r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14163
Expires: Tue, 29 Nov 2022 18:53:09 GMT
Date: Tue, 29 Nov 2022 14:57:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6340
Cache-Control: max-age=163185
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 14:57:06 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 12:16:51 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3925
Expires: Tue, 29 Nov 2022 16:02:31 GMT
Date: Tue, 29 Nov 2022 14:57:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 14:17:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2351
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MKwVvO+HzYvd4wxY7+AcI08tKfhCWs0tlTNP9nwzrlMf2Ea89M5m7YQzeHoiFxiTt9S61r85tUs=
x-amz-request-id: AP85G76FST1BFM9W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 14:45:30 GMT
age: 696
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 14:57:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
scamynpresrighrode.cf/ru/lukoil-bonus/
104.21.65.160200 OK 3.7 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/
IP 104.21.65.160:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash ae5478b050c704bc5a8c547cf0819699
25c273c6afeaf4563706f935a1e59539ca19245f
cdb5045da2d280379fc73eb6145356cc4f1d997249b332b0da24dcab3b3863f7
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/ HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zl4nPpIwCX3g%2FBR5aujOK%2BYCp4waz2ZCdyvhIzMBdFfHkWAUkZww8hoq5ocTBkM%2BIGKLnqt0c3uhyNgWkUAKY3jmTmCWkcZfoSN%2FzLEJ8XhsLbrVAvy7Sg43l6YurY0g%2FEHjjhzUrls%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 771c319ccc29b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 14:11:13 GMT
cache-control: public,max-age=3600
age: 2753
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2239
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 14:57:07 GMT
Last-Modified: Tue, 29 Nov 2022 14:19:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
scamynpresrighrode.cf/ru/lukoil-bonus/static/js/jquery.mask.min.js
104.21.65.160200 OK 3.1 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/js/jquery.mask.min.js
IP 104.21.65.160:0
File type ASCII text, with very long lines (526)
Hash 445f55b06dc35829f9b61ea8202e4e83
69c7f7f2e7dbd910cd90ed4b24586845c5d900f4
b1cc691b4b01170a047f39ae8a8aa51ece690592266a4c51aba755f47a78806d
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/js/jquery.mask.min.js HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-1cfc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9S0xIWTq6kC3WBtHoRYl14oMXwy1pHWcowy371Pi5RuMw6uYPSvxYdXVpYA7HO64cTdOzPx08%2F5i%2FzqhPpKBSQ%2BkCRu9pAtt5iizjQLR60XHLio1uDRS8fhxEmlioRiDnuuCGn82lk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a21a87b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/js/main.js
104.21.65.160200 OK 3.2 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/js/main.js
IP 104.21.65.160:0
File type Unicode text, UTF-8 text, with very long lines (310)
Hash 7ba9a41872393c61dde9f67902c81827
e0bae6707a6a87376d29ee0aa873148ea01cf816
02b173a5ba8f9ebe13a9cab9a34f549451d37b22dd5a882b7210ca7e5f36f710
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/js/main.js HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:46 GMT
ETag: W/"5ee2444e-2923"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Ch9lK2ouhrAyvzgj6J%2Fsg1wTRz5VqRUnZ8Ze0dezNIn3VQcu2O8vTDC0U88DlmSzhAtKB6APODu3yfocQtLG25d%2B0Y42lyEr5RImvqVl0%2FwM8bLk1HjKmLsWjaJT9Z2diVptKB4C0I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a21a80b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
35.162.125.72101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.125.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +KpieXgBUTNtbwmN4Xdp3Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Vl2MgK+yLoMTFlPoHefEmUnaXbE=
scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
104.21.65.160200 OK 5.1 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
IP 104.21.65.160:0
Hash fa7bc4728d98ea486e50af2f36e8452d
01b7ff46af6632e88c5c1fc698cf0dbdfcaf4257
de99e085b7779bde912ac1a5eef0d70d6488a9973c45291d40ce7f8d212895e0
GET /ru/lukoil-bonus/static/css/main.css HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:42 GMT
ETag: W/"5ee2444a-741c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U068FA1OgmoFbDTval7Nm6kZ6D6%2ByaPx%2BcQ6%2FkUcU89N9BDoguikDNCSlRSZKCjtvmJ18pqAuW%2BpGqXipJAN4%2FA1ut4XA7Gr1a0MdpZz8M%2FvYX%2FEmSma9QEIgiPYJINuhH87vhVxqJU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a108eab515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/js/comments.js
104.21.65.160200 OK 5.0 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/js/comments.js
IP 104.21.65.160:0
Hash eaacac81ff90cd124dd9c534942095a2
7f1ec6acd99ff35dc1d34c35fbd5c0e214789168
29a42f5b14c30bbc85b5ad2fbef0710464cdae60f2ce26cc256b22a0a0bad3e5
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/js/comments.js HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-46eb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BjNy7QePzPgR41LHIYdUdCd1wGrFUEjkavtf71WLjpXaji3jbRv8MLJKcvc6RKrjnEyoyi0RzBld7SBuydpSppqOXB6CINRq0%2FFMq69UQqmA3eWJdfjbBzvx1bV7%2F1Yt%2B6CWj8TbZA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a21be0b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/js/jquery.js
104.21.65.160200 OK 31 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/js/jquery.js
IP 104.21.65.160:0
File type ASCII text, with very long lines (65451)
Hash 176e4a2e6e7128bda339fb357f1ff5a9
bfccc14b2f09fd6e743ad7342f075969d284d665
ff9ca68f99f59799e93c455b61602f7e977f260dca389bc1c9b03740872504b2
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/js/jquery.js HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-15d83"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jn5o6Xca6DEG8sHRsJymqsWms%2FPdnFlNWdzdzy1vu9ZK8sDbDTRjAlkwQiOnCEKi5rjgUE%2FobPuu%2B5LROGAifcNLJHOD%2F3VSYCvdz6nVNkko54f1MJTx24wBzE%2FRT2uH5RZPFxRlSOY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a21bdcb4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/css/vkcomments.css
104.21.65.160200 OK 131 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/css/vkcomments.css
IP 104.21.65.160:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 131 kB (131183 bytes)
Hash f90f4295b85e74b8bb46406fb52a1f2b
58bab65e276dfb8a309e30a5a35bc85676fd42b1
f6683b9cf0b2d0b8ddabb5e18a14a75d32403088448cda067022984decbfc105
GET /ru/lukoil-bonus/static/css/vkcomments.css HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: W/"5ee2444b-a38bf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8sbGOIWIz7xV%2BCy0tTZHLH4jB3NgsKOCou3dVYPzYRH3MJ7rFzQF5bCtWRRcLIMMwfGNKT9FwtvH2aqayV3Ys0NzoRlX769rqK0MrfoJWTXyvHjWR5j3YWNQ4Ws3iVSlhHBR0rbPAE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31a10ed7b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4954
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 14:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4954
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 14:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4954
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 14:57:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4954
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 14:57:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 22e7d3e11e78242383e452adb9299016
035a1b4a2a7889787532ec2637d5c21e06daf672
990f18423bafc9cc3daaa1bd1290313b6cb3d3a391f642d01fd6797ad4fc9ca8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3004
x-amzn-requestid: 1e6e228a-fb73-4ed3-881b-6b0e5c8297c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrFRXoAMFUJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-45059338501b45d943d7e08c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rmBhEB-x2sOvI7XfEpZQ0-lXEDWZ4los77q017Im-Lwb32ZLA0Zvcg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:45:15 GMT
age: 36713
etag: "035a1b4a2a7889787532ec2637d5c21e06daf672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 41937
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 17256
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 36438
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 61814
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 60913
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/painting.png
104.21.65.160200 OK 4.3 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/painting.png
IP 104.21.65.160:0
File type PNG image data, 320 x 155, 8-bit/color RGBA, non-interlaced\012- data
Hash 3fd97535c5002e4dc934ae57d2115f39
53a4558cbcad8b2520c5451a0d323f02b5d84d89
ef37e292af47e1fbc9552b9761b0d6ea25e24ba845b85a85233bde6cc78e04fc
GET /ru/lukoil-bonus/static/img/general/painting.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:08 GMT
Content-Type: image/png
Content-Length: 4316
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:52 GMT
ETag: "5ee24454-10dc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2OGVCm%2F4C2LsXhwa%2FJ5r4b%2BUZK0BfqC5AGaf1UeJ6MBNIulhSrdzUMYW%2F1e7qebTnM8GXjmfYbdkZcVfUhBvsHy1cfvK7h9y6w2VCpLJR02VSWiURXxgoR67k8TajR3fNtf8VWESrE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aaec6db4f1-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/director.jpg
104.21.65.160200 OK 37 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/director.jpg
IP 104.21.65.160:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x800, components 3\012- data
Hash 4f7f99d99dffc1c823c97c47299bbb93
aabeb799c4cd5f150339334f8a342299531527fd
66980b944e9be03a6bb2c0eb855884ec6bf5be715b2197dd175f3bd0466918f6
GET /ru/lukoil-bonus/static/img/general/director.jpg HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/jpeg
Content-Length: 37424
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:51 GMT
ETag: "5ee24453-9230"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slyP2v3ikxJFSfFMMO9so7O9hOlsXCtmWYfa2LRATV3z6WnTG5FIGILlwfjpN9S6WsUO6Wb27a3ZmgJ6HxnLQzbyA4sSvXMqr0YUHPSv65WMHhJ0ZAtUbvBkw0Nvzhlyju0%2FIvpUAhs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aae946b4f3-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/100k.png
104.21.65.160200 OK 57 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/100k.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 0344c5b5151db350f46132bfb9bc89e2
f3f9207dae4f58ff146a163cdd891372799f6c70
41b3f25b8f480198fee4e3e7bd665a42388fbb54097082466bd64a5a7f71ef0a
GET /ru/lukoil-bonus/static/img/general/100k.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/png
Content-Length: 57122
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:47:25 GMT
ETag: "61e5817d-df22"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEoNMq0GwJSY3jmezClXUGkiXnu9eFbxoQbnEy%2FTEywsywf%2BL8TGGhQVU4cndw2xScNB%2Fx3duERa5leMkbSdCVl46w%2FpqShD%2Fk5vdiLBmiaM8yZw3dyKO9lzkvtaEUqyVPBRbrXTOgk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aaec93b524-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/20%D0%BA.png
104.21.65.160200 OK 50 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/20%D0%BA.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash ce44b4c4e1f44c417eec386d5f666832
7e89ae9c967ddb8dcce2156a1a13f03417e41039
7e17068d45622b294f8d5347d45fec203de5600b1bf193e55e374309ae2c224c
GET /ru/lukoil-bonus/static/img/general/20%D0%BA.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/png
Content-Length: 50374
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c4c6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGCQTQRExd%2BsTVlhGxnAslaNZDFraI8zfwDpWu71C45H9tgTrUfupcUAfQC0Zx4hZig1iWCIJnw0UKmrLqPRzSXbhDcM2E8LFHkX2%2BCFwPEFqxzGPtcTJxFIu78GEVZAFqeFPa4WCJk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aaee1bb515-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/10%D0%BA.png
104.21.65.160200 OK 50 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/10%D0%BA.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 133cf4c0a3d0e95deb167063be5ee6bd
9fd501826e0d13afc31fba12d4d95c37ce6f5394
3e58a1861befc775173f37d7992600af3cff7b0446b446617d11fa55a02da02e
GET /ru/lukoil-bonus/static/img/general/10%D0%BA.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/png
Content-Length: 50171
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c3fb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfPVmlY5abkpWTNKTkX1oKsWpIq4mA%2BitT7YOdv6BRdlaXY%2BAe1L6o1RFSTH0HRTJsbs7ZZIPVio%2B3DxS95tZdwZqo7cr%2BI9PE9yXNFJp4ZANeMUOGFY2hEQ165akGFvaQGc1qxBu1Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aae945b4f3-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/5%D0%BA.png
104.21.65.160200 OK 50 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/5%D0%BA.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash c24c7f669d72f5c83ee0141dfa8a2988
ae691dd4a522b34a3e70a2465cf8c8022c76bf12
d58da59f15f047e0f2fceab0a440fb2a336e5bfe56d9aadc6df37eba0eda65b9
GET /ru/lukoil-bonus/static/img/general/5%D0%BA.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/png
Content-Length: 49766
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:51 GMT
ETag: "5ee24453-c266"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ger%2Bwy4tn6MxusbG4zBxPzPWjL3tzIelBlqwS9y%2BFsmjJ%2Fz9SYRRxBz86nhRz15osq12EZ3OaLaKZbIPX10jb02tzmiOVIjJ4FEyLWBow0POZFRhZKUUXphzkr1kY97hfj%2F5oVBPhDs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31aaee1ab515-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Geometria.woff
104.21.65.160200 OK 47 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Geometria.woff
IP 104.21.65.160:0
File type Web Open Font Format, TrueType, length 46804, version 0.0\012- data
Hash 5b3095d4d47c44c339c00087e66242d8
4ca09b9930baa2c347992995887d06fe2971efa0
c7714c82617471d1fd838299c9a428b77a1be6189dea1d0fcd5e9c09e4989e05
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/fonts/Geometria.woff HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: application/font-woff
Content-Length: 46804
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-b6d4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WY6%2FMkRNurlS5rh59jyC6PsKdsEXNgkCZLAdmDsjihRAccxroTUhqTInReFsQTeGYnHphVj7LO86YjDNIStBT0bMMrD9gso0UIu7v4kEN6rBa2sP4gAjsbrGyCXjG6%2FvBWmsJYTzXY4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31ae2875b4f1-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/logo.svg
104.21.65.160200 OK 2.3 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/logo.svg
IP 104.21.65.160:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6426), with no line terminators
Hash 1bc699cfcd53aed6ab74f6a398cd9e38
5e137f1726c57a5290eeab7bfee8b854fe0ad081
ba814b16fba33cf64b7e484c5ef714577d6c9f8d7b3e0d2dc4299695ff1df8b7
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/img/general/logo.svg HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:52 GMT
ETag: W/"5ee24454-191a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdogIbjkEsOXuZkRaLJitajunBYjr8HigNNySixUiNhrnk1CzMMMGd2nZ58dcufGWcPvdtrBsWz76jKXYWnWYcyoAD%2F1TPPJQsl7nZB5IrASFr%2FMKH7GJMXe%2BnbbXU2BmjFWbLD20hw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b0cdccb515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/icons/comments_widget.png
104.21.65.160404 Not Found 116 B URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/icons/comments_widget.png
IP 104.21.65.160:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
GET /ru/lukoil-bonus/static/img/icons/comments_widget.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/static/css/vkcomments.css
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 404 Not Found
Date: Tue, 29 Nov 2022 14:57:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zilxBWdy1x9kvn0NL49NGS4Kw6x1St6c38ifz6VNsSP8EJliIWpp18DnXKTHWbP2O0bBBEyPDbcy96FpLSQRoA8xCEyfcOGWknCw0ULMPMxzUqLl3nsqgKkOrgbNqpx8YCDdwB1YqIE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b0c9f1b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Geometria-Medium.woff
104.21.65.160200 OK 47 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Geometria-Medium.woff
IP 104.21.65.160:0
File type Web Open Font Format, TrueType, length 46808, version 0.0\012- data
Hash 31d95d36b9e3eb840c57f2f6caf058e6
a4555b76265cbbeb508aa6077279ad9b8b1d52c5
10a12049c7884bc104e4897672142d76d49a77ab7dc753ede70a4a013caf06ce
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/fonts/Geometria-Medium.woff HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: application/font-woff
Content-Length: 46808
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:42 GMT
ETag: "5ee2444a-b6d8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3oKtg2cezy2o%2BKBbuaqHKtz0N1lQJPb%2FRzo4Cfwuo3XOefj0hRrzIuDnFzbi%2BQb1VfciCYyRvCOfngkBTot5BOhlK329beZ%2BCFEl6KemAupG5xw8n1uniIbXixaBFLc%2FGYCcuTCn8Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b04964b4f3-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Roboto-Light.woff
104.21.65.160200 OK 281 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Roboto-Light.woff
IP 104.21.65.160:0
File type Web Open Font Format, TrueType, length 280972, version 0.0\012- data
Size 281 kB (280972 bytes)
Hash a79ff836df2a73abf2dacb1f1af2d225
2fa057b66d36d990a9e913af36af44f0f78dec04
527e57c2b8c55a00804198df15551bea4ce6a54773c70ce1071cbfdbbf38ce9c
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/fonts/Roboto-Light.woff HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: application/font-woff
Content-Length: 280972
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-4498c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fIpejbMywv%2BarPx%2Fsf5vY7yfEexpX%2BRD5dPUbu9RbKHsNIYVgMWjdCkOmuliyOcV%2BcRHmhEshWsqkKml6I%2BVr9h2RZ1onIItnnAszk7LbYynhWyvS07sphKgDqKnf9afiEZtahZcZ%2B8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b0ac21b524-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/50k.png
104.21.65.160200 OK 56 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/50k.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash dcc9115751c361774789ffed79f976ea
7b9d51e86866828416514305bcb3ef5ea3bd4807
c0857d340d04f5680fd194f219ef1e884e18e19e4088576859f63aad7685c2b8
GET /ru/lukoil-bonus/static/img/general/50k.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: image/png
Content-Length: 56309
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:47:25 GMT
ETag: "61e5817d-dbf5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WWlaGHHvaqLYqp0hgrFPObcKt1xluNe0BuJbCOA9HGGILjWQLLcuXwcyM7Nwr1M8ASUQJl2AxkDHd3f05nFiBy3fiX0%2B7D9NmUdKz0JmoC%2BF7%2BkAkeqTTNNPotCCEqCxr%2F6iCTWM3ZA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b41df5b4f3-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/15%D0%BA.png
104.21.65.160200 OK 50 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/15%D0%BA.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 8773951656256870922a613db1449769
9e51802ef85316fe7bd1e409ff9e45bd62210abe
649f8f1bb97bba3d2d53f3d7abb5d4efecbaba2ea2ae5a4e5afa73650dc4ff1a
GET /ru/lukoil-bonus/static/img/general/15%D0%BA.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: image/png
Content-Length: 50080
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c3a0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzRq%2Fq25VNFvaFzvGBVDtcZu9e%2Fh7rHTxn5GqmHyHFBsLfd6w0tm02MAfYDH9j9Nuhg51VEA3nZPSwtSDkc3r3TRQU6KZGVp%2FpjW%2BHnSJfJr4CmY6JdixX%2FFWxYCRx%2FTaHBY3OUZv1g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b40a91b515-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/2%D0%BA.png
104.21.65.160200 OK 64 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/2%D0%BA.png
IP 104.21.65.160:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e5af04ae4966933dd88c34cecfaf38b
3b5196a7d1e3505b855fdd45dfc2d3374330ff19
229ba5846487869aff656213d1c19f1113cd8852232e11f21e50934e84b03f5d
GET /ru/lukoil-bonus/static/img/general/2%D0%BA.png HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: image/png
Content-Length: 63827
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:50 GMT
ETag: "5ee24452-f953"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gX7fdTN8hZb50uGX1cryVwNO6BJtsb0XhyYuXv79%2FRUwT48PEmU99%2FOsISl%2BNx7VwQqvfsqmAXKfVoYiUjuGFcssz2X1B6rl3LFnbJ7UkjB9CEa2Bcr9fLE%2BlKm%2BR1BYO1cOSrP%2FNDE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b40ff0b4f1-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Roboto-Regular.woff
104.21.65.160200 OK 280 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/fonts/Roboto-Regular.woff
IP 104.21.65.160:0
File type Web Open Font Format, TrueType, length 280060, version 0.0\012- data
Size 280 kB (280060 bytes)
Hash 8c9e2179f46b280d31ee9422ce0e41e2
3a04db5ed2137206c5868cf94ccbe0cba4ae280f
4e88cc5d3ac1f10bfe52ba2325b1c1645e11406e17707931723d3ecdba2770d0
Analyzer Verdict Alert fortinet Phishing
GET /ru/lukoil-bonus/static/fonts/Roboto-Regular.woff HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: application/font-woff
Content-Length: 280060
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-445fc"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lymIMlrdruo3lY%2Bag91Xi%2FUWBFFmjFYFKCSBBJsImaFgmp2JU67mWDNJ6efoOVD%2FP1pMo4x8zkjtaOjdEh0IBIgOoqOZ6BdaAKs9P5r%2FKvR9Qmh8LF0NEjKwCQtcgNhP03L57Mxkt18%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b0bda6b515-OSL
alt-svc: h2=":443"; ma=60
scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg
104.21.65.160200 OK 86 kB URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg
IP 104.21.65.160:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x600, components 3\012- data
Hash b5c86abfa9b5af374c33da0dcf54f48b
9df1cef8a70ef4ec3460c5e045656ef906a3230d
487cc4a122e61dabf22febb1b3dee18d2ef24bd566c0804e7831ca5ee7411a60
GET /ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:10 GMT
Content-Type: image/jpeg
Content-Length: 86365
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:53 GMT
ETag: "5ee24455-1515d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FC8oVM%2Bqqd0EWzwVNPHaoyWrgSBRwlVmvGtrwp%2FFySG4rGad5NdpV78z%2BnXLtTsqHQpwXgiCBrGajk9CUDb8mynnqc%2FzBQtuU5IOTaIW7i4gMphOBJOt%2BPFe4bkS6Fcmsj2ouTKNmWg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31b59fe0b4f3-OSL
alt-svc: h2=":443"; ma=60
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 7af3d793efcbb64301ef69577f940d07
afdc4805e38c249ac5b0fce8aca7b39aa9df2883
095fa27e5e40c9e362e6fa3f8189d00ff1c006ff1733ed12a5b9416021527cc6
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 12:31:04 GMT
ETag: "afdc4805e38c249ac5b0fce8aca7b39aa9df2883"
Last-Modified: Tue, 29 Nov 2022 12:31:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1825
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bbdfe4b527-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 7af3d793efcbb64301ef69577f940d07
afdc4805e38c249ac5b0fce8aca7b39aa9df2883
095fa27e5e40c9e362e6fa3f8189d00ff1c006ff1733ed12a5b9416021527cc6
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 12:31:04 GMT
ETag: "afdc4805e38c249ac5b0fce8aca7b39aa9df2883"
Last-Modified: Tue, 29 Nov 2022 12:31:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1825
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bbe801b527-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 7af3d793efcbb64301ef69577f940d07
afdc4805e38c249ac5b0fce8aca7b39aa9df2883
095fa27e5e40c9e362e6fa3f8189d00ff1c006ff1733ed12a5b9416021527cc6
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 12:31:04 GMT
ETag: "afdc4805e38c249ac5b0fce8aca7b39aa9df2883"
Last-Modified: Tue, 29 Nov 2022 12:31:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1825
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bbfa26b4ff-OSL
pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
87.240.137.137200 OK 15 kB URL HTTP/2 pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash a1b59f5e54d60317ea93b3de097f8ce8
33f46ab01057d234394f596c2b4d36ac3a87fff2
3349224fa7553bb09ea418bd74e6b18818745a0368fe8329f8c0f7cff12a546f
GET /c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 14808
last-modified: Wed, 29 May 2019 14:46:14 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash ee13cf3a8bf8a832851f2c7cab9044df
d13c56a09b49092b432ee445709f003c07d82b33
50a2108021b6c52a19e9d9550708a749539bb5007242fbf92090372173538f84
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 11:41:12 GMT
ETag: "d13c56a09b49092b432ee445709f003c07d82b33"
Last-Modified: Tue, 29 Nov 2022 11:41:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 240
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bc0f4fb51b-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 7af3d793efcbb64301ef69577f940d07
afdc4805e38c249ac5b0fce8aca7b39aa9df2883
095fa27e5e40c9e362e6fa3f8189d00ff1c006ff1733ed12a5b9416021527cc6
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 12:31:04 GMT
ETag: "afdc4805e38c249ac5b0fce8aca7b39aa9df2883"
Last-Modified: Tue, 29 Nov 2022 12:31:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1825
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bc0a3cb4ff-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 2abcbf1ed2f8590927d45b55fd287b94
008c481263c85658c688e310819a9f30b1d2003f
ad29062ef2f1c9723e21c111e33cec16ce3b4fac2b4acbd6b2ddd8799f87a743
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 03 Dec 2022 14:15:20 GMT
ETag: "008c481263c85658c688e310819a9f30b1d2003f"
Last-Modified: Tue, 29 Nov 2022 14:15:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1161
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bc0831b527-OSL
pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
87.240.137.137200 OK 14 kB URL HTTP/2 pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1bbad063352babac3c093caef46d0acb
ed979e7de80945168a2d6dee7a5b0a492a072cc3
f1b5015d82543eb44542f5aae5548ae2c7518327a54a512a63c0d59e81795c60
GET /c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 13522
last-modified: Thu, 27 Jul 2017 16:47:28 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
87.240.137.137200 OK 12 kB URL HTTP/2 pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 976b15da33325e29e007d9996038da7c
61bce622bcb57879e004de2fa343f7fff845975f
89ec193043e9035a98baeabb6dd61afa33d873de137d21999ac8eee17f1c70a3
GET /c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 11743
last-modified: Fri, 12 Jan 2018 22:35:08 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
87.240.137.137200 OK 8.5 kB URL HTTP/2 pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1217e77273c853b49988d5364b8a7a84
5ddc05ded07117b9d909d97880fdeecf9cdbd9f2
767da781fe013e58e40389c1e0c9f970af5c672fb545a82d77d0c2683a551032
GET /c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 8490
last-modified: Thu, 18 Aug 2016 08:08:53 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
87.240.137.137200 OK 12 kB URL HTTP/2 pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 113ed1e12d267373bc7165dd43d2874d
7dc6259b31d87844e981a833079107d445b04b4f
4d215980822d00eac540b144287d4963223a2201c46008c66a96e3ab0b44d057
GET /c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 12349
last-modified: Sat, 01 Jun 2019 19:40:37 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
87.240.137.137200 OK 12 kB URL HTTP/2 pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 1815c13ed392857117402e56e70f1d97
9d11a2402e7926f56990ea4f6558b9ae1428f340
0a5cb0fad7b61743ef8b711e895200b595cf1b41238496fdf9546353ceef5e9f
GET /c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 11715
last-modified: Sun, 02 Oct 2016 20:26:26 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
87.240.137.137200 OK 15 kB URL HTTP/2 pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 949417782b02a00b5990df62f1c322ac
2c2ac16826ff6d2519c00f6b2920d2e042350b71
417db116bed44730a91bbe80021e53a3401c5cc340747a95a2c86669613e09c1
GET /c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 14611
last-modified: Wed, 27 Dec 2017 19:17:47 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
sun1-22.userapi.com/c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1
95.142.204.158200 OK 7.4 kB URL HTTP/2 sun1-22.userapi.com/c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1
IP 95.142.204.158:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x203, components 3\012- data
Hash 53b0bc3cbe86d132813f4861aeff4250
3294f07bc5a0b61e8ade26570beb04d8b0373def
f18eac8de3f61e1e0e98ab552b102700e9d3c54702af482f3744e5878f9beb8f
GET /c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1 HTTP/1.1
Host: sun1-22.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 7421
last-modified: Fri, 20 Oct 2017 09:39:54 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front1-22
access-control-expose-headers: X-Frontend
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
strict-transport-security: max-age=15768000
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
87.240.185.133200 OK 14 kB URL HTTP/2 sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
IP 87.240.185.133:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 3b7fa24f279e0a47c943a7aca5c41cc4
0e6f4707aba4ba42fd8a68f149c0441f27b3bfaa
72bfc9e56b1e290b558f541396eeda03815631f82253f90f383e5a7236934354
GET /c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1 HTTP/1.1
Host: sun9-6.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 14329
last-modified: Sat, 11 May 2019 06:25:15 GMT
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front221105
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
87.240.137.137200 OK 34 kB URL HTTP/2 pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x204, components 3\012- data
Hash 7c478721c3954aea3f2e7768e531cdb8
33bf54954988dadefb78dfbc0babcf2cfea5823a
e77075f0caef49dde7dd910e0da41c91ef912c77cd81d320afd65646993a29d2
GET /1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 33498
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 28daa906-3d28-4b94-87c6-ff8393a69dbe
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
87.240.137.137200 OK 12 kB URL HTTP/2 pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x186, components 3\012- data
Hash 5450f9f80f22a7352976aad7c436f583
26660fd9bc123e7e2d3561f3e8d119b18bee2714
280013fdd7d8d8b4a95505d558b625722e40c6fad6558dd2dbd7916bd43637b9
GET /c5120/u98913860/a_3c510fcd.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 11494
last-modified: Thu, 26 May 2011 18:37:59 GMT
etag: "4dde9e07-2ce6"
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
87.240.137.137200 OK 18 kB URL HTTP/2 pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x219, components 3\012- data
Hash a063df385c6d1177dab1657d104f2411
0b8222b5f44e8c3c253b801b55b180f74267e941
2145ae275b07f71a0b53223d057a11d136ca6eab0b96183060f1e95b559791a6
GET /c10506/u144023376/a_2502ec1c.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 17760
last-modified: Wed, 17 Aug 2011 04:15:08 GMT
etag: "4e4b404c-4560"
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
87.240.137.137200 OK 22 kB URL HTTP/2 pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 4e46f637447bd6219dc602f1db24255a
b194602511439b2facc826f29971d2e42d5bcf4f
928f88a8a11b1fec7b2dd29727263e8ca4ac00b5bb0ccf5fe6b2d3be881caab9
GET /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://scamynpresrighrode.cf/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 21798
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 488d2b71-bcc6-492f-87ab-e9e95aa6a48b
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
87.240.137.137200 OK 1.9 kB URL HTTP/2 pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 862fc22714936eb5dea3faa36eaa9d88
c413a006ea2e569b2d4b1a05c7d00ff2b5083697
43943e557e935a8f6dfa1cb1c9f4607e49311f0a024846eefa8864269e58d38c
GET /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://scamynpresrighrode.cf/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 1914
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 663e9984-548f-4eab-ae21-d35191c53f32
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
87.240.137.137200 OK 16 kB URL HTTP/2 pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 4915x4915, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 55727fdc3464d4b2d6affa98f542aaae
d5ff2a848113ebd076545c277f66bea3b074ba9b
70a04afd372efe1e12a90b48befa2d7dacca831ae49d6f9f10c33e05a38a4f0b
GET /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://scamynpresrighrode.cf/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
content-length: 16149
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: fa158895-a4fa-454f-9821-a914d8125c50
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
vk.com/images/camera_200.png?ava=1
93.186.225.194200 OK 23 kB URL HTTP/2 vk.com/images/camera_200.png?ava=1
IP 93.186.225.194:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 668f92e936e6c426400802fee4c711b9
83633a67b6758108d80a6f5ba67e49f8b12612bc
8efa03b9ff85c5e4e945f9bb66a8e576e9f57c66c5b404db35faab279a831d3b
GET /images/camera_200.png?ava=1 HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/png
content-length: 22867
last-modified: Tue, 22 Sep 2020 20:29:55 GMT
etag: "5f6a5ec3-5953"
expires: Tue, 06 Dec 2022 14:57:11 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
scamynpresrighrode.cf/ru/lukoil-bonus/favicon.ico
104.21.65.160200 OK 636 B URL HTTP/1.1 scamynpresrighrode.cf/ru/lukoil-bonus/favicon.ico
IP 104.21.65.160:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ecb1161d0f9a6c9e6982b9ecc08b62d8
502c72d3d74f3e612be51dd80bf3229dde0d62a1
e6cfbe2530dbab14115350dbcc4965e66603fd9f2fb69c88ba9634fb466fcb2a
GET /ru/lukoil-bonus/favicon.ico HTTP/1.1
Host: scamynpresrighrode.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/ru/lukoil-bonus/
Cookie: timer=161339; PHPSESSID=5p60mh1fdi1cfcm2c14t864tfa
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 14:57:11 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:40 GMT
ETag: W/"5ee24448-47e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqiSEKjsG6LiR1KG9AMGMqP9IPunZrliiMTbc91verJkX3Wimiuh1sozxT86apssYB8AU%2FJZyKAIqrT%2BxMJnieOuQ%2FEkMoz98CzKjcFjzATUB70oOijVaebPvl0rQg2D46AvLHr77co%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c31bbbab8b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
87.240.137.137301 Moved Permanently 20 kB URL HTTP/2 pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
IP 87.240.137.137:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 90618bc3c059d98bf468367dd5548878
9ada5e3becdcd7d50bbf91fea7c9995b4397b342
a811c857bd6932762e2d7c4c1dabb148aced0eea9887769b0c31ef648535210d
GET /c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Tue, 29 Nov 2022 14:57:13 GMT
content-type: image/jpeg
location: /dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg
expires: Thu, 29 Dec 2022 14:57:13 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
87.240.137.137301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
IP 87.240.137.137:0
GET /c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
location: /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
87.240.137.137301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
IP 87.240.137.137:0
GET /c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
location: /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
87.240.137.137301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
IP 87.240.137.137:0
GET /c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://scamynpresrighrode.cf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Tue, 29 Nov 2022 14:57:11 GMT
content-type: image/jpeg
location: /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
expires: Thu, 29 Dec 2022 14:57:11 GMT
cache-control: max-age=2592000
x-frontend: front632901
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2