Report - www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd

Report Overview

Submitted URL
www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
IP
172.67.129.161
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-11 20:22:03
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
84

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	108 kB	142.250.74.163
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.69.239.65
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	865 B	54.230.245.100
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	43 kB	142.250.74.72
amplify.outbrain.com	2255	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	275 B	3.7 kB	95.101.174.159
amplifypixel.outbrain.com	10402	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	635 B	254 B	64.202.112.255
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	712 B	142.251.1.157
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	9.8 kB	142.250.74.3
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.agefirm.ru.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	22 kB	2.5 MB	104.21.1.164
bat.bing.com	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	15 kB	204.79.197.200
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	21 kB	142.250.74.174
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	757 B	96 kB	157.240.200.14
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
trc.taboola.com	602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	344 B	589 B	151.101.85.44
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.0 kB	93.184.220.29
tr.outbrain.com	2017	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	986 B	491 B	64.202.112.255
techxsv.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402 B	2.7 kB	52.28.217.131
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed
2022-09-11	medium	agefirm.ru.com	Sinkholed

JavaScript (33)

	URL	Size	First Seen	Last Seen
	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	410 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen20 Hash 4d4b5b8b3899e24626055594b82ff896 a12b8179be1a3629e0754780d9bf4d30e27df305 0e56342e68172d31bf8f2f23d0100580f4de59d2bcd30d10b5605da964af6cc2 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt	22 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen38 Hash 7090735869d2097600bd74538db83741 e3c2378af0a095b9808d678f34bbcb16f855d07e ea9b12494cef70b82fcfe62a8afb7a6da885c8a5ab58c75b17ac5012a29af55b Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt	83 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen39 Hash 24b140a4ee9476b2a112132064e7b9c3 dc93db9bb05463a416cead36f55a33f4324e2742 71b7ad37f879fff99db99e32c122708bb1658ad57570e400c3423030f0ce8282 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2023-08-11
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:31 Last Seen2023-08-11 03:38:40 Times Seen44 Hash 026f52d67397fda8ff7ddb28ee932f39 44a56e64bfdba3ceff45066d88f3b8f3db2c9ca3 5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783 Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	154 B	2023-03-07	2024-03-13
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2024-03-13 17:48:30 Times Seen54 Hash ea6fb5829b8b3345ad595b21c0eaedb0 2c6c4609804f99e09ad777a308eaf4f26ec04474 5be5ed06f4b849d7af02562365acb798fac639c00cf9e2e2dd1fbb0df5068cad Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	44 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen20 Hash a659df71c641a9bd7185f332b3f00025 ec7a47312a97c35d9b5f339f07f30a5ad00ea304 bfabbd0b8d58c0652d932ed75ccb52a212b9e13854e1d94801cae0e31cc169e9 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD	274 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen28 Hash ab751037619370adf98336194a5dfbb0 ff2997b7569521ff39ac69a3224983d20686fcc4 d6e7ee0252ff99d2d27e85df4a1395fb757c07a6e34445143b8a0a0b2e21c928 Loading...

	connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.79	5.4 kB	2023-03-07	2023-03-17
Pretty URL connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.79 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-03-17 12:28:20 Times Seen1 Hash f3ec48b494c3a42561720eb08c38a5ca c2b3d3aa746f305ab700a8b765d0a08ed955416f 1ffeeb8335777f0bd3552b6813433946f112f26d2c3598d89cee2ef196816e26 Loading...

	bat.bing.com/bat.js	39 kB	2023-03-07	2023-08-25
Pretty URL bat.bing.com/bat.js IP 204.79.197.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2023-08-25 07:33:07 Times Seen42 Hash 16911c194f6e9313655f07c4eb9d8737 d39ccfa8c6d785af331afafe9e36336031f41b64 30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	connect.facebook.net/signals/plugins/automaticmatchingforpartnerintegrations.js?v=2.9.79	5.4 kB	2023-03-07	2023-05-01
Pretty URL connect.facebook.net/signals/plugins/automaticmatchingforpartnerintegrations.js?v=2.9.79 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:47 Last Seen2023-05-01 22:08:27 Times Seen4 Hash d47f2d5154ee5799bac71188ba3b07e2 14670594ae74eae9353b228f927a8a19e1d9c9d1 ac80f1bae5262bdbbbe15d67c2c611e00c52295329316d290589773e87969634 Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	444 B	2023-03-07	2023-03-17
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-03-17 12:28:20 Times Seen1 Hash 655cf0dca5fcbe52dde195f9e08e5b44 bdf6f3f548b3d29f7906b07ad530238d01969ccc 1a6d6741c3453a3ed5e35eff5c663ee35dd989fa68b2746fb856a36e77903a42 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js	21 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen39 Hash c6da3588ba0943790316fecf607003f4 3753034893b1c131b3f901e245b82b294020baf9 09134b59a36ec7ab2ece3b1440376c059189820bb79e418c700fdcc39de457f1 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD	87 kB	2023-03-07	2024-04-19
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 21:14:12 Times Seen61162 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	441 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen20 Hash 4b4b6f3a7b7270223108975f0f2de14a 4fde933f6cbf26b65824da5e32eab30c58ee476e 1f610e90b04ee37bc022e32e49e90367aaaa8df0ea157862840b18baddc65834 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js	4.4 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-11-21 20:58:43 Times Seen27 Hash 41f04bc9320bf2f0fe4cc3cbd05a460c 083dcd063687137a62410081850c1101994e1544 26c9c2ffd3d4ea43b62a3ac326dc386049bf49048f038e051f684dee2e4d88ca Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js	52 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-11-21 20:58:43 Times Seen39 Hash 7c74991e0728f52a69e22da73398b020 1c190910d2b54e0b70d90b979a1edaa5032347df 235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js	22 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen54 Hash 0f96b682e61b9d6de899ee0b51eab097 500db8afffe8ed13caecc967168f6d819f649579 9e03d610493a32cfa7a9750ac0c194f807c46926270e565fc8b41ee71053a52d Loading...

	www.googletagmanager.com/gtag/js?id=UA-22484186-3	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-22484186-3 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:51:38 Last Seen2023-03-07 14:51:38 Times Seen1 Hash c29b8d06e232f45d744445b83a962faa f0fd27383a74108ac34322c8eafd5fa265dbe766 979c53d5e49321e89f407cec02417a86d052312fe1504092ca3f2e83c40d1518 Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	212 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-11-21 20:58:43 Times Seen20 Hash e6c474b37b720de077ad02cf2a6b3966 93b75b32f784d8fd10787e7368b2e6e1e97429f5 9d39753bc9ec722781e2c5f74b079f4380f2dde4cb99d172aaaa5b07d41bdcd2 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js	581 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen22 Hash 8cfed69f33408ba98137e37405d0683e dd1dd1bbeb84b9b19ad98240653c42507867c73d 64f7103325dfa48afc764055873bf3b43897960e93440aa73e2c52abe5c873bb Loading...

	tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd	35 B	2023-03-07	2024-02-13
Pretty URL tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd IP 64.202.112.255 ASN #22075 AS-OUTBRAIN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-02-13 00:48:29 Times Seen1372 Hash 75c843c7b717e7b722777907475c67a3 983d1c9a05b315288039b9d4694ce3b402259240 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580 Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	426 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-11-21 20:58:43 Times Seen20 Hash 185e388d1d063d9880947ad1b445b9c9 a1bf60e682ac2e539c28e5880ae870a6ced7097d 23c824c088b87922d1be920ede40932c551004733d2ad4a7ca1dd2c1d72d7b71 Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	426 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:55 Last Seen2023-11-21 20:58:43 Times Seen20 Hash 7ce7ae4684f62bf12d86fa981ca19028 8d7b9d681d62bd5b1326ec62b2733920bf7c9abc a227d20e12dc76559c9871884baa79d22e81794b4d11a0dce65128e6b5d24e2e Loading...

	www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f	875 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:43 Times Seen20 Hash ba19df069dd2f3fab96aa797fc06b410 029670fb721b560258145ebe5955bd003151b240 d4e3f630a69e4ee9cc14eff9d000dc7df07bab12dd1e426a5246a4f9ef51da11 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt	43 B	2023-03-07	2024-04-08
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-08 20:17:10 Times Seen63935 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js	37 kB	2023-03-07	2024-04-19
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-19 22:33:55 Times Seen54366 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable	229 kB	2023-03-07	2023-03-17
Pretty URL connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-03-17 09:24:49 Times Seen1 Hash 6bc6430b7223585ee8b5766e9a04516c 0f0124bac90334e06f5d34dfbc1e168b8ba2b4e0 c583ae78db2c994c5768452122cefc8f4ce205edf8fa7203e282fd9704f67b7a Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 22:34:20 Times Seen36967699 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD	1.7 kB	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen38 Hash a7814d07f1a9d759bd840ea27419cf12 ed29ba6aaebf692517921db616b88ef97ff5b0ba 23aa25f5bb6405b5e6f817973ecfcc003cb3830a4e70c0125fd2c5b0a6537929 Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js	1.9 kB	2023-03-07	2024-04-17
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2024-04-17 03:10:06 Times Seen223 Hash 8e55f74e37d822e25494c54c54d0b664 7c9da963f1e7445bc542747f7a54920656efa09e dde3261ae85ead281a4f3120a5c4cee3bc7a1874c284c4a23874af1ada1f08ec Loading...

	www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js	796 B	2023-03-07	2023-11-21
Pretty URL www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js IP 104.21.1.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:56 Last Seen2023-11-21 20:58:44 Times Seen23 Hash c7efb493fd823d17434ea89420d22118 675c467f99c0110393f69d78314682ce2dfe494e 8ac2b0e6c573febf4b22ea8cd87af32371e73b175adf016e056cf2b32178f36d Loading...

	amplify.outbrain.com/cp/obtp.js	8.1 kB	2023-03-07	2023-03-17
Pretty URL amplify.outbrain.com/cp/obtp.js IP 95.101.174.159 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2023-03-17 12:54:28 Times Seen1 Hash 51de2e10510f823326f9b30ea6068a2a d59ac8a4371d74ec69945686b04453246130d846 83db3bbe981876d41cce2ddff9a3f3eb388342c9d70a4112fd79b995dae26dd0 Loading...

HTTP Transactions (98)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5148
Expires: Sun, 11 Sep 2022 21:47:38 GMT
Date: Sun, 11 Sep 2022 20:21:50 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 19:30:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S467n6Nh5NxbRbqOKWk7GI1whrXMaVs1RleWYoKabbEyRkLAVTVO3A==
Age: 3056

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: j5xuGF5GAQfIhb40ri12-fKspsiz2mC_k97ll486AaL1x81bVMw7kQ==
age: 47078
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 20:21:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

104.21.1.164

200 OK

794 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (45903), with CRLF line terminators
Size
794 kB (793847 bytes)
Hash
ed707ce8db1a613f6600f19bd3c39cf2
a3b7a10a50a9e034826ec599d345800b9ea1cee4
f4cc8d6d7272279c13968d68b5ecaecf1d2635165ff349ecfeb260db649d0b94

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzcOPK4MySZNBWVUBGRCtYEz65Dr2GuKWpKV99dSe9hBJVuqKQsQfImdBygNTCfUQ6yFIIYgg22ggxxiL9IkOSFI5sAbYyWhJ%2FsvDvdafcJuwBoPKAbbT3dxmsyLiwqKOcCJ%2FL4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931caa7e12b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/flipclock.css

104.21.1.164

200 OK

1.4 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/flipclock.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7726), with no line terminators
Size
1.4 kB (1425 bytes)
Hash
0dc87eeac215cd6aaf25d722d2e5888f
890688e3a41b20ad25249c8367f45273764c7757
a6ef0d00ef3be3df2a3d6d378418b501afca9238433e61420c1d3947cfb69e0c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/flipclock.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1e2e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrpaYf%2BoPQ1BXKENWfuR6HYKyigJuqiLB89QfqUbzHiRoyTuHBdVToOrhLa1cOiEZcHj7nbYi%2BG3HbeIoelol6G3%2BaNeCC%2BKsEYne6IzWdUBsEqbWmM0h7aGeb2ziJ6E5YA1k28%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7da4b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/intlTelInput.css

104.21.1.164

200 OK

3.1 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/intlTelInput.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (21119), with no line terminators
Size
3.1 kB (3058 bytes)
Hash
86ffe28459f65fe5ee3fa41187de1ef0
54b79fc47cd6e28db115204834c99aec6333c30f
cbbc17461b4b2f8db91309930fa34e02f9eb0e6507591d637043e740d9f75460

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/intlTelInput.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-527f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAJ6XXXD9qPdP84Fm82cGrx3EUCVQWNKec6e3vUu2lMP2tYgZuZhCtww7oD8xTPlorlx%2BwjB9WvqGFINeORQuemRQuBVzZQWhjeoqY4ZZ2qLBA1JuXvAYmCTra1Td1GRQMLX%2FC4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7b210b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.txt

104.21.1.164

200 OK

1.5 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.5 kB (1517 bytes)
Hash
cc62e3dfb0b967a7aab36d7e308fe7df
b63c5e3e4acf1311946ed642ccf85e9d0007bac7
7793b27ccfdc4fa1dbd7aa03247ec3c7a184c223abf845d43bdb18b98cf18e09

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/css.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-98a7"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YAdPZS6FqzQ%2BiiWBqkyUbqQFUb90Y3hZnhi4HBrZg1AMTWbao0aytzGhED05uuKciQnoEmde2cZbw6Ky3QCKeX4zOS%2Bmytu0NVjIsm5nmaHvj3JNH9y3pd7cBt5VOaSkENqqBU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cac798bb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fontawesome-all.css

104.21.1.164

200 OK

8.0 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fontawesome-all.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (36418)
Size
8.0 kB (7985 bytes)
Hash
978d75e233a00b4120ca7baa4386d8da
abfb675c0c0a29b7693afb6fca159574d508a99c
d484bab8328188f777557840f8223809c346f98e27add8079f339803b03f0756

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/fontawesome-all.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-8ef7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaV1YPy5GVkhgdBWxVSxc5p2%2Fw%2FNNaMzwVSJT79PX884HIYKCuPJ%2BmZfVmh5WgxqzpULbQKE0%2FaB34rEKB2FF3ChdEk7KAixdZyiQ2I9fpGQ%2B2h%2FuUhwUDVuP1DG5L8F9DVKdio%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7a23b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.googletagmanager.com/gtag/js?id=UA-22484186-3

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
42 kB (41953 bytes)
Hash
797ef847a0227853304a67fa3d25b969
1b568d73121914b195adf801dd474e862605ed60
e4e100591d75b3892195916d94b863a7b07499a5c1d760b4eb97aa94e4cbeec9

HTTP Headers

GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 20:21:50 GMT
expires: Sun, 11 Sep 2022 20:21:50 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41953
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style.css

104.21.1.164

200 OK

4.3 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (19581), with no line terminators
Size
4.3 kB (4294 bytes)
Hash
73f1e45ae235e3d9f8ef2a8a2db03102
43bd3326c5aa7fc6c068c681d116830cadfad725
8457fcb0c199f3ce20a30baf4026423e26c6ebd75def22d33d213a31b8135a7d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/style.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-4c7d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QraR%2F%2FPtr0lGfY472aK%2B%2FYyPdVDKxh2Ua8OqErg0R946jnMkP4mhva2D1F7zfPXkVbBw1r3EeFdc%2FDDVdsv1XgkXt2ih5OBDEckcHYfTpCfJuBE1W%2BUTpc6daxnO08uy6gnK1m0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad0a2cb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css

104.21.1.164

200 OK

632 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1645), with no line terminators
Size
632 B (632 bytes)
Hash
1fde4dca98fead1ab06fd95362591593
5aafb2f402f97402e6d4a18899d72df69ef74558
a3fff5a919a8e2ea00171bac33aa644bbacf91ec63f78667a382da978d7e3627

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/style1.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-66d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tI5HOYR9pKJAspn2ZjP%2Bp7v9jwWV6QHs8iMiy6VSKFj50VpQjznwTzn0VfsE2JkyJbaS8jsWBisaR7IuQ29xpNLKMrThoQtk978UUOjP5M%2F1Vze1ANxRyvAwCTQRUsMlYA1O2N8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad5f15b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.css

104.21.1.164

200 OK

20 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
20 kB (19535 bytes)
Hash
821b5b99fd4aa2f0d3c0402208ce49c7
6ec0325f301f9b920fb2eca016506925558e69d9
9a494b3e8cf9307f56d63c2811d1ded2fbb4ec2a6ac5fce1cf621e6681140a68

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bootstrap.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1d943"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYPewl4CxC%2Fs%2Bo0SmMv6PQV0v5y%2BrYtl6S3ruBkv7vs5qVnhmHFXQm89CSEs13HcHnOyTq0bd14FECSIZMqp4o1d%2BO5qE0q6UnuyCf1s98psqVdIZMeQVQjcsmbjBBeZQ02vzIg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac6d97b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js

104.21.1.164

200 OK

6.9 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (21248)
Size
6.9 kB (6876 bytes)
Hash
4cf418e83d040bf769e46528d084fa83
8fe3c89e231a49e831fa365c5c331ec5fef37667
e16a401a50c5a17ea971851652a408ea38d121cd60f40c195d9f9ceaeeaed97e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/tfa.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-5323"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oka%2Fphnp1KLiRdTzz3I%2F7HIUTfKZgU811%2B5PzL965xnyO9gdHKFMIsBGSitAXVhQYx9U4wcPnVAa26DyJAZrgOey2CxFuuNW2fEfNqXX2T5xC3PuFjshlyt%2FswD94MEb7nrXFmQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad7c8e0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js

104.21.1.164

200 OK

1.9 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4446), with no line terminators
Size
1.9 kB (1928 bytes)
Hash
db8aab343db8f5f29b8720589d1dcdb0
731e334a3251ddf5bc3c4cbde6494a83788e1e0c
c3edf8e48d33c959b577c8ba7cef44d75dc47f1b54fc553690724a9a4805e697

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/obtp.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-115e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccu7yhkDWT3JCGpj8irV2CSpHyKuUyEHvUz5NbKJmPMSedbaHlW4yKilvEnc8uPCXYTMaB8YARElri6AcjXXII6wBsbIpzMxH%2BqHLOpVdWhyFllEF%2FlDIKk06f%2BVizFneXDJUGA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cadcb43b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js

104.21.1.164

200 OK

15 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (42174)
Size
15 kB (14935 bytes)
Hash
7f527e895deb7354a755cf2252e3a3a6
3f05c5d005417c060b947e0272cdd583eedaebfc
e387a857a38b1d79973706db6920aa34eaff4e3ec364243c6d6f693c480f2908

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/fbevents.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-cb4f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3ph9%2B1gQkCmASaa3IkdX7kU302fE2RGyv99TyNCLT5R0B393XbwpBCrWjWC%2Fq7JnW0ZNUaXqyA2vkYLHdr6YN%2FWqbWgc02T%2BqcAfBEwKrrUVpHqcc0hlB4yfW1tY%2BjgtQhW3c0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cae3c31b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js

104.21.1.164

200 OK

6.9 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22437), with no line terminators
Size
6.9 kB (6869 bytes)
Hash
bf312e6b642bb3f77eb3d4af8fcbd309
4abc389c58e11afa3de708d48d8cd45d187b1993
d0ac9fb04475a4a61b11a2620174fd0f4ee7f9538785a5b8309ea75093899b76

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bat.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-57a5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4m6iu08RfnZiKhovrTMUWC5PRvksnumfQFc%2F279d6z%2BgZRbPGCx4GOFrjtVFZGOwSUjK4ozO9QhF8JcMLVxYan6IKibU0969ntGsX2R%2Fj8%2Fb%2F89FSvG21haIAtmxr2dipub22M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cae3841b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 19:56:07 GMT
Expires: Sun, 11 Sep 2022 20:29:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: opJVpPDWEBEV5Qpns_TflQ6pUUJuxfe-zxpEP93LcZJJKvwjzfLXbw==
Age: 1543

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD

104.21.1.164

404 Not Found

122 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
122 B (122 bytes)
Hash
ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lufacvwbNcS13F4Vl8%2BZpyanXIRKFUATo5ts1Cy%2FVtU%2Blg8JBYUKpKNQ7aqnCDg5rHtVVsgZFM8NjzriKeHkmbwmX4rntqVfKBa%2FN5SqRd4joHM0%2FFIRe60IFmxLk2jVqTAZADY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cae78a5b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

trc.taboola.com/1171368/log/3/unip?en=page_view&tim=1662927699364

151.101.85.44

204 No Content

0 B

URL HTTP/1.1
trc.taboola.com/1171368/log/3/unip?en=page_view&tim=1662927699364
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1171368/log/3/unip?en=page_view&tim=1662927699364 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 204 No Content
Server: nginx
Content-Type: image/gif
P3P: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: http://www.agefirm.ru.com
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
DEBUG-TRC-HOST: trc-events001
Accept-Ranges: bytes
Date: Sun, 11 Sep 2022 20:21:50 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-bma1648-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1662927711.580320,VS0,VE81
X-vcl-time-ms: 81

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.css

104.21.1.164

200 OK

837 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
837 B (837 bytes)
Hash
d82a19fa8caf016f919e124aedb9bd44
a1eac128b8bef9d85954beab927de28ec793b80c
7465dab545e985b7fd16e6124e8f658e45ac1025c150aff884951d9e5e8f368b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/css.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-3ccd"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fygh3N81DqsnBTBNi9Mtqyqkphlv5SbO8ErhJo1QaVJiRFBALK%2FnFr6d4a6T9C4GOFSPOB%2B0qOP9gXTc4Xf5oFvfSrNg7pv%2BwmAJw91B72t1RczTBa5x4KOzivr9hK3rW57uMtk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caecd21b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/last.css

104.21.1.164

200 OK

395 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/last.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1036), with no line terminators
Size
395 B (395 bytes)
Hash
86b3263ee8d138fc96ee88c6ac8e0e6e
52f552e075bb614b05ec2e1ff0163fd59d6d6e63
275066f0edac6ed08dd249905b8d684807f094935875d61d056e806139f3594e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/last.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-40c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9d4iYmwA4KdB512SjY5OB%2FAOqlQJgH6v4bwq6NDhhSiAYP3PW%2Bp3ayLUQ6kSxq%2Bqo9nvP3xHancNRpgaSUwzKaY%2Fe5aa7U7sxhxJAtSVI%2FcAw1mLPJKDp2bD96fi9wgiy3LRyrM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caf5e13b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css_002.txt

104.21.1.164

200 OK

745 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css_002.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
745 B (745 bytes)
Hash
bdf8fe28ccd69be6772d733ff7e28b16
7a28287a7df973611a9db568cd356201cae88144
4071eb3fe1be3d400f4fc1a56758a23b5e4d6bce6aaa467e34138c77333f621d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/css_002.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-2b5c"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yika0N%2F0lTXTqys4aON%2Fo791%2FWO8H1kDJCDQTU7MmIodblFen1DvWyaHrXLtOPNjiR4vLnek9S27eIj%2FBJgXGSKdvcR5PHvwlFLKJ1PL%2F18EeBSkn8A7zxnAi3vXuBonar7%2BQKU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931caf59eeb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/2128872657442699.js

104.21.1.164

200 OK

44 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/2128872657442699.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (64470)
Size
44 kB (44149 bytes)
Hash
79e999c6df6962385cc1d166060a3368
31870115bf8515d40d7bbd6464a2959ede49b09d
4bdfb7903173e3c20ece760e7a96e47390888549d3e8a8f70d7bc8ff4bcfa19e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/2128872657442699.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-2d3bc"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KfFwY%2F3LjybIS8A9Ew4RziIvbX4z4F53YvkR21dcwLQJ0EP1%2B0sbtV547xPrFn25MMRPL9erqeVWqxWRuM0NU91Fg1tXXK9%2FfM570%2FegAUAnDJXHDJFTamdi99nSRyp0y5K6vw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caddc5ab523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt

104.21.1.164

200 OK

8.4 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2068)
Size
8.4 kB (8350 bytes)
Hash
a6f9cf65e033dc6e787e29c0f94bd91f
f67a536dfe4f22d3a6199b7545ef8f36b8998e4c
3addfaf3a72d27abedb6f9ee4b74f4351d5ad71ecb067a6f0655f3bb5b3af485

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/f.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-5720"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzFI3yrXGDPd0arHA%2FnDInBK4y3HR0rtWim8cgNCAZVN1zGtYDeh0P%2FFTpJ23MgPBqJ0d5ypQJrsJuoXJcLWrtM1FIKQfdaCwlYtYlJZw6n1cH4Cr%2F%2Fmu%2FE6edoCh261baDr1Ok%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cafdee9b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt

104.21.1.164

200 OK

43 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
43 B (43 bytes)
Hash
ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/f1.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2b"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5b6jE6u5RUKR4lH4UDbzLJVI6cZlcMaiNn7IOya27LM%2BCEbjpQu6ZYQqoLzEEYuFP4adi1soS0wLrkwVTuthvye6LFi3NT%2FvlX%2Fvx2z6JBZo29P7ZJjmX6gSBxG4Q5uEU5QAJw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb00ad3b4fa-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f2.txt

104.21.1.164

200 OK

43 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f2.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
43 B (43 bytes)
Hash
ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/f2.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2b"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e5KTOPHpiDfNu8iXx7JgYrB15XOBzVXfh6JnJilZBj9RdOSUXR%2FoOHg10gZjb3IZz7qvyKEpyn3Q6m0QswQLbSKs2rjEcuP1gT6CvrfcWNQ6GZQXKcdFn1LdsrU3FJPolBP%2BKc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb03937b523-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6309
Cache-Control: max-age=135003
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Etag: "631d9714-1d7"
Expires: Tue, 13 Sep 2022 09:51:53 GMT
Last-Modified: Sun, 11 Sep 2022 08:06:44 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css

104.21.1.164

200 OK

85 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65402)
Size
85 kB (85333 bytes)
Hash
b97e2ac00967243783260390ca7087fd
80b8a392e06822b9591f1aeb1032d3e090f628e4
58feb3b6c9504c949c8e23a132d68759643eefaaf046dcacd1fb36e1693c7c16

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/style1_002.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-253b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BV9%2FiHQtJKtyYbieuPASTh77ewhbLDWliXal6Cu%2FZWMnqiaM3BP4BkMNAxABCJEh9nM%2BFjBLNFQD%2BleqxGhI6EBjwY7q3DURmf6r33m0DYvGDRHm6vO%2BrwZ2hZUZfzsEE%2FkTRI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caf7a11b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD

104.21.1.164

200 OK

1.7 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1706), with no line terminators
Size
1.7 kB (1706 bytes)
Hash
a7814d07f1a9d759bd840ea27419cf12
ed29ba6aaebf692517921db616b88ef97ff5b0ba
23aa25f5bb6405b5e6f817973ecfcc003cb3830a4e70c0125fd2c5b0a6537929

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 1706
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-6aa"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XgDEPM1%2FLmVjyZTEXT4Klc6lEdeB5lVAooVshbkr%2F9CT15ZAGOA5NetWdsCPghJXHISJhYEQd%2BJtbr%2FXSiWStMeUM8w5HetHtCthvuQ3SFBae9PmjHZZQbJyJH1NHcVYWHKAi78%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb08810b4ff-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt

104.21.1.164

200 OK

30 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1769)
Size
30 kB (29797 bytes)
Hash
b52b51bcb2a34d08a427129f9f5be895
0d645b31fef7d360ef78f4395eb09ab2bb3ba0b7
59a4134340e6a9a9adc7e2babe58037b2e44900314945387585b6ebab506d490

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/js.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1452d"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sv19gpeQH9r0GGE6hwKzg0lXLDe66Qtjv899eXpQ3ti80TXZXxueK4Lgdu5azjYCau0lXP9NE2BEBFy32KC9yfTydpJu5WuW6OeUK49uS4JKxj%2BPBel0kyh%2BCufT7uGFduHCPD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb00f34b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD

104.21.1.164

200 OK

87 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 86659
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-15283"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2F61jiph3g%2F8Z%2F3OX3zy1kZbnJwWdKS5ZDDGkRDTUQ8eknlA%2FA%2BS447g7kDZdrD%2F04XTbs2I8WOAi5waeW2fYapxpQx2OeYcgQsMa%2B%2BHZrAbL53T7rSZuP2dueXd86zX2WpGAbc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb04fe50b61-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js

104.21.1.164

200 OK

915 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
915 B (915 bytes)
Hash
a6937dacea053ad118b5b07538547ef0
cb1b0ac43ff37f7a21bfdd895d9bcaf0d7988f74
2d05329dbaa98416aa87d6897ce3cc5a35e0dea0ed233b0a8ec2efc426dbdd49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/jquery.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-792"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bt0iPmMpgOQoNDOdPUBuYImL1MgVpuJqZBGMVjb%2B6M6SIMuXU8DXOm6V9VW2O69N8GcTJSqpKtzL047RbHuQbbe4sXnyg3JoEzGTMvGgpUsk%2BnwzEnYUARGmIEt%2FVVT5LE7a4Xg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb1493cb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2

142.250.74.163

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20444, version 1.0\012- data
Size
20 kB (20444 bytes)
Hash
0f9d3b560bae7d6283f13b731bc4f674
cd082fc17fecdeb0b4de56499ce420f7c73fd7d9
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51

HTTP Headers

GET /s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20444
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:09:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2

142.250.74.163

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21080, version 1.0\012- data
Size
21 kB (21080 bytes)
Hash
fa61eccc5d911d604a8739a7c9dc8bcb
73488928ed4cd9f726f0129fc6c969908161091a
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8

HTTP Headers

GET /s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:06:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2

142.250.74.163

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20300, version 1.0\012- data
Size
20 kB (20300 bytes)
Hash
f780d6f93676a9792d73405ad95cfbcc
3ffb0b44be63925e77d3cbaa9ab89b30dc63a70f
3916e5c19c2e260ec6c95d4af3cc8c026c5825717221a6b931614f804be378ac

HTTP Headers

GET /s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:05:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2

142.250.74.163

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21072, version 1.0\012- data
Size
21 kB (21072 bytes)
Hash
9126e37748c1ee76d20fb783efef135b
4ebc85b3cb847b7cf4dc2341094d4fc883fe08ca
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb

HTTP Headers

GET /s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 20:07:54 GMT
expires: Sat, 09 Sep 2023 20:07:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 12 Dec 2018 22:04:17 GMT
content-type: font/woff2
age: 173637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js

104.21.1.164

200 OK

320 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
C source, ASCII text, with very long lines (359)
Size
320 B (320 bytes)
Hash
ae86cd97e3f3d0aeb33404162325a6cd
1838b24880669a6476df5b6f6441a8ebc1fe20cf
b3785a78e8f3715fdaaeb17f2c6483a26a1b3313eba223e4820629e3c92dc7ca

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/main.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-245"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTd6drpE894R%2FsgOk1gJTq%2FDZ6TMRHSjTfC%2BKLRz7C%2F6iMX4d3Y%2BwPcFDODQo9Mo0abiyV2b5Jg1XEDDEOtBpB%2BP%2BTohh%2FfPWLMxmWWIW1W2tI1RRFWsuiQ0ieB6ukTZ7SOOWyo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb179340b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2

142.250.74.163

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20348, version 1.0\012- data
Size
20 kB (20348 bytes)
Hash
9c43f43c6a98e7a4c8f27827ff455c9f
60b73cbb826b0710af3988a30873b3c47e43b511
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef

HTTP Headers

GET /s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20348
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 20:07:54 GMT
expires: Sat, 09 Sep 2023 20:07:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 12 Dec 2018 22:05:17 GMT
content-type: font/woff2
age: 173637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.js

104.21.1.164

200 OK

30 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32058)
Size
30 kB (30177 bytes)
Hash
165a43244de5b28bfdb9422e0ad82b68
dd12888e259036e6c6986a0c65a3b3e38b697f54
200e3fccd025dffd3f7c6ad186f87ea51737db6c85e279b0d8b9626ad7ce1954

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/jquery-3.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-15283"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIDxm%2B%2BKD0DzXvIBsT%2FIyQtxg%2FuGUGnvxI4AVbFxl5zZwm1Jll%2Br7PbYdbCgJnqOk43quTr2jlFnKWli5RMfdcvuQFkgdJxGR2ZPpjkgU1zpXLLphc47X3S58TJ%2FjkoB0geVgUQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb11c36b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js

104.21.1.164

200 OK

9.8 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9833 bytes)
Hash
5001f34e4d6720378751012dedda52d6
d582a3fa4a2772626a934ade1489dc5e5f97a845
3cbb8f3723828476519f646eed5cd50a490f1cb1a03b9c2e92ad2a749c1dbf5a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bootstrap.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:29 GMT
ETag: W/"62e823f9-90b5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTSP87ndnSYE5Jb5c0JG3niF%2FP7XG0AkxbNaepEZo4c54JfTNq8nkAdFiXboVLaEjMnqNKlTSiygw2INjsMWRFwt%2FncueyEJyZxEGrhl6Hd4jHgxHdfL0tQU6d0EBd%2FjqcolGlc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb1391eb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body.png

104.21.1.164

404 Not Found

116 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
116 B (116 bytes)
Hash
d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bg-body.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css

HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fyf6mX5qapvDnyNL4FLcEGSDTTv6DGlDut9t2QkropTE9GKUukK1nLoIngQBSq6g7kbSD%2BySiOBL%2B39%2FoE2fVF8EBeT1H9Cr%2B4xY7XcebN3Wrm%2FXo8yX%2F0DtJTFbieN2UEdRPhE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb25a430b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

54.69.239.65

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.69.239.65:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lYZDVuOBGX0ctv/vIMhCHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gbSu1rQcrYOUYfLFHRJlwAz0CSA=

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js

104.21.1.164

200 OK

450 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (501)
Size
450 B (450 bytes)
Hash
41a2fdff43ee058af2d4c8c291b2d9d4
f2fdf3165732412088dc899f0f20272f56559044
35716b5a75076c9d0847735a25f06045a2f033646b81de0d901414a8170ab5a5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/jquery_002.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-31c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hd9Id0g%2F8x30nj3e6QmQ4cEnq0cVOlzL8E8yBwiwlgmqvEanPjv4bvASr3EKFRJZtA6DV0%2BVOQqb63szurwl1B5oDQOBkXtPvVSAm09YwM7jRMcaKIAGGmySg3Lf1UDTmw0ckmo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb21a4eb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD

104.21.1.164

200 OK

256 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
256 kB (256150 bytes)
Hash
04ac8427433d48324755ef21e13ea222
649d0f821b50480745a695a666c69e42a14e9f43
1f8be107f7500a15282933e2f7efe1a7ef998db59f4ce04216429833320a7c9b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 256150
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-3e896"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNkd7VicjZx%2F18dLuaIcHATbEsaXBW%2BTdQzYQqUFAx%2BQ9Eu21IXVMe1JBSB%2BOiEO5Y7zZSJou7HehudDVlaAKj68%2FJiTHcFUBm4VFEQOkFKrp6OIsFPTTKgFc%2Fmi4w%2BpkwjKRhc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb0fa43b523-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/marvel-bg.png

104.21.1.164

200 OK

41 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/marvel-bg.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 355, 8-bit colormap, non-interlaced\012- data
Size
41 kB (40644 bytes)
Hash
a2cf30cf9f9c94ca233de42e68686e58
f405fecfc083aaf78abfd66e5ecac05501114617
b8fe22fddc6cc86351d432d6ce92667ddaac8f4ce72156fc4c44e8d98338390c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronxprodiscount_files/marvel-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 40644
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-9ec4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i97K5kzFHzpVCeO52N8BxiLUM67J8bVdhoosuH5M10pNXIffAtqhABbdLlhkKfIR2kU54jIi7gtwq02yQXJFHoSkpFOPjkML3Euiiy9jSUOmCDkZsNSEA7BdA%2Fd1FHwguCTICQQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb2bac00b61-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/images/line.png

104.21.1.164

404 Not Found

116 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/images/line.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
116 B (116 bytes)
Hash
d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/images/line.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css

HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgfdSf8HUjLKh25Vo9PvuKWJnyiZwUJBjQuWAq0Q2Pydzu%2FUJmmek7oxmdCPjDqJ6yaa%2F6yUDlMMOTRmj%2Bb5MNnacCQsSnU0hxuq1nopDJrRJu%2BQxTNs3nd1YN4CYcGAyiO4P5E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb30b82b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-right.png

104.21.1.164

200 OK

97 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-right.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 476 x 812, 8-bit colormap, non-interlaced\012- data
Size
97 kB (96740 bytes)
Hash
017ff46ff9a1d8170ee09edaa444b280
e6244df569c2abc083725b869a69fc30e505581f
952916fc6a983c646ae35c1335a92d0226c9c8b72f8e8b59a3c4c6dc37dc590f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bg-body-right.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 96740
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-179e4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uiWg1rqlDTrhdXRpEId7i3lzlBfW0X45cSos3IXdYnyEKhKRNmwiD7Sje%2B1%2BMDLNyEbWcWcSDfujKMfD1r5LFWX%2FI%2Bd8WU9tPwkGyPS9u7o6YgnHKpQw0r3wZNX4Ypnqv1KsnEY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb28ad5b4ff-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-left.png

104.21.1.164

200 OK

128 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-left.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 552 x 812, 8-bit colormap, non-interlaced\012- data
Size
128 kB (128092 bytes)
Hash
4dbc129cc0bbe77f887cf813c4408e9b
fc3f7169f6ccd2b1cadeaf349893225882c11a13
1f044c072e134bdb8815ef45070ce943f01bfd52dd457483552f86d92a77aeaa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/bg-body-left.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 128092
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-1f45c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WEJogaavpBZCFRNQTJ7sPvMQS0qtWxFOF1wy2Xqb6kRxnpAKQsTB6R8oT5pa8UwxGdXlrdUA4kfcRLwGz1z0vRLvFRu7qpA2b4lRXVX%2F9vcpssZ9Gk%2BRv5bcSVi61rQYbvMGWY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb28ec3b4fa-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/features-bg.png

104.21.1.164

200 OK

119 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/features-bg.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1919 x 822, 8-bit colormap, non-interlaced\012- data
Size
119 kB (118905 bytes)
Hash
3cce5293a4ee949dec8e986cecaedf33
49368789299133426f8967d4e4df94a2456b1232
8889b616bbaca86c12d25f26150562a0354ff36602696231b08551d029d1739e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronxprodiscount_files/features-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 118905
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-1d079"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5%2FgTwkjU%2F09lyu4F2Fd5VoVFXwuG4Ay%2Ba412DxV27uWwC0yS2HiTWTb3YuDiMbHPWR31cmNAbFJpmHMOl723q0LkOHhUMru6NAR6uNMpU7QtBa87e5gb9bUmgGc3vYgbT2isbs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb30d30b523-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/rated-bg.png

104.21.1.164

200 OK

33 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/rated-bg.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 309, 8-bit grayscale, non-interlaced\012- data
Size
33 kB (33360 bytes)
Hash
b50d31f2cc5907f761be48d49b6d1395
2860d207f026ffc5c89d1fbb1861cd80fbf1e983
7f46f96de1079ab0e23b5fe3a550020dfaef35a15667e572036c32e84fda2340

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronxprodiscount_files/rated-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 33360
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-8250"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j75FYeH8iRwCixOQlpfws9ogoQHBjrx0nwcxSbR5ok8yh4JEPYPWrCteDbuY7BLrgDJ6cE%2F8qGYFfwmPd%2Bv%2B5jo%2BfLX%2FNVW4nP6JFCiI1g8Dycj%2B4%2Bg4Ch79unKuSZygsabzBL0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb39c6db4ff-OSL
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0.txt

104.21.1.164

404 Not Found

122 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
122 B (122 bytes)
Hash
ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/0.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoA9%2BA8h39P2sq3jYGJSrRYyuoLvPCArqgBPCn8fIPkMuugLRZHyQcAF%2FM5jl9FmcfCwYEOmnQq5E8VGoVZISb4gHepm2MQMoBKurz1GMPgQD%2FsoB%2BXuMiTlmX5gjttvAguCRB4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb3d8ddb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0_002.txt

104.21.1.164

404 Not Found

122 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0_002.txt
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
122 B (122 bytes)
Hash
ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/0_002.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0pZVZcScX%2B8AhY6DnS4lVIIOw7cfF5DhNIbRrM1sathzxVZzx%2F4FqBoYnH20oez7lslN4nmoCS5VSwIpPIe8UrezfOt6wzdVLAr729YedwqplU3gdKyudUv5wV0th%2F2iDI3yInA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb3dcebb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

amplify.outbrain.com/cp/obtp.js

95.101.174.159

200 OK

3.2 kB

URL HTTP/1.1
amplify.outbrain.com/cp/obtp.js
IP
95.101.174.159:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8072), with no line terminators
Size
3.2 kB (3249 bytes)
Hash
9b19340ef7db3cbb26aa923adb8dbe6e
082e699bca6e80ca6c72a43f2894f4a32e785e26
c042b8b199b2c08fa66f90753998544860e3f64c3a1f47754a66970b3b8c5b2a

HTTP Headers

GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "51de2e10510f823326f9b30ea6068a2a:1655820557.452892"
Last-Modified: Tue, 21 Jun 2022 14:06:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Sun, 11 Sep 2022 20:41:51 GMT
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Length: 3249
Connection: keep-alive

bat.bing.com/bat.js

204.79.197.200

200 OK

11 kB

URL HTTP/1.1
bat.bing.com/bat.js
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size
11 kB (11367 bytes)
Hash
293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab

HTTP Headers

GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 200 OK
Cache-Control: private,max-age=1800
Content-Length: 11367
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:32:37 GMT
Accept-Ranges: bytes
ETag: "80a8697a8a2d81:0"
Vary: Accept-Encoding
Set-Cookie: MUID=01D2F312DE38671009F9E10EDFCD66AD; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: B62DAE27A020408599C4F483CF2B2C55 Ref B: OSL30EDGE0219 Ref C: 2022-09-11T20:21:51Z
Date: Sun, 11 Sep 2022 20:21:51 GMT

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 11 Sep 2022 18:41:12 GMT
expires: Sun, 11 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 6039
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/fbevents.js

157.240.200.14

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26737 bytes)
Hash
8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: bOCLWy75ePs0H/P/56OOg8sVmOpkaBDzgAzcA2zcDkbpq/vx/MSjKDYn46R8mcGR73U+AViC0KxGobe1/UL82Q==
content-length: 26737
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 20:21:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/page-logo.png

104.21.1.164

200 OK

591 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/page-logo.png
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size
591 kB (591177 bytes)
Hash
17afdc9ba149de09554478af843413c5
f0ff59f4fcf2168f9acf436ee4111c76abaf97bf
d8501f90164e095fb2434d9bcaee6c12261a74d3bee87705f7c4703bb4c5ec18

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/page-logo.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 591177
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-90549"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flEM88h1GviTscdUZ85rSOjiO0EOnrwFgpYGn7JFNM0x4LMwI0%2FUVxAmEq6xfJ%2BP82JS6rm1CX4pdo49PM4pR%2BqhWnxCgoaL0%2BfoKcnBAkv%2Be9CPXbm2QYfroSoYQK5Ojn5luMc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb39b8e0b61-OSL
alt-svc: h2=":443"; ma=60

amplifypixel.outbrain.com/pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746

64.202.112.255

200 OK

60 B

URL HTTP/1.1
amplifypixel.outbrain.com/pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
IP
64.202.112.255:0
ASN
#22075 AS-OUTBRAIN

File type
GIF image data, version 89a, 1 x 1\012- data
Size
60 B (60 bytes)
Hash
fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb

HTTP Headers

GET /pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746 HTTP/1.1
Host: amplifypixel.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: 6281984ee790a4a5d272632f7b9e9bb1
content-encoding: gzip

tr.outbrain.com/pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746

64.202.112.255

200 OK

60 B

URL HTTP/1.1
tr.outbrain.com/pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
IP
64.202.112.255:0
ASN
#22075 AS-OUTBRAIN

File type
GIF image data, version 89a, 1 x 1\012- data
Size
60 B (60 bytes)
Hash
fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb

HTTP Headers

GET /pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746 HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: f89c0d2deed88e2c1c2caf07438798b3
content-encoding: gzip

bat.bing.com/action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=975098

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=975098
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=975098 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=292713C60D7C6B8C145A01DA0C896A04; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A4CFB1B89C745B6A816D5A767BBE7DB Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=582324

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=582324
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=&lt=1572&evt=pageLoad&sv=1&rn=582324 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2617A004F66A6D3316B8B218F79F6CD6; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03B5E2BBA3B64257ABFBDECAADE789E3 Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e62195d82fcca48fae0c2a0ab552b964
c935eff82e51ef59cc54639a538b43ab233ff4f0
47a4bb236d09acf799f1103a47a5d60bbce35600f236bb3d018a795a355b3bae

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 20:21:51 GMT
Server: ECS (dcb/7F18)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YBae1S7P6ZKdBMzULV9HfFQc7L_FMdQvDWK9xePO58M9JQAv_gEXgQ==

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd

64.202.112.255

200 OK

56 B

URL HTTP/1.1
tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd
IP
64.202.112.255:0
ASN
#22075 AS-OUTBRAIN

File type
ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599

HTTP Headers

GET /cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: 31619247b6316e754a2d84b8a1bb4fe2
content-encoding: gzip

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071

142.251.1.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071
IP
142.251.1.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.agefirm.ru.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Sep 2022 20:21:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bat.bing.com/p/action/20105041.js

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/20105041.js
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/20105041.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=1334337D59C8697B0B022161583D6814; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ARR/3.0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7723DCB0B5CC4AEC83A82BBC7F19644F Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
55d14c90ec16748861894ce8f82eafcd
f3ebe8972971c1201c1ec7c533f019f79c36cde5
fa0dc0f0a76f3407dad8dae59a4817ef6b1371fcaa930448373d64720a036698

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
45b55c678e2944a30a6d8160bb6e4a94
a1ac0c9681902e7d64e49bd9e146820ce2c60f4f
5a89db56a9b47aa3e426799671db9b25a42d7dd7d6881c66eca7ed37facf6bd9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable

157.240.200.14

200 OK

67 kB

URL HTTP/2
connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
data
Size
67 kB (66718 bytes)
Hash
e77adf7ed51bac2040f0edd3710ae5f0
b304cf3b9fa74d605e9ac147c4ca07e054af65ba
59ccc00a91a44821db65ca1523a037d0a1e577ae8cd7981fc1751356cd2938c4

HTTP Headers

GET /signals/config/371373974792356?v=2.8.37&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: WIMAb0XmYde/3CJ+Yr4GjZUOhJOEwz28lnTh4jHJuJq4oAvkRWZ2kX1EXRN1nn33DeK+eSFNMNIudF5qlW2KSw==
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 20:21:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

techxsv.com/intl_3/images/products/dronexpro/favicon.png

52.28.217.131

404 Not Found

2.4 kB

URL HTTP/2
techxsv.com/intl_3/images/products/dronexpro/favicon.png
IP
52.28.217.131:0
ASN
#16509 AMAZON-02

File type
data
Size
2.4 kB (2376 bytes)
Hash
79d43b7eaa356a8f9d1b6f6fb5e18404
b5695e92af090c7b466a456e4f7b4eafae8a324e
018df48a75e0df427bf3a35e5930d86967c718a54308f573c9456835e20e8b49

HTTP Headers

GET /intl_3/images/products/dronexpro/favicon.png HTTP/1.1
Host: techxsv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
date: Sun, 11 Sep 2022 20:21:51 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.0.13
set-cookie: PAGE_LANG=no; expires=Tue, 11-Oct-2022 20:21:51 GMT; Max-Age=2592000; path=/
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bat.bing.com/p/action/20103275.js

204.79.197.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/20103275.js
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/20103275.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=3BAE20FE7CAE69D4107E32E27D5B685A; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ARR/3.0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 199CC67277454A2B83CF1EDCD0F98BE4 Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/dronexpro.mp4

104.21.1.164

206 Partial Content

56 kB

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/dronexpro.mp4
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
56 kB (55779 bytes)
Hash
22133a24c8c91ab0ed35a0b62d758b66
b1df76e851ecb949c25b432af8f2af855340f216
fff3f34d0b8b60148c50b0ffc0020bdaeee1ffe8ddfb952618d3ea53a7d5c81a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/dronexpro.mp4 HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 206 Partial Content
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: video/mp4
Content-Length: 2773316
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2a5144"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Content-Range: bytes 0-2773315/2773316
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5VQbbEa0Vs6pBhOMrraaeUDkOaPSVCDFQyfIzs5gZOp1tyokTCfA%2FoGQ4i%2B%2Fnz4%2BBWBfX%2FE9F%2BoMtBRPAmWCpXnhwieZi5UN%2B8bRIYyTMx7XtzbJgOtHmxk2ODNyBRCbCWZu%2B8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb32fc4b4fa-OSL
alt-svc: h2=":443"; ma=60

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6889 bytes)
Hash
57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 81298
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7519 bytes)
Hash
bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 73263
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8171 bytes)
Hash
eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 12:19:15 GMT
age: 28957
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7635 bytes)
Hash
4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 81678
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7017 bytes)
Hash
fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 80828
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10298 bytes)
Hash
99bd16c51d8e4853d6ee542d2ec9fb22
a9f77626875d68e1aea2516f78d491eba9969e37
b360c3c9fa12dc4f57fdbfc88fe820ecee1c049f2d43f44cd38b740513d8e9f8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10298
x-amzn-requestid: f2e2d57b-1f6f-401a-bf0d-ca5c05dd5e59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE-nmHBKIAMFrZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184496-52d1369463143fc94894e347;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:13:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PRnDEhi5jnNROYiVXzfn4b_vf-OHnwO5RD38I1bLV8JEJb2gDYrqvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 81685
etag: "a9f77626875d68e1aea2516f78d491eba9969e37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD

104.21.1.164

200 OK

0 B

URL HTTP/1.1
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD
IP
104.21.1.164:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 273807
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-42d8f"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2TqkgUEqAYJeV16QMY2IUOjrZEpl0navrVUqK3ptv5bj41lOFxh8Bm3WMFuYcdNhcAXFY12ramUdZz6BfbTi3FUtF09%2B4jkGwTZnKOUmSDNLUW1fuWyjyt9kupdpH%2BRWN2K1oU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb0ebf8b4fa-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations