r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5148
Expires: Sun, 11 Sep 2022 21:47:38 GMT
Date: Sun, 11 Sep 2022 20:21:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 19:30:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S467n6Nh5NxbRbqOKWk7GI1whrXMaVs1RleWYoKabbEyRkLAVTVO3A==
Age: 3056
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: j5xuGF5GAQfIhb40ri12-fKspsiz2mC_k97ll486AaL1x81bVMw7kQ==
age: 47078
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 20:21:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
104.21.1.164200 OK 794 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (45903), with CRLF line terminators
Size 794 kB (793847 bytes)
Hash ed707ce8db1a613f6600f19bd3c39cf2
a3b7a10a50a9e034826ec599d345800b9ea1cee4
f4cc8d6d7272279c13968d68b5ecaecf1d2635165ff349ecfeb260db649d0b94
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzcOPK4MySZNBWVUBGRCtYEz65Dr2GuKWpKV99dSe9hBJVuqKQsQfImdBygNTCfUQ6yFIIYgg22ggxxiL9IkOSFI5sAbYyWhJ%2FsvDvdafcJuwBoPKAbbT3dxmsyLiwqKOcCJ%2FL4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931caa7e12b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/flipclock.css
104.21.1.164200 OK 1.4 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/flipclock.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (7726), with no line terminators
Hash 0dc87eeac215cd6aaf25d722d2e5888f
890688e3a41b20ad25249c8367f45273764c7757
a6ef0d00ef3be3df2a3d6d378418b501afca9238433e61420c1d3947cfb69e0c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/flipclock.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1e2e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrpaYf%2BoPQ1BXKENWfuR6HYKyigJuqiLB89QfqUbzHiRoyTuHBdVToOrhLa1cOiEZcHj7nbYi%2BG3HbeIoelol6G3%2BaNeCC%2BKsEYne6IzWdUBsEqbWmM0h7aGeb2ziJ6E5YA1k28%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7da4b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/intlTelInput.css
104.21.1.164200 OK 3.1 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/intlTelInput.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (21119), with no line terminators
Hash 86ffe28459f65fe5ee3fa41187de1ef0
54b79fc47cd6e28db115204834c99aec6333c30f
cbbc17461b4b2f8db91309930fa34e02f9eb0e6507591d637043e740d9f75460
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/intlTelInput.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-527f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAJ6XXXD9qPdP84Fm82cGrx3EUCVQWNKec6e3vUu2lMP2tYgZuZhCtww7oD8xTPlorlx%2BwjB9WvqGFINeORQuemRQuBVzZQWhjeoqY4ZZ2qLBA1JuXvAYmCTra1Td1GRQMLX%2FC4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7b210b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.txt
104.21.1.164200 OK 1.5 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.txt
IP 104.21.1.164:0
Hash cc62e3dfb0b967a7aab36d7e308fe7df
b63c5e3e4acf1311946ed642ccf85e9d0007bac7
7793b27ccfdc4fa1dbd7aa03247ec3c7a184c223abf845d43bdb18b98cf18e09
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/css.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-98a7"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YAdPZS6FqzQ%2BiiWBqkyUbqQFUb90Y3hZnhi4HBrZg1AMTWbao0aytzGhED05uuKciQnoEmde2cZbw6Ky3QCKeX4zOS%2Bmytu0NVjIsm5nmaHvj3JNH9y3pd7cBt5VOaSkENqqBU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cac798bb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fontawesome-all.css
104.21.1.164200 OK 8.0 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fontawesome-all.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (36418)
Hash 978d75e233a00b4120ca7baa4386d8da
abfb675c0c0a29b7693afb6fca159574d508a99c
d484bab8328188f777557840f8223809c346f98e27add8079f339803b03f0756
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/fontawesome-all.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-8ef7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaV1YPy5GVkhgdBWxVSxc5p2%2Fw%2FNNaMzwVSJT79PX884HIYKCuPJ%2BmZfVmh5WgxqzpULbQKE0%2FaB34rEKB2FF3ChdEk7KAixdZyiQ2I9fpGQ%2B2h%2FuUhwUDVuP1DG5L8F9DVKdio%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac7a23b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtag/js?id=UA-22484186-3
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash 797ef847a0227853304a67fa3d25b969
1b568d73121914b195adf801dd474e862605ed60
e4e100591d75b3892195916d94b863a7b07499a5c1d760b4eb97aa94e4cbeec9
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 20:21:50 GMT
expires: Sun, 11 Sep 2022 20:21:50 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41953
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style.css
104.21.1.164200 OK 4.3 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (19581), with no line terminators
Hash 73f1e45ae235e3d9f8ef2a8a2db03102
43bd3326c5aa7fc6c068c681d116830cadfad725
8457fcb0c199f3ce20a30baf4026423e26c6ebd75def22d33d213a31b8135a7d
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/style.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-4c7d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QraR%2F%2FPtr0lGfY472aK%2B%2FYyPdVDKxh2Ua8OqErg0R946jnMkP4mhva2D1F7zfPXkVbBw1r3EeFdc%2FDDVdsv1XgkXt2ih5OBDEckcHYfTpCfJuBE1W%2BUTpc6daxnO08uy6gnK1m0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad0a2cb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
104.21.1.164200 OK 632 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (1645), with no line terminators
Hash 1fde4dca98fead1ab06fd95362591593
5aafb2f402f97402e6d4a18899d72df69ef74558
a3fff5a919a8e2ea00171bac33aa644bbacf91ec63f78667a382da978d7e3627
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/style1.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-66d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tI5HOYR9pKJAspn2ZjP%2Bp7v9jwWV6QHs8iMiy6VSKFj50VpQjznwTzn0VfsE2JkyJbaS8jsWBisaR7IuQ29xpNLKMrThoQtk978UUOjP5M%2F1Vze1ANxRyvAwCTQRUsMlYA1O2N8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad5f15b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.css
104.21.1.164200 OK 20 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (65371)
Hash 821b5b99fd4aa2f0d3c0402208ce49c7
6ec0325f301f9b920fb2eca016506925558e69d9
9a494b3e8cf9307f56d63c2811d1ded2fbb4ec2a6ac5fce1cf621e6681140a68
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bootstrap.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1d943"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYPewl4CxC%2Fs%2Bo0SmMv6PQV0v5y%2BrYtl6S3ruBkv7vs5qVnhmHFXQm89CSEs13HcHnOyTq0bd14FECSIZMqp4o1d%2BO5qE0q6UnuyCf1s98psqVdIZMeQVQjcsmbjBBeZQ02vzIg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cac6d97b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js
104.21.1.164200 OK 6.9 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/tfa.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (21248)
Hash 4cf418e83d040bf769e46528d084fa83
8fe3c89e231a49e831fa365c5c331ec5fef37667
e16a401a50c5a17ea971851652a408ea38d121cd60f40c195d9f9ceaeeaed97e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/tfa.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-5323"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oka%2Fphnp1KLiRdTzz3I%2F7HIUTfKZgU811%2B5PzL965xnyO9gdHKFMIsBGSitAXVhQYx9U4wcPnVAa26DyJAZrgOey2CxFuuNW2fEfNqXX2T5xC3PuFjshlyt%2FswD94MEb7nrXFmQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cad7c8e0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js
104.21.1.164200 OK 1.9 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/obtp.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (4446), with no line terminators
Hash db8aab343db8f5f29b8720589d1dcdb0
731e334a3251ddf5bc3c4cbde6494a83788e1e0c
c3edf8e48d33c959b577c8ba7cef44d75dc47f1b54fc553690724a9a4805e697
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/obtp.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-115e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccu7yhkDWT3JCGpj8irV2CSpHyKuUyEHvUz5NbKJmPMSedbaHlW4yKilvEnc8uPCXYTMaB8YARElri6AcjXXII6wBsbIpzMxH%2BqHLOpVdWhyFllEF%2FlDIKk06f%2BVizFneXDJUGA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cadcb43b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js
104.21.1.164200 OK 15 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/fbevents.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (42174)
Hash 7f527e895deb7354a755cf2252e3a3a6
3f05c5d005417c060b947e0272cdd583eedaebfc
e387a857a38b1d79973706db6920aa34eaff4e3ec364243c6d6f693c480f2908
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/fbevents.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-cb4f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3ph9%2B1gQkCmASaa3IkdX7kU302fE2RGyv99TyNCLT5R0B393XbwpBCrWjWC%2Fq7JnW0ZNUaXqyA2vkYLHdr6YN%2FWqbWgc02T%2BqcAfBEwKrrUVpHqcc0hlB4yfW1tY%2BjgtQhW3c0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cae3c31b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js
104.21.1.164200 OK 6.9 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bat.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (22437), with no line terminators
Hash bf312e6b642bb3f77eb3d4af8fcbd309
4abc389c58e11afa3de708d48d8cd45d187b1993
d0ac9fb04475a4a61b11a2620174fd0f4ee7f9538785a5b8309ea75093899b76
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bat.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-57a5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4m6iu08RfnZiKhovrTMUWC5PRvksnumfQFc%2F279d6z%2BgZRbPGCx4GOFrjtVFZGOwSUjK4ozO9QhF8JcMLVxYan6IKibU0969ntGsX2R%2Fj8%2Fb%2F89FSvG21haIAtmxr2dipub22M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cae3841b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 19:56:07 GMT
Expires: Sun, 11 Sep 2022 20:29:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: opJVpPDWEBEV5Qpns_TflQ6pUUJuxfe-zxpEP93LcZJJKvwjzfLXbw==
Age: 1543
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD
104.21.1.164404 Not Found 122 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/pptm.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lufacvwbNcS13F4Vl8%2BZpyanXIRKFUATo5ts1Cy%2FVtU%2Blg8JBYUKpKNQ7aqnCDg5rHtVVsgZFM8NjzriKeHkmbwmX4rntqVfKBa%2FN5SqRd4joHM0%2FFIRe60IFmxLk2jVqTAZADY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cae78a5b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
trc.taboola.com/1171368/log/3/unip?en=page_view&tim=1662927699364
151.101.85.44204 No Content 0 B URL HTTP/1.1 trc.taboola.com/1171368/log/3/unip?en=page_view&tim=1662927699364
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1171368/log/3/unip?en=page_view&tim=1662927699364 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 204 No Content
Server: nginx
Content-Type: image/gif
P3P: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: http://www.agefirm.ru.com
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
DEBUG-TRC-HOST: trc-events001
Accept-Ranges: bytes
Date: Sun, 11 Sep 2022 20:21:50 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-bma1648-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1662927711.580320,VS0,VE81
X-vcl-time-ms: 81
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.css
104.21.1.164200 OK 837 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css.css
IP 104.21.1.164:0
Hash d82a19fa8caf016f919e124aedb9bd44
a1eac128b8bef9d85954beab927de28ec793b80c
7465dab545e985b7fd16e6124e8f658e45ac1025c150aff884951d9e5e8f368b
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/css.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-3ccd"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fygh3N81DqsnBTBNi9Mtqyqkphlv5SbO8ErhJo1QaVJiRFBALK%2FnFr6d4a6T9C4GOFSPOB%2B0qOP9gXTc4Xf5oFvfSrNg7pv%2BwmAJw91B72t1RczTBa5x4KOzivr9hK3rW57uMtk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caecd21b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/last.css
104.21.1.164200 OK 395 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/last.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (1036), with no line terminators
Hash 86b3263ee8d138fc96ee88c6ac8e0e6e
52f552e075bb614b05ec2e1ff0163fd59d6d6e63
275066f0edac6ed08dd249905b8d684807f094935875d61d056e806139f3594e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/last.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-40c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9d4iYmwA4KdB512SjY5OB%2FAOqlQJgH6v4bwq6NDhhSiAYP3PW%2Bp3ayLUQ6kSxq%2Bqo9nvP3xHancNRpgaSUwzKaY%2Fe5aa7U7sxhxJAtSVI%2FcAw1mLPJKDp2bD96fi9wgiy3LRyrM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caf5e13b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css_002.txt
104.21.1.164200 OK 745 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/css_002.txt
IP 104.21.1.164:0
Hash bdf8fe28ccd69be6772d733ff7e28b16
7a28287a7df973611a9db568cd356201cae88144
4071eb3fe1be3d400f4fc1a56758a23b5e4d6bce6aaa467e34138c77333f621d
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/css_002.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-2b5c"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yika0N%2F0lTXTqys4aON%2Fo791%2FWO8H1kDJCDQTU7MmIodblFen1DvWyaHrXLtOPNjiR4vLnek9S27eIj%2FBJgXGSKdvcR5PHvwlFLKJ1PL%2F18EeBSkn8A7zxnAi3vXuBonar7%2BQKU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931caf59eeb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/2128872657442699.js
104.21.1.164200 OK 44 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/2128872657442699.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (64470)
Hash 79e999c6df6962385cc1d166060a3368
31870115bf8515d40d7bbd6464a2959ede49b09d
4bdfb7903173e3c20ece760e7a96e47390888549d3e8a8f70d7bc8ff4bcfa19e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/2128872657442699.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-2d3bc"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KfFwY%2F3LjybIS8A9Ew4RziIvbX4z4F53YvkR21dcwLQJ0EP1%2B0sbtV547xPrFn25MMRPL9erqeVWqxWRuM0NU91Fg1tXXK9%2FfM570%2FegAUAnDJXHDJFTamdi99nSRyp0y5K6vw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caddc5ab523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt
104.21.1.164200 OK 8.4 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f.txt
IP 104.21.1.164:0
File type ASCII text, with very long lines (2068)
Hash a6f9cf65e033dc6e787e29c0f94bd91f
f67a536dfe4f22d3a6199b7545ef8f36b8998e4c
3addfaf3a72d27abedb6f9ee4b74f4351d5ad71ecb067a6f0655f3bb5b3af485
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/f.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-5720"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzFI3yrXGDPd0arHA%2FnDInBK4y3HR0rtWim8cgNCAZVN1zGtYDeh0P%2FFTpJ23MgPBqJ0d5ypQJrsJuoXJcLWrtM1FIKQfdaCwlYtYlJZw6n1cH4Cr%2F%2Fmu%2FE6edoCh261baDr1Ok%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cafdee9b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt
104.21.1.164200 OK 43 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f1.txt
IP 104.21.1.164:0
File type ASCII text, with no line terminators
Hash ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/f1.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2b"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5b6jE6u5RUKR4lH4UDbzLJVI6cZlcMaiNn7IOya27LM%2BCEbjpQu6ZYQqoLzEEYuFP4adi1soS0wLrkwVTuthvye6LFi3NT%2FvlX%2Fvx2z6JBZo29P7ZJjmX6gSBxG4Q5uEU5QAJw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb00ad3b4fa-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f2.txt
104.21.1.164200 OK 43 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/f2.txt
IP 104.21.1.164:0
File type ASCII text, with no line terminators
Hash ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/f2.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2b"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e5KTOPHpiDfNu8iXx7JgYrB15XOBzVXfh6JnJilZBj9RdOSUXR%2FoOHg10gZjb3IZz7qvyKEpyn3Q6m0QswQLbSKs2rjEcuP1gT6CvrfcWNQ6GZQXKcdFn1LdsrU3FJPolBP%2BKc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb03937b523-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6309
Cache-Control: max-age=135003
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:50 GMT
Etag: "631d9714-1d7"
Expires: Tue, 13 Sep 2022 09:51:53 GMT
Last-Modified: Sun, 11 Sep 2022 08:06:44 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
104.21.1.164200 OK 85 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
IP 104.21.1.164:0
File type ASCII text, with very long lines (65402)
Hash b97e2ac00967243783260390ca7087fd
80b8a392e06822b9591f1aeb1032d3e090f628e4
58feb3b6c9504c949c8e23a132d68759643eefaaf046dcacd1fb36e1693c7c16
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/style1_002.css HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-253b0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BV9%2FiHQtJKtyYbieuPASTh77ewhbLDWliXal6Cu%2FZWMnqiaM3BP4BkMNAxABCJEh9nM%2BFjBLNFQD%2BleqxGhI6EBjwY7q3DURmf6r33m0DYvGDRHm6vO%2BrwZ2hZUZfzsEE%2FkTRI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931caf7a11b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD
104.21.1.164200 OK 1.7 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD
IP 104.21.1.164:0
File type ASCII text, with very long lines (1706), with no line terminators
Hash a7814d07f1a9d759bd840ea27419cf12
ed29ba6aaebf692517921db616b88ef97ff5b0ba
23aa25f5bb6405b5e6f817973ecfcc003cb3830a4e70c0125fd2c5b0a6537929
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/manifest.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 1706
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-6aa"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XgDEPM1%2FLmVjyZTEXT4Klc6lEdeB5lVAooVshbkr%2F9CT15ZAGOA5NetWdsCPghJXHISJhYEQd%2BJtbr%2FXSiWStMeUM8w5HetHtCthvuQ3SFBae9PmjHZZQbJyJH1NHcVYWHKAi78%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb08810b4ff-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt
104.21.1.164200 OK 30 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/js.txt
IP 104.21.1.164:0
File type ASCII text, with very long lines (1769)
Hash b52b51bcb2a34d08a427129f9f5be895
0d645b31fef7d360ef78f4395eb09ab2bb3ba0b7
59a4134340e6a9a9adc7e2babe58037b2e44900314945387585b6ebab506d490
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/js.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-1452d"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sv19gpeQH9r0GGE6hwKzg0lXLDe66Qtjv899eXpQ3ti80TXZXxueK4Lgdu5azjYCau0lXP9NE2BEBFy32KC9yfTydpJu5WuW6OeUK49uS4JKxj%2BPBel0kyh%2BCufT7uGFduHCPD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb00f34b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD
104.21.1.164200 OK 87 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD
IP 104.21.1.164:0
File type ASCII text, with very long lines (32058)
Hash c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/jquery-3.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 86659
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-15283"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2F61jiph3g%2F8Z%2F3OX3zy1kZbnJwWdKS5ZDDGkRDTUQ8eknlA%2FA%2BS447g7kDZdrD%2F04XTbs2I8WOAi5waeW2fYapxpQx2OeYcgQsMa%2B%2BHZrAbL53T7rSZuP2dueXd86zX2WpGAbc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb04fe50b61-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js
104.21.1.164200 OK 915 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery.js
IP 104.21.1.164:0
Hash a6937dacea053ad118b5b07538547ef0
cb1b0ac43ff37f7a21bfdd895d9bcaf0d7988f74
2d05329dbaa98416aa87d6897ce3cc5a35e0dea0ed233b0a8ec2efc426dbdd49
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/jquery.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-792"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bt0iPmMpgOQoNDOdPUBuYImL1MgVpuJqZBGMVjb%2B6M6SIMuXU8DXOm6V9VW2O69N8GcTJSqpKtzL047RbHuQbbe4sXnyg3JoEzGTMvGgpUsk%2BnwzEnYUARGmIEt%2FVVT5LE7a4Xg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb1493cb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2
142.250.74.163200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 20444, version 1.0\012- data
Hash 0f9d3b560bae7d6283f13b731bc4f674
cd082fc17fecdeb0b4de56499ce420f7c73fd7d9
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
GET /s/barlow/v2/7cHpv4kjgoGqM7E_DMs5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20444
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:09:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21080, version 1.0\012- data
Hash fa61eccc5d911d604a8739a7c9dc8bcb
73488928ed4cd9f726f0129fc6c969908161091a
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
GET /s/barlow/v2/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:06:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2
142.250.74.163200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 20300, version 1.0\012- data
Hash f780d6f93676a9792d73405ad95cfbcc
3ffb0b44be63925e77d3cbaa9ab89b30dc63a70f
3916e5c19c2e260ec6c95d4af3cc8c026c5825717221a6b931614f804be378ac
GET /s/barlow/v2/7cHqv4kjgoGqM7E3p-ks51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 17:47:29 GMT
expires: Thu, 07 Sep 2023 17:47:29 GMT
cache-control: public, max-age=31536000
age: 354862
last-modified: Wed, 12 Dec 2018 22:05:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21072, version 1.0\012- data
Hash 9126e37748c1ee76d20fb783efef135b
4ebc85b3cb847b7cf4dc2341094d4fc883fe08ca
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb
GET /s/barlow/v2/7cHqv4kjgoGqM7E30-8s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 20:07:54 GMT
expires: Sat, 09 Sep 2023 20:07:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 12 Dec 2018 22:04:17 GMT
content-type: font/woff2
age: 173637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js
104.21.1.164200 OK 320 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/main.js
IP 104.21.1.164:0
File type C source, ASCII text, with very long lines (359)
Hash ae86cd97e3f3d0aeb33404162325a6cd
1838b24880669a6476df5b6f6441a8ebc1fe20cf
b3785a78e8f3715fdaaeb17f2c6483a26a1b3313eba223e4820629e3c92dc7ca
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/main.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-245"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTd6drpE894R%2FsgOk1gJTq%2FDZ6TMRHSjTfC%2BKLRz7C%2F6iMX4d3Y%2BwPcFDODQo9Mo0abiyV2b5Jg1XEDDEOtBpB%2BP%2BTohh%2FfPWLMxmWWIW1W2tI1RRFWsuiQ0ieB6ukTZ7SOOWyo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb179340b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2
142.250.74.163200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 20348, version 1.0\012- data
Hash 9c43f43c6a98e7a4c8f27827ff455c9f
60b73cbb826b0710af3988a30873b3c47e43b511
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
GET /s/barlow/v2/7cHqv4kjgoGqM7E3_-gs51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20348
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 20:07:54 GMT
expires: Sat, 09 Sep 2023 20:07:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 12 Dec 2018 22:05:17 GMT
content-type: font/woff2
age: 173637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.js
104.21.1.164200 OK 30 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery-3.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (32058)
Hash 165a43244de5b28bfdb9422e0ad82b68
dd12888e259036e6c6986a0c65a3b3e38b697f54
200e3fccd025dffd3f7c6ad186f87ea51737db6c85e279b0d8b9626ad7ce1954
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/jquery-3.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-15283"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIDxm%2B%2BKD0DzXvIBsT%2FIyQtxg%2FuGUGnvxI4AVbFxl5zZwm1Jll%2Br7PbYdbCgJnqOk43quTr2jlFnKWli5RMfdcvuQFkgdJxGR2ZPpjkgU1zpXLLphc47X3S58TJ%2FjkoB0geVgUQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb11c36b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js
104.21.1.164200 OK 9.8 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bootstrap.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (32033)
Hash 5001f34e4d6720378751012dedda52d6
d582a3fa4a2772626a934ade1489dc5e5f97a845
3cbb8f3723828476519f646eed5cd50a490f1cb1a03b9c2e92ad2a749c1dbf5a
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bootstrap.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:29 GMT
ETag: W/"62e823f9-90b5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTSP87ndnSYE5Jb5c0JG3niF%2FP7XG0AkxbNaepEZo4c54JfTNq8nkAdFiXboVLaEjMnqNKlTSiygw2INjsMWRFwt%2FncueyEJyZxEGrhl6Hd4jHgxHdfL0tQU6d0EBd%2FjqcolGlc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb1391eb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body.png
104.21.1.164404 Not Found 116 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body.png
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bg-body.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fyf6mX5qapvDnyNL4FLcEGSDTTv6DGlDut9t2QkropTE9GKUukK1nLoIngQBSq6g7kbSD%2BySiOBL%2B39%2FoE2fVF8EBeT1H9Cr%2B4xY7XcebN3Wrm%2FXo8yX%2F0DtJTFbieN2UEdRPhE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb25a430b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.69.239.65101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.69.239.65:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lYZDVuOBGX0ctv/vIMhCHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gbSu1rQcrYOUYfLFHRJlwAz0CSA=
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js
104.21.1.164200 OK 450 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/jquery_002.js
IP 104.21.1.164:0
File type ASCII text, with very long lines (501)
Hash 41a2fdff43ee058af2d4c8c291b2d9d4
f2fdf3165732412088dc899f0f20272f56559044
35716b5a75076c9d0847735a25f06045a2f033646b81de0d901414a8170ab5a5
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/jquery_002.js HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: W/"62e823fa-31c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hd9Id0g%2F8x30nj3e6QmQ4cEnq0cVOlzL8E8yBwiwlgmqvEanPjv4bvASr3EKFRJZtA6DV0%2BVOQqb63szurwl1B5oDQOBkXtPvVSAm09YwM7jRMcaKIAGGmySg3Lf1UDTmw0ckmo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb21a4eb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD
104.21.1.164200 OK 256 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD
IP 104.21.1.164:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 256 kB (256150 bytes)
Hash 04ac8427433d48324755ef21e13ea222
649d0f821b50480745a695a666c69e42a14e9f43
1f8be107f7500a15282933e2f7efe1a7ef998db59f4ce04216429833320a7c9b
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/show.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 256150
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-3e896"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNkd7VicjZx%2F18dLuaIcHATbEsaXBW%2BTdQzYQqUFAx%2BQ9Eu21IXVMe1JBSB%2BOiEO5Y7zZSJou7HehudDVlaAKj68%2FJiTHcFUBm4VFEQOkFKrp6OIsFPTTKgFc%2Fmi4w%2BpkwjKRhc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb0fa43b523-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/marvel-bg.png
104.21.1.164200 OK 41 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/marvel-bg.png
IP 104.21.1.164:0
File type PNG image data, 1920 x 355, 8-bit colormap, non-interlaced\012- data
Hash a2cf30cf9f9c94ca233de42e68686e58
f405fecfc083aaf78abfd66e5ecac05501114617
b8fe22fddc6cc86351d432d6ce92667ddaac8f4ce72156fc4c44e8d98338390c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronxprodiscount_files/marvel-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 40644
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-9ec4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i97K5kzFHzpVCeO52N8BxiLUM67J8bVdhoosuH5M10pNXIffAtqhABbdLlhkKfIR2kU54jIi7gtwq02yQXJFHoSkpFOPjkML3Euiiy9jSUOmCDkZsNSEA7BdA%2Fd1FHwguCTICQQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb2bac00b61-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/images/line.png
104.21.1.164404 Not Found 116 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/images/line.png
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/images/line.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgfdSf8HUjLKh25Vo9PvuKWJnyiZwUJBjQuWAq0Q2Pydzu%2FUJmmek7oxmdCPjDqJ6yaa%2F6yUDlMMOTRmj%2Bb5MNnacCQsSnU0hxuq1nopDJrRJu%2BQxTNs3nd1YN4CYcGAyiO4P5E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb30b82b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-right.png
104.21.1.164200 OK 97 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-right.png
IP 104.21.1.164:0
File type PNG image data, 476 x 812, 8-bit colormap, non-interlaced\012- data
Hash 017ff46ff9a1d8170ee09edaa444b280
e6244df569c2abc083725b869a69fc30e505581f
952916fc6a983c646ae35c1335a92d0226c9c8b72f8e8b59a3c4c6dc37dc590f
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bg-body-right.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 96740
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-179e4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uiWg1rqlDTrhdXRpEId7i3lzlBfW0X45cSos3IXdYnyEKhKRNmwiD7Sje%2B1%2BMDLNyEbWcWcSDfujKMfD1r5LFWX%2FI%2Bd8WU9tPwkGyPS9u7o6YgnHKpQw0r3wZNX4Ypnqv1KsnEY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb28ad5b4ff-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-left.png
104.21.1.164200 OK 128 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/bg-body-left.png
IP 104.21.1.164:0
File type PNG image data, 552 x 812, 8-bit colormap, non-interlaced\012- data
Size 128 kB (128092 bytes)
Hash 4dbc129cc0bbe77f887cf813c4408e9b
fc3f7169f6ccd2b1cadeaf349893225882c11a13
1f044c072e134bdb8815ef45070ce943f01bfd52dd457483552f86d92a77aeaa
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/bg-body-left.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1.css
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 128092
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-1f45c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WEJogaavpBZCFRNQTJ7sPvMQS0qtWxFOF1wy2Xqb6kRxnpAKQsTB6R8oT5pa8UwxGdXlrdUA4kfcRLwGz1z0vRLvFRu7qpA2b4lRXVX%2F9vcpssZ9Gk%2BRv5bcSVi61rQYbvMGWY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb28ec3b4fa-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/features-bg.png
104.21.1.164200 OK 119 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/features-bg.png
IP 104.21.1.164:0
File type PNG image data, 1919 x 822, 8-bit colormap, non-interlaced\012- data
Size 119 kB (118905 bytes)
Hash 3cce5293a4ee949dec8e986cecaedf33
49368789299133426f8967d4e4df94a2456b1232
8889b616bbaca86c12d25f26150562a0354ff36602696231b08551d029d1739e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronxprodiscount_files/features-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 118905
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-1d079"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5%2FgTwkjU%2F09lyu4F2Fd5VoVFXwuG4Ay%2Ba412DxV27uWwC0yS2HiTWTb3YuDiMbHPWR31cmNAbFJpmHMOl723q0LkOHhUMru6NAR6uNMpU7QtBa87e5gb9bUmgGc3vYgbT2isbs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb30d30b523-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/rated-bg.png
104.21.1.164200 OK 33 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronxprodiscount_files/rated-bg.png
IP 104.21.1.164:0
File type PNG image data, 1920 x 309, 8-bit grayscale, non-interlaced\012- data
Hash b50d31f2cc5907f761be48d49b6d1395
2860d207f026ffc5c89d1fbb1861cd80fbf1e983
7f46f96de1079ab0e23b5fe3a550020dfaef35a15667e572036c32e84fda2340
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronxprodiscount_files/rated-bg.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/style1_002.css
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 33360
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:14 GMT
ETag: "62e823ea-8250"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j75FYeH8iRwCixOQlpfws9ogoQHBjrx0nwcxSbR5ok8yh4JEPYPWrCteDbuY7BLrgDJ6cE%2F8qGYFfwmPd%2Bv%2B5jo%2BfLX%2FNVW4nP6JFCiI1g8Dycj%2B4%2Bg4Ch79unKuSZygsabzBL0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb39c6db4ff-OSL
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0.txt
104.21.1.164404 Not Found 122 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0.txt
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/0.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoA9%2BA8h39P2sq3jYGJSrRYyuoLvPCArqgBPCn8fIPkMuugLRZHyQcAF%2FM5jl9FmcfCwYEOmnQq5E8VGoVZISb4gHepm2MQMoBKurz1GMPgQD%2FsoB%2BXuMiTlmX5gjttvAguCRB4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb3d8ddb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0_002.txt
104.21.1.164404 Not Found 122 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/0_002.txt
IP 104.21.1.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ba5146ac943c84a42ae7dd8ec650000d
cd224acead78854add64c91f811c97c4ebe23e46
d4e24dacc040ac19271080523c3e47ea0754bdf3a2697c0e58b4d41949327734
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/0_002.txt HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 404 Not Found
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0pZVZcScX%2B8AhY6DnS4lVIIOw7cfF5DhNIbRrM1sathzxVZzx%2F4FqBoYnH20oez7lslN4nmoCS5VSwIpPIe8UrezfOt6wzdVLAr729YedwqplU3gdKyudUv5wV0th%2F2iDI3yInA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb3dcebb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
amplify.outbrain.com/cp/obtp.js
95.101.174.159200 OK 3.2 kB URL HTTP/1.1 amplify.outbrain.com/cp/obtp.js
IP 95.101.174.159:0
File type ASCII text, with very long lines (8072), with no line terminators
Hash 9b19340ef7db3cbb26aa923adb8dbe6e
082e699bca6e80ca6c72a43f2894f4a32e785e26
c042b8b199b2c08fa66f90753998544860e3f64c3a1f47754a66970b3b8c5b2a
GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "51de2e10510f823326f9b30ea6068a2a:1655820557.452892"
Last-Modified: Tue, 21 Jun 2022 14:06:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Sun, 11 Sep 2022 20:41:51 GMT
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Length: 3249
Connection: keep-alive
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 200 OK
Cache-Control: private,max-age=1800
Content-Length: 11367
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:32:37 GMT
Accept-Ranges: bytes
ETag: "80a8697a8a2d81:0"
Vary: Accept-Encoding
Set-Cookie: MUID=01D2F312DE38671009F9E10EDFCD66AD; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: B62DAE27A020408599C4F483CF2B2C55 Ref B: OSL30EDGE0219 Ref C: 2022-09-11T20:21:51Z
Date: Sun, 11 Sep 2022 20:21:51 GMT
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 11 Sep 2022 18:41:12 GMT
expires: Sun, 11 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 6039
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: bOCLWy75ePs0H/P/56OOg8sVmOpkaBDzgAzcA2zcDkbpq/vx/MSjKDYn46R8mcGR73U+AViC0KxGobe1/UL82Q==
content-length: 26737
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 20:21:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/page-logo.png
104.21.1.164200 OK 591 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/page-logo.png
IP 104.21.1.164:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 591 kB (591177 bytes)
Hash 17afdc9ba149de09554478af843413c5
f0ff59f4fcf2168f9acf436ee4111c76abaf97bf
d8501f90164e095fb2434d9bcaee6c12261a74d3bee87705f7c4703bb4c5ec18
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/page-logo.png HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/png
Content-Length: 591177
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-90549"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flEM88h1GviTscdUZ85rSOjiO0EOnrwFgpYGn7JFNM0x4LMwI0%2FUVxAmEq6xfJ%2BP82JS6rm1CX4pdo49PM4pR%2BqhWnxCgoaL0%2BfoKcnBAkv%2Be9CPXbm2QYfroSoYQK5Ojn5luMc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74931cb39b8e0b61-OSL
alt-svc: h2=":443"; ma=60
amplifypixel.outbrain.com/pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
64.202.112.255200 OK 60 B URL HTTP/1.1 amplifypixel.outbrain.com/pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
IP 64.202.112.255:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb
GET /pixel?mid=003fefef2c09e91029ed7eed52ee57c0fd&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746 HTTP/1.1
Host: amplifypixel.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: 6281984ee790a4a5d272632f7b9e9bb1
content-encoding: gzip
tr.outbrain.com/pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
64.202.112.255200 OK 60 B URL HTTP/1.1 tr.outbrain.com/pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746
IP 64.202.112.255:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb
GET /pixel?marketerId=003fefef2c09e91029ed7eed52ee57c0fd&obApiVersion=1.0.10&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&bust=018642346749782746 HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: f89c0d2deed88e2c1c2caf07438798b3
content-encoding: gzip
bat.bing.com/action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=975098
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=975098
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=20103275&Ver=2&mid=d5b8cca4-fb02-4b86-a834-8f34ad9e7f6a&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=975098 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=292713C60D7C6B8C145A01DA0C896A04; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A4CFB1B89C745B6A816D5A767BBE7DB Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=582324
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=582324
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=20105041&Ver=2&mid=22caf5dc-3272-4ee7-8597-05927cb41b6c&sid=58400500320f11edae1f9dd52b3e13d1&vid=58400630320f11ed98c10d01eb089700&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=DroneX%20Pro&p=http%3A%2F%2Fwww.agefirm.ru.com%2Fclicks%2Fchapter2%2F6242022_dronexpro.php%3Fsid%3D992539%26h%3Dfaie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu%2Ftiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f&r=<=1572&evt=pageLoad&sv=1&rn=582324 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2617A004F66A6D3316B8B218F79F6CD6; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03B5E2BBA3B64257ABFBDECAADE789E3 Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash e62195d82fcca48fae0c2a0ab552b964
c935eff82e51ef59cc54639a538b43ab233ff4f0
47a4bb236d09acf799f1103a47a5d60bbce35600f236bb3d018a795a355b3bae
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 20:21:51 GMT
Server: ECS (dcb/7F18)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YBae1S7P6ZKdBMzULV9HfFQc7L_FMdQvDWK9xePO58M9JQAv_gEXgQ==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd
64.202.112.255200 OK 56 B URL HTTP/1.1 tr.outbrain.com/cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd
IP 64.202.112.255:0
File type ASCII text, with no line terminators
Hash 77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
GET /cachedClickId?marketerId=003fefef2c09e91029ed7eed52ee57c0fd HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: 31619247b6316e754a2d84b8a1bb4fe2
content-encoding: gzip
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071
142.251.1.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071
IP 142.251.1.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=185145842.1662927701&jid=1427667414&gjid=1129190031&_gid=1581510601.1662927701&_u=YEBAAUAAAAAAAC~&z=187646071 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.agefirm.ru.com
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.agefirm.ru.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Sep 2022 20:21:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/20105041.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/20105041.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/20105041.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=1334337D59C8697B0B022161583D6814; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ARR/3.0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7723DCB0B5CC4AEC83A82BBC7F19644F Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 55d14c90ec16748861894ce8f82eafcd
f3ebe8972971c1201c1ec7c533f019f79c36cde5
fa0dc0f0a76f3407dad8dae59a4817ef6b1371fcaa930448373d64720a036698
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45b55c678e2944a30a6d8160bb6e4a94
a1ac0c9681902e7d64e49bd9e146820ce2c60f4f
5a89db56a9b47aa3e426799671db9b25a42d7dd7d6881c66eca7ed37facf6bd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable
157.240.200.14200 OK 67 kB URL HTTP/2 connect.facebook.net/signals/config/371373974792356?v=2.8.37&r=stable
IP 157.240.200.14:0
Hash e77adf7ed51bac2040f0edd3710ae5f0
b304cf3b9fa74d605e9ac147c4ca07e054af65ba
59ccc00a91a44821db65ca1523a037d0a1e577ae8cd7981fc1751356cd2938c4
GET /signals/config/371373974792356?v=2.8.37&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: WIMAb0XmYde/3CJ+Yr4GjZUOhJOEwz28lnTh4jHJuJq4oAvkRWZ2kX1EXRN1nn33DeK+eSFNMNIudF5qlW2KSw==
x-fb-trip-id: 1679558926
date: Sun, 11 Sep 2022 20:21:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
techxsv.com/intl_3/images/products/dronexpro/favicon.png
52.28.217.131404 Not Found 2.4 kB URL HTTP/2 techxsv.com/intl_3/images/products/dronexpro/favicon.png
IP 52.28.217.131:0
Hash 79d43b7eaa356a8f9d1b6f6fb5e18404
b5695e92af090c7b466a456e4f7b4eafae8a324e
018df48a75e0df427bf3a35e5930d86967c718a54308f573c9456835e20e8b49
GET /intl_3/images/products/dronexpro/favicon.png HTTP/1.1
Host: techxsv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Sun, 11 Sep 2022 20:21:51 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.0.13
set-cookie: PAGE_LANG=no; expires=Tue, 11-Oct-2022 20:21:51 GMT; Max-Age=2592000; path=/
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 20:21:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/20103275.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/20103275.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/20103275.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.agefirm.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=3BAE20FE7CAE69D4107E32E27D5B685A; domain=.bing.com; expires=Fri, 06-Oct-2023 20:21:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: ARR/3.0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 199CC67277454A2B83CF1EDCD0F98BE4 Ref B: OSL30EDGE0212 Ref C: 2022-09-11T20:21:51Z
date: Sun, 11 Sep 2022 20:21:51 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6686
Expires: Sun, 11 Sep 2022 22:13:18 GMT
Date: Sun, 11 Sep 2022 20:21:52 GMT
Connection: keep-alive
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/dronexpro.mp4
104.21.1.164206 Partial Content 56 kB URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/dronexpro.mp4
IP 104.21.1.164:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash 22133a24c8c91ab0ed35a0b62d758b66
b1df76e851ecb949c25b432af8f2af855340f216
fff3f34d0b8b60148c50b0ffc0020bdaeee1ffe8ddfb952618d3ea53a7d5c81a
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/dronexpro.mp4 HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 206 Partial Content
Date: Sun, 11 Sep 2022 20:21:51 GMT
Content-Type: video/mp4
Content-Length: 2773316
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-2a5144"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Content-Range: bytes 0-2773315/2773316
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5VQbbEa0Vs6pBhOMrraaeUDkOaPSVCDFQyfIzs5gZOp1tyokTCfA%2FoGQ4i%2B%2Fnz4%2BBWBfX%2FE9F%2BoMtBRPAmWCpXnhwieZi5UN%2B8bRIYyTMx7XtzbJgOtHmxk2ODNyBRCbCWZu%2B8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb32fc4b4fa-OSL
alt-svc: h2=":443"; ma=60
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 81298
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 73263
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 12:19:15 GMT
age: 28957
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 81678
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LsqH-LbjMGWrhYB93Qkvq2qVhqNs-3MWgrrOFzC8qPcY3fF5ujSD_g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:54:44 GMT
age: 80828
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99bd16c51d8e4853d6ee542d2ec9fb22
a9f77626875d68e1aea2516f78d491eba9969e37
b360c3c9fa12dc4f57fdbfc88fe820ecee1c049f2d43f44cd38b740513d8e9f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10298
x-amzn-requestid: f2e2d57b-1f6f-401a-bf0d-ca5c05dd5e59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE-nmHBKIAMFrZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184496-52d1369463143fc94894e347;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:13:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PRnDEhi5jnNROYiVXzfn4b_vf-OHnwO5RD38I1bLV8JEJb2gDYrqvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 81685
etag: "a9f77626875d68e1aea2516f78d491eba9969e37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD
104.21.1.164200 OK 0 B URL HTTP/1.1 www.agefirm.ru.com/clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD
IP 104.21.1.164:0
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/chapter2/dronexpro0109_files/vendor.%25E4%25B8%258B%25E8%25BD%25BD HTTP/1.1
Host: www.agefirm.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.agefirm.ru.com/clicks/chapter2/6242022_dronexpro.php?sid=992539&h=faie9qrewelvoibcjcve1p1nmyyvzuuz9kqfmqlhjuu/tiegos9h3p4uq5q63vkfbuvbk7mesv5mv80xod4ck9-trxjnqaqslnn-ypvfl7p6lky7tevrdivrcadwltgksjsynmd_v4uismvl0fevymqtcs8cjleclunhps4esm4f
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 20:21:50 GMT
Content-Type: application/octet-stream
Content-Length: 273807
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:30 GMT
ETag: "62e823fa-42d8f"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2TqkgUEqAYJeV16QMY2IUOjrZEpl0navrVUqK3ptv5bj41lOFxh8Bm3WMFuYcdNhcAXFY12ramUdZz6BfbTi3FUtF09%2B4jkGwTZnKOUmSDNLUW1fuWyjyt9kupdpH%2BRWN2K1oU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74931cb0ebf8b4fa-OSL
alt-svc: h2=":443"; ma=60