:04 GMT
age: 3148
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 10:38:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

samosapis.ru/wp-content/themes/4634/css/game.css?ver=0.0.225

172.67.143.65

200 OK

1.2 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/css/game.css?ver=0.0.225
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.2 kB (1199 bytes)
Hash
412a23df7e5c0ac778ff0116782bbb61
8200bbf45cd6e6d2790381f4d6c144156ff13733
5fbdeedfd01228d36047d0d8e14215c32f548d9114d1199cfc5e9f9fb6691f6c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/css/game.css?ver=0.0.225 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-3640"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSHPDRejXfoCo41nio27uaZCaOmZmZGp7%2FMUmYknlaGGFTuTFeAFsXmN0260r9Ymv%2FLTZ6vbVl1NGq1fvb%2FIAKUPXnM0vKM%2B7q5vim6enhqPJSR7L4goIOQjXMy5yak%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f0018d00afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.css

172.67.143.65

200 OK

736 B

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.css
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2121)
Size
736 B (736 bytes)
Hash
6c98f899130dbe8d1afa846437a2a036
04446fd0b5de3e013b87eaf9338c78e8b9954add
a83f9ca89d3fc4cea55b11f0f00cbdf9f7411913e8db48c11033e2f939e2c8f3

HTTP Headers

GET /wp-content/themes/4634/libs/tiny-slider/tiny-slider.css HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: W/"63885d71-882"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SK0hRQKU%2FJJUyq1DLvpdl8SXV0ZvKMW3yJtILu4OEdCHZGsPhAe%2F0S%2FcWB5gSBOWlPoG1k2tYxWya0HaC3tPPmwMe3RsshEcwbo8AWuUpc7n8YCE758lRkjwP%2FBQug%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f001fa7b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/plugins/custom-page-cache/public/css/custom-page-cache-public.css?ver=1.3.0

172.67.143.65

200 OK

105 B

URL HTTP/1.1
samosapis.ru/wp-content/plugins/custom-page-cache/public/css/custom-page-cache-public.css?ver=1.3.0
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
105 B (105 bytes)
Hash
db00954ab1d34aed4721e781a9363feb
2aeddaf6c7b8bae7525974e3f627c9e4aeb021a6
539d9b96870c22ccaf0465b154e95faff2da03d1437050027ccd19ca269338cc

HTTP Headers

GET /wp-content/plugins/custom-page-cache/public/css/custom-page-cache-public.css?ver=1.3.0 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:25 GMT
ETag: W/"63885d39-62"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFNuf1K546x6YYKAhVIrBDA0bqcJiZd9fTCBQ%2BJhVMKs0vLojBT5IoIcvlS0NFok81RWbKJUMQ5qiEBVSVkpVK7%2FJNJBv9Y1nkVWCLHegcEun%2FTA%2FDbMeiZaRyO6V7s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f002ae5b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/plugins/custom-rating/public/css/custom-rating-public.css?ver=2.6.0

172.67.143.65

200 OK

671 B

URL HTTP/1.1
samosapis.ru/wp-content/plugins/custom-rating/public/css/custom-rating-public.css?ver=2.6.0
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2361), with no line terminators
Size
671 B (671 bytes)
Hash
fafc2e38e62e6f8a0b68c0c1de9d93b4
5929412200ffdf4edbc97518cc3533f9c8dd62b1
1b9c8fcaa5ad8f36497bbce9407ab85e4e24272f2fc389cc6cf2da0a99ab5ad4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/custom-rating/public/css/custom-rating-public.css?ver=2.6.0 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:51:03 GMT
ETag: W/"63885ce7-939"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gd2eQ3jFnh3gJfoGMY7ajHlamSq%2FqOIeov46I6JqUdOjptYNVHzzBjpci9kN3HeCp7vDNRsb7f6ZpDZ1RjqNQh5MuvjOswaXngR%2FAKz8v%2BI%2FY5hnWvP115QgIMTgxdY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f002a741c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/libs/swiper/css/swiper.min.css

172.67.143.65

200 OK

3.0 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/libs/swiper/css/swiper.min.css
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (19512)
Size
3.0 kB (3029 bytes)
Hash
2ab12c715409612f10004dc3c2fa494e
494254a4748015ec3f82ce4719199f79d01f1dbe
4bb5f423e537b46027fbe5b2a95de0ba9713af5fc1ead7250231d0e9ce1759c0

HTTP Headers

GET /wp-content/themes/4634/libs/swiper/css/swiper.min.css HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-4d42"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wwNWf0yABfyK0Qvw0980PzuiZ6aoaRHiUbL2pCv1s6TXCL0Frg8fh5jiUYUvLYoWTh%2BJrKLKj6dDeC4SHQZNSO1fdBqcSpUCNTNxxGCvij7xEys69foUz%2FRoAZFe3k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f002f68b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

172.67.143.65

200 OK

7.9 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (50700), with no line terminators
Size
7.9 kB (7923 bytes)
Hash
a7c68e2d8741e13c50ea902559fd119e
b5033af6c4d7053188b732b33208b4019eca4316
b0744bce918be4873c0faf57a4e11579cef49bef0bd2265027d92f5e6fbc43a8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/css/style.css?ver=0.0.3 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: W/"63885d71-c60c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCuv08GaSbT%2B47BtCsE3I1gvDE0mTqpv0lpEErusZThVrCo3fNsfWt1E3qfgfyWcgEYNnmrxSFTzKq2NvNSEysFEOlCBaCPatdRtmV4rlw1C2ETHvxWHSOCL7%2BdW6Sk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f001de5b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0

172.67.143.65

200 OK

2.4 kB

URL HTTP/1.1
samosapis.ru/wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.4 kB (2440 bytes)
Hash
f399ee7c0cbd887f9c5f14718bf05a2d
26708d5f7ff4a9aee872f51d4927de56e1510e0e
460dc82c8a990b74a6d9454c1f60eb3110384090ea4438c246469237c1f77146

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/custom-rating/public/js/custom-rating-public.js?ver=2.6.0 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:51:03 GMT
ETag: W/"63885ce7-225b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IKnkjlY5fhMIV2QKhXyBqDb%2F2tdtwFNa4WYdROQ6qVR50l%2FtpTRdclufQ2mLAD%2FhTpVEf9iLLe%2FC8BTRkpuPcfkDapzTZBCYss0h%2BX4V9Ub3QzHgfHGOChOG7Kq68Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f0089520afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/libs/loadmore-nojQuery/loadmore.min.js?ver=0.12

172.67.143.65

200 OK

469 B

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/libs/loadmore-nojQuery/loadmore.min.js?ver=0.12
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (787), with CRLF line terminators
Size
469 B (469 bytes)
Hash
92f2202e8d2ab81163af63c60a181b54
9849c7c84836176c16a6a7f6aa8cbb19eeacf84f
98f79937c5fb34d373728fdc7507f87c07025440cd910c6cc8bee7b29af344e1

HTTP Headers

GET /wp-content/themes/4634/libs/loadmore-nojQuery/loadmore.min.js?ver=0.12 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-31d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2pdC3QAavcR3aCKA9RV6qTCEggbyJadUtQBZ0GaH79hv39F33ylMsc31233VUS2Tfn%2B8CyMEfFjOidcL%2B%2BjutsFsx%2F2i2EXuB7%2Bt2SWXKZZKwPoJIzpkA0aWbK%2BYiY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f00affeb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5

172.67.143.65

200 OK

932 B

URL HTTP/1.1
samosapis.ru/wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
932 B (932 bytes)
Hash
05d8599438029a5ddb368243aceca7a9
a1658d5504ce80d3e0ca1b97ab158475d1cd1a58
5f474a14724e371fc24ac984b3bfd7924d46cc5d2af2affeffb2c955ef50705f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/custom-redirect-manager/front/assets/js/main.js?ver=3.7.5 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:26 GMT
ETag: W/"63885d3a-ae1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BIXZlvOAcFjBDBQoSR5OHrFLAFqdZh39JtLOlPk62I%2F3VERJotSHcUg9LPSVSWb5iZd8V%2FZ36L2xuRyDsDuqCNUwnfvzfFwKhed8YLjwdDWhGxEPJBZKS8Gl53neI0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f00e9ea0afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/js/main.js?ver=0.16

172.67.143.65

200 OK

2.6 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/js/main.js?ver=0.16
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4226), with CRLF line terminators
Size
2.6 kB (2613 bytes)
Hash
92f3be1bce9ec9421b87a4ef1335080f
5f097665892c1d803f361855986544aeb8ec1a38
455e5f4c630bf0058aa7351305f12e9df7107a6c3f0dfa0265b3398bdca00fbd

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/js/main.js?ver=0.16 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-35cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lh6g6sIhqyh6%2BBA8d6qpr%2Fxs3jbdnPN97MBfh8eJ62N%2F8anHJcaTgnEgrGKGQqvDPpMurqR6suYcVV79NLYJOqBK5StOxvFFgpQB7DB79WCJuwAamn92KfCu5%2F4%2FnyA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f00ceecb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/js/jquery-3.6.0.min.js

172.67.143.65

200 OK

31 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/js/jquery-3.6.0.min.js
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65446), with CRLF line terminators
Size
31 kB (30895 bytes)
Hash
b0d75b37c89004a96239b1c26a93d437
31a6796d28618abbced5c449dcace05116513b96
7fc1c5fc56b85d4041e4be95c2faa55d465ed736af0f53f49de3bfe35cee751b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/js/jquery-3.6.0.min.js HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: W/"63885d71-15d9d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Egh32KNwrqelGNc0kkggW8FDnGMjPFxTLpT991qy1qME%2BY78xPz4VIUCkP3mmo03ACwFg7MKfkannm4KSfZExBanBxw2se4Te3dvPvOtdhd34FN7Kr7mT0mrVYoa3%2BY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f00884bb529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12

172.67.143.65

200 OK

24 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1714)
Size
24 kB (23879 bytes)
Hash
bd85070b32ca33eaf343a79003fccca9
e481f836d66b962119805a3ab46e04b54a0e0eac
704d953df3777749bb0aa64a4794443a664bd299961c75e76527ddfe362cdac5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/libs/tiny-slider/tiny-slider.js?ver=0.12 HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: W/"63885d71-18647"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeYI89hGjn2Zpncpq3QW4ZKroGIUq1dBjbP4m7baoU2qS%2Fymla02ZKpl%2FH7DW3HakGUlVDnWQd1t7h9v023JFbpeC2kGymrfqFo73Q2g2Vsa%2BtK%2B8GBtU1dhkbYNres%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f009b8cb4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/uploads/sites/4634/logo-2.png

172.67.143.65

200 OK

8.6 kB

URL HTTP/1.1
samosapis.ru/wp-content/uploads/sites/4634/logo-2.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 310 x 86, 8-bit colormap, non-interlaced\012- data
Size
8.6 kB (8557 bytes)
Hash
2b388cdf667a9803e4f59fe9f49f338d
855de682efbfb657c3258e8ccca4d4085b152edd
64a8f77d3790ca32cabfc4f7d714afeaaff68cc85ac2221e8c52a3e3a700884f

HTTP Headers

GET /wp-content/uploads/sites/4634/logo-2.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 8557
Connection: keep-alive
Last-Modified: Thu, 21 Oct 2021 09:33:22 GMT
ETag: "617133e2-216d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=esayOcQEIuxhBGpW4urmhPeIJYwHOlXybgAS7oJpluSF0eFZgq3W6F%2FdprkCg%2FgrIeffWt6mb0q1zcWHDj1shhaxdw0op6ZAakHdyRZ3H6lpycO84Q1N5uBL9ThyY0I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f011879b4fa-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/libs/swiper/js/swiper.min.js

172.67.143.65

200 OK

33 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/libs/swiper/js/swiper.min.js
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65270)
Size
33 kB (33233 bytes)
Hash
0917d2db8d9d552ed9c75b2f8ce83aaf
8ab2d2717766a287b142cee6fa5a6b92ff055aba
a1517b4848598cb8c85fd258effc64e1f74384343a8898e3364453bba7db94b8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/libs/swiper/js/swiper.min.js HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-1f3be"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=boRx%2BKP%2FXIrogkPUlWs2MFSTCymkWnOykP0BrMOv3EMmlgttLxLzX2nlyR21nwBmFs1AAk6FZ3zfCXBMiiq5q06i%2FQwU1sAsan6wAUG4X0YYzv7jx2Gj6lFbEiLseMU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f009ae11c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/Russia.png

172.67.143.65

200 OK

1.4 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/Russia.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1424 bytes)
Hash
23ccc975ac5ad34961f8c2ff36713285
961650c3764fb0fcf2c84460557074ff6e0ce9d3
2b71bab06c7e173d0503c6b494c5cbfcc5501372dc9fba153dee608811393530

HTTP Headers

GET /wp-content/themes/4634/images/Russia.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 1424
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: "63885d71-590"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlWMwW%2FBxk2G49yzL6Uke5n4BEsu0d%2BL5aNhZkwEH4KVn9g7Gbr9Zwb0CL7lLE3ZrEb4i4cpnxhjxQS70uw23rTtzIi2LaFg849e2V3YHvuISFoCe4II1ESCB7w2Frs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f012a270afe-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/Ukraine.png

172.67.143.65

200 OK

2.2 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/Ukraine.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2150 bytes)
Hash
b4a47fe534f49e0e738688ebf694af92
3aaebb7bc662fe482ee2af67fa2e76e676e43ae7
f2eb8193640eaacd3c2c383606022106f532bc767ffefbe980c4546b2c316612

HTTP Headers

GET /wp-content/themes/4634/images/Ukraine.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 2150
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: "63885d21-866"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdbOuYzLOl4ZQM7ED%2BaSlvJhUqYliCNhLt89MgBZfi7xAzxGaN72xJIcQUN2Og22V5BNJfs7udqlDYwP4%2FtG1f8cIB2j98md0JoxyPAsu4vtdOxz6Lt7tFAh%2Fx6K4ZM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f012f47b527-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/begambleaware.png

172.67.143.65

200 OK

4.2 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/begambleaware.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 534 x 54, 8-bit colormap, non-interlaced\012- data
Size
4.2 kB (4242 bytes)
Hash
61142d5259bb073e48a075805f9446d6
41ee0b4a7d4f6ff3b3d077f193f26a75870b164c
a978e3d75a34fa28047cd65dfa9082696f75379a4a6d5f5b8581cb81fdd40f1b

HTTP Headers

GET /wp-content/themes/4634/images/begambleaware.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 4242
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: "63885d71-1092"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VIuK3XwYsEYnFUc7f9IAEgtCBvAnedD%2FFiGWUL5doDQrmc1wbAdkbCfF9JDPldbv3hkw3oT5RvSS6hzXAI1qXsCLJkxuQC0Qhfihwg2kdLl9w5KWFaMwtJm15OoF0dk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f013914b529-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/to_top_1.svg

172.67.143.65

200 OK

1.8 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/to_top_1.svg
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1349)
Size
1.8 kB (1816 bytes)
Hash
3d12ba2885b952736867eb52088b6b25
26dc12bc408f01b11c161ce3f919dc04e888579f
925eb9fa1be90c7a97330d61e0ca5641305a44eda12f24e65d32d1521ab85528

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/images/to_top_1.svg HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-f1f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xRAMrrVljHCSxQey7vy%2FWWOB5QbC%2BPv9xzBTE9fXC3OG7E3M0CIJpGdSymolAovWsDyPvNSeF25grZcTWzZ7Z3sPgOrhiLyh82sFOH1CNEnUS7uaDBYNraZxMdxhptU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f014c75b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/icons/search-icon.svg

172.67.143.65

200 OK

334 B

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/icons/search-icon.svg
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (611)
Size
334 B (334 bytes)
Hash
86cbdb74d24acd2c97b9f8c7668b1a99
869dc3e736db83a4a7a9cd37786417684c84b89b
a82f913ffb659dd6f11eec3cc0f2832412b37c3091d2d0a715b3ba8fca769699

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/images/icons/search-icon.svg HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: W/"63885d71-2cb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OD75f91dI69VumoB0AcFeAqY5jahA5CPetNvOg54K2jF49DpPQ4hFC7Vcr5FTcpSIXtxhN07fDBP3AqZLpFgillG8uKr6yayfWInZphQy2v%2F735eypbky05HGayJu%2Fs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f016ba71c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/icons/search-icon-a.svg

172.67.143.65

200 OK

335 B

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/icons/search-icon-a.svg
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (611)
Size
335 B (335 bytes)
Hash
17198c202215a1f2ce8aa830ab80c22c
e703e2c05e93dfbf25ceeeb98c2d2b8cbcf51833
3b39338f425921b85f8c2a441d8608af4012afd821540c7fe62f1713ad95e84e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/images/icons/search-icon-a.svg HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: W/"63885d21-2cb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHqx6hqADVlCQoXwW1OrnUvv3L61k9EwW0rj683yIxszgKGYGXwnQdJX6dfa4DBlKgpeY0SC1GYWwJGJqfey%2BR%2FUSaO2MajIARgtnv%2FtHO15jry4DWojsBjeve4Be5k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f0168f2b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/images/pay-images-min.png

172.67.143.65

200 OK

9.1 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/images/pay-images-min.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1036 x 39, 8-bit colormap, non-interlaced\012- data
Size
9.1 kB (9096 bytes)
Hash
7cbb54e12b454f5a93a2ef5f0df62d20
4fdc31a0a2af2c6cf42ea15b7bbd1a6b6c50ea47
46eea491d3eb17e138cdb51b8d84875a2b4ca2b9213acac6d1f30e1a4135d3ee

HTTP Headers

GET /wp-content/themes/4634/images/pay-images-min.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 9096
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: "63885d71-2388"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6iJ36XMajz6uLmovOe6T2ho778MK8vMfmaTF1B%2FJbVBuaTbElBioGbuFEi1hZhqTVDT6YqbCxxyhUmrcR%2BSeKwzHBq8onsY1yEIwpyVq8GRxzNe7DNOeelhg3RVKR4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f01bd18b4ed-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Bold.ttf

172.67.143.65

200 OK

170 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Bold.ttf
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size
170 kB (170064 bytes)
Hash
7c18188784f21915f42a5b3bc9d91e20
cc6475f739a24f3a0a4da47addd854d097fead7e
a073f449858a3f0389b2378c8a7c6011bc37065c9147e661b33bbe8180a53150

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/fonts/Roboto/Roboto-Bold.ttf HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/octet-stream
Content-Length: 170064
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: "63885d21-29850"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1uwXq%2Bdv9DAfChYgWJn4oWHoE6HGy8yd73kI3%2BXKPgbh6SmIRNtvaWzyAav38RJQBZai5lnN%2FWA09lYa5Rrsn9tWv8jnpboI6e2M4LGB9JXM6f4EPBOSJufes3dnGnA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f018af90afe-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Medium.ttf

172.67.143.65

200 OK

171 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Medium.ttf
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med\012- data
Size
171 kB (171320 bytes)
Hash
d52f011be65b281ba8ca1c3f689cf133
ee5679760e12095e4bfbeffe525e51625fdf5a93
176e8a248c20794bff8b040ab7797c151eea019e6a2b301c9f850897e6bc14f3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/fonts/Roboto/Roboto-Medium.ttf HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/octet-stream
Content-Length: 171320
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:53:21 GMT
ETag: "63885d71-29d38"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KkGj%2FEuR9FjcRKj44S%2Bdugdcrwx%2Br5dlhhmVWycUojrqPtfe11xzsw9dIN37t08HAu7S7elNyN1z%2BfOHg2sF2eVE0U1zIivTtuYy0nHYw%2BeBv1tSuAlYxfxcKGpv%2BgY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f018fa3b527-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Regular.ttf

172.67.143.65

200 OK

171 kB

URL HTTP/1.1
samosapis.ru/wp-content/themes/4634/fonts/Roboto/Roboto-Regular.ttf
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt\012- data
Size
171 kB (170984 bytes)
Hash
18d44f79b3979ec168862093208c6d7d
cca06f9de4844f45a2e0af1501b64f317078b3b0
9e79eaebefe9cb1188defba9413ad6d383cff1f0b4334f0b878634648fb70322

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/4634/fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/wp-content/themes/4634/css/style.css?ver=0.0.3

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/octet-stream
Content-Length: 170984
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:52:01 GMT
ETag: "63885d21-29be8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGqig762DKM%2BsIHyWkbyfAG%2Bej80f1X%2BfP0qD2vnfK6d5nYQBnIMSlCesQiXfHSj5MM58btyxvm%2BWAjQwmwuJeOV3GMJOqgFKVl5Q8YDlngeV%2FvljTSYXlxixI%2Fa8Yk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f019986b529-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js

172.67.143.65

200 OK

1.6 kB

URL HTTP/1.1
samosapis.ru/wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4058), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
4d84a3594141973b03038bc72b0a3087
0ad648edeaf65d77ed0b2c8a6918fb2c26d58aaa
ecec02e9945c99897f4711b8f7dd1b43274070a5b39380dd1588e1fd7e5b9908

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/rocket-lazy-load/assets/js/lazyload-10.11.1.min.js HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 07:51:03 GMT
ETag: W/"63885ce7-fda"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2FJQhtq1AN6pwyEWbmvns9ku9tjgDsBZMczRljvS61wb5Rml9rNGW3ootSR3ZF%2FCxfB7sdDlsiHT4SCUDYsWn9eyBIS1%2FKvR2Ga1yx6eoAuS8jV9NCVDRi4MmlFotcc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f026c6a1c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/uploads/sites/4634/cropped-favicon-32x32.png

172.67.143.65

200 OK

914 B

URL HTTP/1.1
samosapis.ru/wp-content/uploads/sites/4634/cropped-favicon-32x32.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
914 B (914 bytes)
Hash
6d0e0614ba1afc738e80061abc504bb5
d53e29829df8f91d0f5a5108394baf6f29eab5b9
5929beff96608bcad03b2aaed9b85921324dd837f6c22e68fa6a633c193e0db4

HTTP Headers

GET /wp-content/uploads/sites/4634/cropped-favicon-32x32.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 914
Connection: keep-alive
Last-Modified: Wed, 12 Oct 2022 12:00:00 GMT
ETag: "6346ac40-392"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vj0udM%2BiLx8xC5AFgLpvk2rULi6qOMXv%2BvZ24071jebNQS%2FU7fXLrxd3DooIazWCO8tZzYwsWwgiMczlavng8C%2FqiTJsiO2UKMC%2BUkA5GQ%2FqBagXqiQAyW%2FIQJ9%2FMtc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f02dc1b0afe-OSL
alt-svc: h2=":443"; ma=60

samosapis.ru/wp-content/uploads/sites/4634/cropped-favicon-192x192.png

172.67.143.65

200 OK

6.2 kB

URL HTTP/1.1
samosapis.ru/wp-content/uploads/sites/4634/cropped-favicon-192x192.png
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6195 bytes)
Hash
b13c0954cb59d521d03b2ee188549924
0bc5f187b044aa0a6d991e723b4d27a4dfe75063
5e5878cee7c0c7078b87fd4a78c11ce8c54c99ba04d3e8ae27802c126da90e4c

HTTP Headers

GET /wp-content/uploads/sites/4634/cropped-favicon-192x192.png HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/png
Content-Length: 6195
Connection: keep-alive
Last-Modified: Wed, 12 Oct 2022 12:00:00 GMT
ETag: "6346ac40-1833"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UaUwyX2FDFAHvXUA2NHO7vdFEoFY4DGo6Rx0Nfl4qLSxNrT0veBosR0Nzv7ORg%2F8Y5hSWHKTNRQ6Hyf09c9s%2BkGD5ilkR2tjZWM8IFOTLPikQJTB208QVl8pbP9VW04%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f02dad7b529-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 10:11:15 GMT
cache-control: public,max-age=3600
age: 1638
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

samosapis.ru/wp-content/uploads/sites/4634/kazino-CHempion-oficzialnyj-sajt.jpg

172.67.143.65

200 OK

103 kB

URL HTTP/1.1
samosapis.ru/wp-content/uploads/sites/4634/kazino-CHempion-oficzialnyj-sajt.jpg
IP
172.67.143.65:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1583x808, components 3\012- data
Size
103 kB (102807 bytes)
Hash
7b28d83a228f9444a9977db6ec28d83b
ec9c1288780c977a67503f0765473d00eea34f3a
3e3d1a7c670bcfee17d5b675a2e845bb46131e17487a9002425d178f24e2f388

HTTP Headers

GET /wp-content/uploads/sites/4634/kazino-CHempion-oficzialnyj-sajt.jpg HTTP/1.1
Host: samosapis.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://samosapis.ru/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 10:38:33 GMT
Content-Type: image/jpeg
Content-Length: 102807
Connection: keep-alive
Last-Modified: Thu, 21 Oct 2021 09:33:22 GMT
ETag: "617133e2-19197"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxC%2FdEmV%2F2h6kLGWQHkTeZItUjggP8o1H40hf7QwN7moafU7a6Myle3zxk%2B7TYP%2FVEouBels2x5Iv1BALpspt9E3dAoJcFgc0puRuKUc8oJrG3kg3aYiRCPb1EtRvTk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77336f031d091c02-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3989
Cache-Control: max-age=171290
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 10:38:33 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:13:23 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.218.164.174

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.218.164.174:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: USLQiYaCyXTcf2SHmElDBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Hta45PUTk7W8vRK5rHYtkkzzEbE=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10457
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 10:38:35 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10457
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 10:38:35 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10457
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 10:38:35 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10457
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 10:38:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 16667
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8863 bytes)
Hash
156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:21:56 GMT
age: 76599
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15495 bytes)
Hash
82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KnOx0PJ8BR9OoAzXfuWk_Je_yawqzY4isC0hYTZRvJ74YiVs8jqyIQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:25:42 GMT
age: 43973
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 46119
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb8ec880-52b8-4350-bb47-d051878e78f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6882 bytes)
Hash
25c68d8b1fae82820f93efca500fd848
45cf5e1a54ee491497ffe08a8e39fe97ba3c8a48
f0ec6b6f6ba0a931c9b71f5bc7ad1e5b89c8e4d8b7441f35eeebfba418d0e588

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb8ec880-52b8-4350-bb47-d051878e78f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6882
x-amzn-requestid: 6b5f15a5-c15b-46bf-9fd5-5d013d37a0eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGfrG3WIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891dfd-6038ca700dfb4489230c2683;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2O6x-8-ESFDtlhcjVyGxEXCZcLbbfhsCVQeX02lbNMupPWmM-fKuLA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:54 GMT
age: 47021
etag: "45cf5e1a54ee491497ffe08a8e39fe97ba3c8a48"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7334 bytes)
Hash
498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 44937
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations