r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10347
Expires: Sun, 04 Sep 2022 20:37:15 GMT
Date: Sun, 04 Sep 2022 17:44:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 04 Sep 2022 17:44:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ii_XTam7Jpebtem99oWvtuetFUg-BJZVhAkmeRLBpGXg_XkA0HeE8g==
Age: 33
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Y5MZV3yYqfN-F82fqh0pNnB_k_71f4lByoNrg7jKAoSI-HbtLw1a1Q==
age: 59371
X-Firefox-Spdy: h2
cravtr.ru/
200 OK 42 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1902), with CRLF, LF line terminators
Hash 9179157771ea21b62a330d60e0f25d7d
445cf2014c04a8df62d75c78b6cfc2e1950764c5
fbaf9c9be35ef272f4e31a5d93a7846ac3874e772e4411938ed7734bb1869f72
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:47 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
X-Powered-By: PHP/7.4.30
Set-Cookie: wordpress_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-content/plugins; HttpOnly
wordpress_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-admin; HttpOnly
wordpress_logged_in_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; HttpOnly
Link: <http://cravtr.ru/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Transfer-Encoding: chunked
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 17:44:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cravtr.ru/wp-includes/css/dist/block-library/style.min.css?ver=5.4.11
200 OK 54 kB URL HTTP/1.1 cravtr.ru/wp-includes/css/dist/block-library/style.min.css?ver=5.4.11
IP
File type ASCII text, with very long lines (28088)
Hash 7d2051e6c59f3598b17877bf41637ec4
e3fbc1265f4cd1eacf83c045e4f21d5f9b92bf8d
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:11 GMT
ETag: "d159-5e052ab706575"
Accept-Ranges: bytes
Content-Length: 53593
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/plugins/featured-post-with-thumbnail/featured-post.css?ver=5.4.11
200 OK 990 B URL HTTP/1.1 cravtr.ru/wp-content/plugins/featured-post-with-thumbnail/featured-post.css?ver=5.4.11
IP
File type ASCII text, with CRLF line terminators
Hash 801e79f5e527f86d76c25da10f4e20b1
3d4fe9e47155c8883b397c0d876cd7a33d777de7
7cbe2994d0c75db802a421d3ea59e6e36076c13f6a9525b65f27d768938d93ea
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/featured-post-with-thumbnail/featured-post.css?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "3de-5e052ab5d2b99"
Accept-Ranges: bytes
Content-Length: 990
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/css/bootstrap-custom.css?ver=5.4.11
200 OK 34 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/css/bootstrap-custom.css?ver=5.4.11
IP
File type ASCII text, with CRLF line terminators
Hash e345b267f9926f3a0aa36b0e11577e03
9bf252b511b368c153cb1d41b826b86fc0fef7af
1ea5af397f53fe349176aa98244fd5987b3fa1e1282c65d329e85c2dfb53b6b8
GET /wp-content/themes/allium/css/bootstrap-custom.css?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "83c5-5e0632a0ba273"
Accept-Ranges: bytes
Content-Length: 33733
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
200 OK 10 kB URL HTTP/1.1 cravtr.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
File type ASCII text, with very long lines (9959)
Hash 7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:13 GMT
ETag: "2748-5e052ab890a07"
Accept-Ranges: bytes
Content-Length: 10056
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cravtr.ru/wp-content/plugins/auto-highslide/highslide/highslide.css
200 OK 3.8 kB URL HTTP/1.1 cravtr.ru/wp-content/plugins/auto-highslide/highslide/highslide.css
IP
File type ASCII text, with CRLF line terminators
Hash 7a89390eb5d276b2ff09e643c008b4a8
76a2e75bd25357a5f7bb5dc9a0c2e50868b26915
a58413b52ab3b84178b00f5d56effeb9ffb126938971ca6d681ed65d41767970
GET /wp-content/plugins/auto-highslide/highslide/highslide.css HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "ee6-5e052ab5ce549"
Accept-Ranges: bytes
Content-Length: 3814
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-includes/js/wp-emoji-release.min.js?ver=5.4.11
200 OK 14 kB URL HTTP/1.1 cravtr.ru/wp-includes/js/wp-emoji-release.min.js?ver=5.4.11
IP
File type ASCII text, with very long lines (10927)
Hash c8d5a4cd14632bc2bdf15b5e45ca9d4d
cdf210b710c2792eda450a1a11e5dc1f8dae8594
956fa56f513e1a8025bc85f9314a1747eb061d434403393591145e4ae898c694
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:33:06 GMT
ETag: "363c-5e05300f0bd34"
Accept-Ranges: bytes
Content-Length: 13884
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/js/enquire.js?ver=2.1.6
200 OK 10 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/js/enquire.js?ver=2.1.6
IP
File type ASCII text, with very long lines (847), with CRLF line terminators
Hash fcf572110474f4d05d2a093287a08a14
8dae31cef733250aaaa6e012293cf5439891d00e
b5d83de19ecb082b54d02a0e893231f5c7f330126b1d4d9ea2884d1b7648ea9f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/allium/js/enquire.js?ver=2.1.6 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "27c2-5e0632a0c717b"
Accept-Ranges: bytes
Content-Length: 10178
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/plugins/auto-highslide/highslide/highslide-with-html.packed.js
200 OK 32 kB URL HTTP/1.1 cravtr.ru/wp-content/plugins/auto-highslide/highslide/highslide-with-html.packed.js
IP
File type ISO-8859 text, with very long lines (31128), with CRLF line terminators
Hash d20fbc385b18eeedfaa30c454a67b528
e4b3bacc38efe68b89df8d805852c7c4cc1b5ac4
a4da12edfc47a4cf6af3deabdae177c6713205198c642c0ca29ccad745c04084
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/auto-highslide/highslide/highslide-with-html.packed.js HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "7dcf-5e052ab5cd991"
Accept-Ranges: bytes
Content-Length: 32207
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/js/fitvids.js?ver=1.1
200 OK 3.4 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/js/fitvids.js?ver=1.1
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash c1b7fbe6b1a3b777fddfe187094deb97
498d2b1a5cfd53ce9b320c9ccd7d53ea7b04ffb7
64e9efa2008c5bd0973816eee4eaaf03a2b02f7a1b2f4317318f8711676fa01f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/allium/js/fitvids.js?ver=1.1 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "d6d-5e0632a0c794b"
Accept-Ranges: bytes
Content-Length: 3437
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/style.css?ver=5.4.11
200 OK 84 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/style.css?ver=5.4.11
IP
File type ASCII text, with very long lines (354), with CRLF line terminators
Hash 0fef05c8dba9dea226678dd8f6c9e427
f296ef7126c867a7da117652e0b8efe9d8bde64c
232fc5975d383cd4004706e4f09f9039bf7e2c479e1a389977b3382a7efc503e
GET /wp-content/themes/allium/style.css?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "14876-5e0632a0d2cfb"
Accept-Ranges: bytes
Content-Length: 84086
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/js/hover-intent.js?ver=r7
200 OK 5.1 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/js/hover-intent.js?ver=r7
IP
File type ASCII text, with CRLF line terminators
Hash cf1a4e6e02fb9bdc003793a5d36d7ff0
7dbf8060863555050922f111851ea028d284c97d
a7a796de5386c4134aeaf3d7f3acabe23714c75badac21922ec14957d4d239f7
GET /wp-content/themes/allium/js/hover-intent.js?ver=r7 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "13bd-5e0632a0c8503"
Accept-Ranges: bytes
Content-Length: 5053
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/js/superfish.js?ver=1.7.10
200 OK 7.9 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/js/superfish.js?ver=1.7.10
IP
File type ASCII text, with CRLF line terminators
Hash 1343a5d5498f0b5c36613a13c785e0c9
7a9e5d870dddce40f39815ac6b41a3cab4157c32
bebf8e167e6c10f51857e0e35b89f0b6300e495feccfe08f7d4bf4a0b87b4506
GET /wp-content/themes/allium/js/superfish.js?ver=1.7.10 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "1ed0-5e0632a0c94a3"
Accept-Ranges: bytes
Content-Length: 7888
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/themes/allium/js/custom.js?ver=1.0
200 OK 5.1 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/js/custom.js?ver=1.0
IP
File type ASCII text, with CRLF line terminators
Hash 2451ca54a064904e91e370baf2a612d4
30d872c9c7f652df6d48a56772cc534d794e209a
9fb45290466159e956cb3e618539728367e1d7d7e1b86929b59a4dcdb27b8826
GET /wp-content/themes/allium/js/custom.js?ver=1.0 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "13da-5e0632a0c5df3"
Accept-Ranges: bytes
Content-Length: 5082
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-includes/js/wp-embed.min.js?ver=5.4.11
200 OK 1.4 kB URL HTTP/1.1 cravtr.ru/wp-includes/js/wp-embed.min.js?ver=5.4.11
IP
File type ASCII text, with very long lines (1391)
Hash 905225d5711b559d3092387d5ffbedbd
6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-embed.min.js?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:33:06 GMT
ETag: "592-5e05300eff215"
Accept-Ranges: bytes
Content-Length: 1426
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cravtr.ru/wp-content/uploads/2022/06/ferrari-ne-pozvolit-budushhim-elektromobilyam-i-vnedorozhnikam-purosangue-pomeshat-xorosho-provesti-vremya.jpg
200 OK 16 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/ferrari-ne-pozvolit-budushhim-elektromobilyam-i-vnedorozhnikam-purosangue-pomeshat-xorosho-provesti-vremya.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 572x314, components 3\012- data
Hash 21661e00f67b094cdc43e5d52b1b5b05
ab6c8a964876bb9e5e795203552f7704b6fad6cf
dffd3b152de0cabec0a674adbcd077323264e3e120d3e6127eccd2c82f404947
GET /wp-content/uploads/2022/06/ferrari-ne-pozvolit-budushhim-elektromobilyam-i-vnedorozhnikam-purosangue-pomeshat-xorosho-provesti-vremya.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 14:56:36 GMT
ETag: "3d3e-5e1ce31b22607"
Accept-Ranges: bytes
Content-Length: 15678
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/novye-podrobnosti-o-bezumnoj-sborke-xunigana-subaru-wagon-vosmidesyatyx-s-862-l-s.jpg
200 OK 48 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/novye-podrobnosti-o-bezumnoj-sborke-xunigana-subaru-wagon-vosmidesyatyx-s-862-l-s.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 576x316, components 3\012- data
Hash 41796105e150220dd12b4794218680b1
8359f178def55e53fcce728ceee810825eeeb395
a22e210018f766e76889f7df62e968d0fbedb00aad06f86588c3f9742b030e97
GET /wp-content/uploads/2022/06/novye-podrobnosti-o-bezumnoj-sborke-xunigana-subaru-wagon-vosmidesyatyx-s-862-l-s.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 11:02:17 GMT
ETag: "bac4-5e1caebb1c9a3"
Accept-Ranges: bytes
Content-Length: 47812
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/vozhdenie-elektricheskogo-ford-bronco-ot-zero-labs.jpg
200 OK 48 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/vozhdenie-elektricheskogo-ford-bronco-ot-zero-labs.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 576x325, components 3\012- data
Hash a4a4ac36dd74eb52664627123ad9e618
4451e1878259a8b4c66ad5f64a5a47c164b8ff80
2801acdf10b67300a1e3b6535ebfa5e5c054d63b1850961de014240a54202004
GET /wp-content/uploads/2022/06/vozhdenie-elektricheskogo-ford-bronco-ot-zero-labs.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 15:19:09 GMT
ETag: "bb6a-5e1ce8254f47d"
Accept-Ranges: bytes
Content-Length: 47978
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/novyj-hyundai-palisade-xrt-2023-goda-kontroliruet-bolshuyu-chast-vashix.jpg
200 OK 49 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/novyj-hyundai-palisade-xrt-2023-goda-kontroliruet-bolshuyu-chast-vashix.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 545x300, components 3\012- data
Hash a5dceec668beac185e856341ac47219e
76d2a68a54785715f588712c609413b4deb25e33
c604970a3e57cdfd29b88fa0a4163efdce2d5540b3909deb2fdafdcbaa625153
GET /wp-content/uploads/2022/06/novyj-hyundai-palisade-xrt-2023-goda-kontroliruet-bolshuyu-chast-vashix.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 15:06:40 GMT
ETag: "bf5c-5e1ce55b3c9a6"
Accept-Ranges: bytes
Content-Length: 48988
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/teper-poslednij-xoroshij-vzglyad-na-prototip-honda-civic-type-r-2023-goda-pered-ego-debyutom.jpg
200 OK 43 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/teper-poslednij-xoroshij-vzglyad-na-prototip-honda-civic-type-r-2023-goda-pered-ego-debyutom.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 577x322, components 3\012- data
Hash a9b5acf57136069be4cb131896ee0666
8151ea31a4bf5d6b9bf2b182494d5c5b6a025deb
4b373b4a72aa0dc360f715e78a099fa3c52229ba6576b5b831785535728a8aac
GET /wp-content/uploads/2022/06/teper-poslednij-xoroshij-vzglyad-na-prototip-honda-civic-type-r-2023-goda-pered-ego-debyutom.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 14:43:58 GMT
ETag: "a973-5e1ce047a54e4"
Accept-Ranges: bytes
Content-Length: 43379
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/nebolshoe-povyshenie-cen-na-kia-seltos-2023-goda-luchshe-chem-bolshoe.jpg
200 OK 48 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/nebolshoe-povyshenie-cen-na-kia-seltos-2023-goda-luchshe-chem-bolshoe.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 571x318, components 3\012- data
Hash a54c65dbb24256af620eed05e6868666
7342551682d459c13726a118eb3a4d7f0227a5cd
07d47452cf2ba91947491180ee6074b158b1e16fba1edcb2c143f666ed134c49
GET /wp-content/uploads/2022/06/nebolshoe-povyshenie-cen-na-kia-seltos-2023-goda-luchshe-chem-bolshoe.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 15:12:17 GMT
ETag: "bb2e-5e1ce69c82b22"
Accept-Ranges: bytes
Content-Length: 47918
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/eto-elektromobil-nissan-leaf-sleduyushhego-pokoleniya.jpg
200 OK 22 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/eto-elektromobil-nissan-leaf-sleduyushhego-pokoleniya.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 563x340, components 3\012- data
Hash c9c7a98af6c4c9158e04df3613691cf9
56db153894329d64a54f36b5d70216fa79ebf1bb
cc521e357e973f72b51d7c57224d2f79e5c8cd5af75280f6c03b2dd5f4578650
GET /wp-content/uploads/2022/06/eto-elektromobil-nissan-leaf-sleduyushhego-pokoleniya.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 14:02:28 GMT
ETag: "57b9-5e1cd70108452"
Accept-Ranges: bytes
Content-Length: 22457
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/novejshee-ispytanie-dlya-modifikatora-avtomobilya-veteran-jdm-kostyanoj-pervoproxodec-80-x.jpg
200 OK 46 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/novejshee-ispytanie-dlya-modifikatora-avtomobilya-veteran-jdm-kostyanoj-pervoproxodec-80-x.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 561x313, components 3\012- data
Hash 599a84726a9b03966c1ccca95d14742d
bce46c3522c5b364d59f624097108fc8b6d641cb
7d7c402de8ff4a8e129c010b12b696bc1a569935cf1956fbba4cc794c20c457d
GET /wp-content/uploads/2022/06/novejshee-ispytanie-dlya-modifikatora-avtomobilya-veteran-jdm-kostyanoj-pervoproxodec-80-x.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 13:35:38 GMT
ETag: "b2cf-5e1cd10240271"
Accept-Ranges: bytes
Content-Length: 45775
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/kia-carnival-2023-goda-povyshaet-stoimost-vxodnyx-biletov.jpg
200 OK 45 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/kia-carnival-2023-goda-povyshaet-stoimost-vxodnyx-biletov.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 570x315, components 3\012- data
Hash e5a5062199a140a1d5c15988a2719a73
5e58191c69b4bc3a21d379b7886de731092cfa8e
e7d1640023f921adb299096b50517bf6208e9100283f76b274cab17b1e3fd5bb
GET /wp-content/uploads/2022/06/kia-carnival-2023-goda-povyshaet-stoimost-vxodnyx-biletov.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 12:47:56 GMT
ETag: "b0f7-5e1cc6584be38"
Accept-Ranges: bytes
Content-Length: 45303
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/uploads/2022/06/my-slomali-podvesku-na-nashem-mercedes-benz-gle450-kotoryj-prozhil-celyj-god-i-on-nam-vse-eshhe-nravitsya.jpg
200 OK 47 kB URL HTTP/1.1 cravtr.ru/wp-content/uploads/2022/06/my-slomali-podvesku-na-nashem-mercedes-benz-gle450-kotoryj-prozhil-celyj-god-i-on-nam-vse-eshhe-nravitsya.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 557x308, components 3\012- data
Hash adde19fedd5f0bf9de045091c71965e2
b52c59a50b2df003f510afae9a20e5c08047c6c9
344c4e1c56ac89b55d06566d7dd4489a8356560aa2e5b039226e3f45db34cef9
GET /wp-content/uploads/2022/06/my-slomali-podvesku-na-nashem-mercedes-benz-gle450-kotoryj-prozhil-celyj-god-i-on-nam-vse-eshhe-nravitsya.jpg HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Sun, 19 Jun 2022 12:31:36 GMT
ETag: "b7d0-5e1cc2b214367"
Accept-Ranges: bytes
Content-Length: 47056
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cravtr.ru/wp-content/themes/allium/webfonts/fa-solid-900.woff2
200 OK 79 kB URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/webfonts/fa-solid-900.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Hash 5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/allium/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cravtr.ru/wp-content/themes/allium/css/fontawesome-all.css?ver=5.4.11
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "134fc-5e0632a0fd0c2"
Accept-Ranges: bytes
Content-Length: 79100
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
200 OK 9.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 9644, version 1.0\012- data
Hash 6f112ec2b932ee12379442c42853244e
b2e73c8c70d6261e1d187f41693c43ac4fe0809d
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cravtr.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:41 GMT
expires: Thu, 31 Aug 2023 19:34:41 GMT
cache-control: public, max-age=31536000
age: 339007
last-modified: Wed, 11 May 2022 19:24:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cravtr.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 339040
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
200 OK 9.6 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 9628, version 1.0\012- data
Hash d9ac47c7e500fb7083b8d595eaf6fe12
112a2fc5f4ff9b85ee3a706fa9b8c47f79b05933
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cravtr.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9628
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 06:19:49 GMT
expires: Fri, 01 Sep 2023 06:19:49 GMT
cache-control: public, max-age=31536000
age: 300299
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cravtr.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 339040
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3f5b4e778429d4ba70b497cc9fbb1127
db17f774a14f160caa77eb0222152767a364bba7
64da763bf84ec2d6284a112f50392f15a8b11122f3875317c52bd6c5e8e8d894
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3f5b4e778429d4ba70b497cc9fbb1127
db17f774a14f160caa77eb0222152767a364bba7
64da763bf84ec2d6284a112f50392f15a8b11122f3875317c52bd6c5e8e8d894
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
counter.yadro.ru/hit?t16.1;r;s1280*1024*24;uhttp%3A//cravtr.ru/;h%u0410%u0432%u0442%u043E%u043C%u0438%u0440%20-;0.4993959046986597
200 OK 218 B URL HTTP/1.1 counter.yadro.ru/hit?t16.1;r;s1280*1024*24;uhttp%3A//cravtr.ru/;h%u0410%u0432%u0442%u043E%u043C%u0438%u0440%20-;0.4993959046986597
IP
ASN #39134 United Network LLC
File type GIF image data, version 89a, 88 x 31\012- data
Hash 4cacc76a08e7c26e914e532fd5a6d96a
c5704cbb055777cd787af17a523bba0e28da3b4b
088fe7b8ca06eb9ad80e7ac1caf488869c84b2066377475a3993c9ffd0e1a9bd
GET /hit?t16.1;r;s1280*1024*24;uhttp%3A//cravtr.ru/;h%u0410%u0432%u0442%u043E%u043C%u0438%u0440%20-;0.4993959046986597 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 04 Sep 2022 17:44:48 GMT
Content-Type: image/gif
Content-Length: 218
Connection: keep-alive
Expires: Fri, 03 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 04 Sep 2022 17:38:16 GMT
Expires: Sun, 04 Sep 2022 18:06:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KwL77AChFkgNI6tHDEQ_yXBWoNO6aYGYMlymVLhJpik3KvUPbyVjwA==
Age: 392
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0919555699512279
200 OK 57 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0919555699512279
IP
File type ASCII text, with very long lines (2897)
Hash 7e01680cdedc0a3ac015c6d3f01a0b1f
fe851c9839f097007a957517a7f39b8fd2af45d3
a9dafb3d077fefab1876a7c8b7beb26171e0b8dca323f38ee5f5b114e32548bb
GET /pagead/js/adsbygoogle.js?client=ca-pub-0919555699512279 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cravtr.ru
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Sun, 04 Sep 2022 17:44:48 GMT
expires: Sun, 04 Sep 2022 17:44:48 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8961645852174935578
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 57340
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3f5b4e778429d4ba70b497cc9fbb1127
db17f774a14f160caa77eb0222152767a364bba7
64da763bf84ec2d6284a112f50392f15a8b11122f3875317c52bd6c5e8e8d894
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cravtr.ru/favicon.ico
302 Moved Temporarily 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
X-Powered-By: PHP/7.4.30
Set-Cookie: wordpress_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-content/plugins; HttpOnly
wordpress_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-admin; HttpOnly
wordpress_logged_in_01c4960d334a652c59ba7203acf4e896=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; HttpOnly
Link: <http://cravtr.ru/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Location: http://cravtr.ru/wp-includes/images/w-logo-blue-white-bg.png
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Transfer-Encoding: chunked
Connection: keep-alive
googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 09a8bd805dba1307ae0bd76a0c9ca73d
bdc16e7610abae944da47ff3a0e5fea818241fb0
e3978f36e9c5f0b909ed64015db629e2c64b46e75d165c6d1d146fcb792cdbde
GET /pagead/html/r20220831/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4412
x-xss-protection: 0
date: Sat, 03 Sep 2022 23:39:48 GMT
expires: Sat, 17 Sep 2022 23:39:48 GMT
cache-control: public, max-age=1209600
age: 65100
etag: 8616628553774171045
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cravtr.ru/wp-includes/images/w-logo-blue-white-bg.png
200 OK 4.1 kB URL HTTP/1.1 cravtr.ru/wp-includes/images/w-logo-blue-white-bg.png
IP
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cravtr.ru/
Connection: keep-alive
HTTP/1.1 200 OK
Last-Modified: Tue, 31 May 2022 18:09:12 GMT
Accept-Ranges: bytes
Content-Length: 4119
Content-Type: image/png
Date: Fri, 02 Sep 2022 10:18:40 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
ETag: "1017-5e052ab7d0bba"
Age: 199568
Warning: 113 t0.hoster.ru (cluster_balancer) This cache hit is still fresh and more than 1 day old
X-Cache: HIT from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:48 GMT
Last-Modified: Sun, 04 Sep 2022 16:07:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cebfe28b301ffe9583a29d4e2e787a07
c312300cb020f4f61edaf4b51394aa889bc815e8
faf415663681aab7051de03f75a3163352ff9cffa4f72e38f56d4e0eb337af4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=cravtr.ru
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=cravtr.ru
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cravtr.ru HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Sep 2022 17:44:49 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=cravtr.ru
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=cravtr.ru
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cravtr.ru HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Sep 2022 17:44:49 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ad56516f7302ec579a2ac494f84eeec2
8eb6930176531f5783ad1211ea528df143368403
e047155909ff78f0ba75cd9ed4ad78a060b33a05610f66f388e7291aecd32d4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash eebb383a38a8f985b59a62820595689b
4d7bbcdeaa48e211743257c973ae2559b404d561
c8cf6bfc6865d4b25e7ef0df77478f47c4043b639aed462a2c6a0ba5439c3522
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=cravtr.ru&callback=_gfp_s_&client=ca-pub-0919555699512279
200 OK 198 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=cravtr.ru&callback=_gfp_s_&client=ca-pub-0919555699512279
IP
File type ASCII text, with no line terminators
Hash f35f3e7cfe5eb62e388d32b5dddd0044
269c01d7a72bca799d48e5691b13802468abc525
a591b6635ae41b385dcdfcfce6f409d06857b062abf17778c34452ebc73afb3e
GET /gampad/cookie.js?domain=cravtr.ru&callback=_gfp_s_&client=ca-pub-0919555699512279 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Sep 2022 17:44:49 GMT
server: cafe
cache-control: private
content-length: 198
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 420a6ffc72857f7132a9065de7c844a9
dee617384561d0790b72f096336b73ade7950579
c98bdc53f1f22291c4b954e9bd5f6432cfe3d5b24e3680b4ada3fc3a696e79d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ad56516f7302ec579a2ac494f84eeec2
8eb6930176531f5783ad1211ea528df143368403
e047155909ff78f0ba75cd9ed4ad78a060b33a05610f66f388e7291aecd32d4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u+xTBXX5BxVi6qbTnyYu9A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ji69feHPYNMMacJQAfZXMU4fX5w=
cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/outlines/rounded-white.png
200 OK 2.0 kB URL HTTP/1.1 cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/outlines/rounded-white.png
IP
File type PNG image data, 40 x 3000, 8-bit gray+alpha, non-interlaced\012- data
Hash 172cd05ac027f6a6c46553231506b3f8
9c05946fb3260c173964ace7e55e0c0f2169eef1
dd973ffb47385f17ebb5bb6ba99cf16b968e151f0004b565f8386ae7ce1753bb
GET /wp-content/plugins/auto-highslide/highslide/graphics/outlines/rounded-white.png HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
Cookie: __gads=ID=2a0ad7ccbdf8a06b-2217b24913ce0039:T=1662313489:RT=1662313489:S=ALNI_Ma6GxW20i9IeNEEVr0ZvdOawADBJQ
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:49 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "7dc-5e052ab5cb669"
Accept-Ranges: bytes
Content-Length: 2012
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/zoomout.cur
200 OK 326 B URL HTTP/1.1 cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/zoomout.cur
IP
File type MS Windows cursor resource - 1 icon, 32x32, 2 colors, hotspot @7x7\012- data
Hash e5f236bf2b60f8c8fc1867d70636a046
2d1695a011edd32a1abc5329dcf4b8ee196d5e7f
110a21ee3616bfa86b492bb237eeb946ee4a643d7bb77a7fd2b131311f5ccf72
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/auto-highslide/highslide/graphics/zoomout.cur HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
Cookie: __gads=ID=2a0ad7ccbdf8a06b-2217b24913ce0039:T=1662313489:RT=1662313489:S=ALNI_Ma6GxW20i9IeNEEVr0ZvdOawADBJQ
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:49 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "146-5e052ab5ccdd9"
Accept-Ranges: bytes
Content-Length: 326
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/loader.white.gif
200 OK 673 B URL HTTP/1.1 cravtr.ru/wp-content/plugins/auto-highslide/highslide/graphics/loader.white.gif
IP
File type GIF image data, version 89a, 16 x 16\012- data
Hash 2a6692973429d7a74513bfa8bcb5be20
f2af060f1cadbc9065c8c465c648dc01be67cc12
1eb9e7880f723999a4ed63eece6a6e4d4976833d3c16dc18b4ace3971728ab0d
GET /wp-content/plugins/auto-highslide/highslide/graphics/loader.white.gif HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/wp-content/plugins/auto-highslide/highslide/highslide.css
Cookie: __gads=ID=2a0ad7ccbdf8a06b-2217b24913ce0039:T=1662313489:RT=1662313489:S=ALNI_Ma6GxW20i9IeNEEVr0ZvdOawADBJQ
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:49 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:10 GMT
ETag: "2a1-5e052ab5c7401"
Accept-Ranges: bytes
Content-Length: 673
Content-Type: image/gif
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220831&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220831&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14610), with no line terminators
Hash f8f776be4fd080c7740cc2e2fdd256df
01e6f7596c8fb30ff83abd643f9fcc58d130e3e2
1dc970bd0108a22f134cf3659accd2f9abfbeaf5b53eb6aa8fd96fac685a6c41
GET /getconfig/sodar?sv=200&tid=gda&tv=r20220831&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cravtr.ru
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 04 Sep 2022 17:44:49 GMT
server: cafe
cache-control: private
content-length: 11094
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash d0c82085afdf53f712652617c1be32ac
0184ccc1d23a94045fc8bcdbf572e7d090f0543f
2d6a8327b4ba8efe508328df521b832a863ce68155b2c0c295793c9f9be3082c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 04 Sep 2022 17:44:49 GMT
expires: Sun, 04 Sep 2022 17:44:49 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 07:47:45 GMT
expires: Fri, 01 Sep 2023 07:47:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 295024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
200 OK 16 kB URL HTTP/2 pagead2.googlesyndication.com/bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js
IP
File type ASCII text, with very long lines (35884)
Hash ab3d3966d2f6ee6fe1ac79fa8e036c0a
415ceaaff99e9d4385afda3963542cbdb75844b2
becbb2cacc4e3edf3d88d13bb050f57776bf6b8426bf118525fdbb2b755d3946
GET /bg/dMUMwKlHRkKFxm324gu_shN2JBGfr2rZRInLP1vMiqM.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 15929
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 19:48:01 GMT
expires: Wed, 30 Aug 2023 19:48:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
content-type: text/javascript
age: 424608
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1278db78948279716d72ac203ad8fb0d
1746b9863b781ed9a0c26a126b9b80d36c903974
8d9e31a35490bc2ebef4c4c2152c89b62491c0cdfc31ec0594bc21fd2e9f43f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 17:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
200 OK 511 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 5da84ec1ae1fa28edb4755b850faa916
be3db913d4ac260fe71a5bc1c8630363d8b31663
211b92cfeafb1b4012724b007c3251da4571e337098688bd6b0318dceed146c6
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 04 Sep 2022 17:44:49 GMT
date: Sun, 04 Sep 2022 17:44:49 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-eexIndladsUqwyy3qJ07vQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220831&jk=4047938674253562&rc=
204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220831&jk=4047938674253562&rc=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20220831&jk=4047938674253562&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 04 Sep 2022 17:44:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220831&jk=4047938674253562&bg=!kZKlktbNAAZTikH4c4o7ACkAdvg8Wv4N-fbuHuejHQ2bh951nqkxIpZBjLv1X1expNbLdqtukD0flAIAAACbUgAAAAJoAQeZAoI_YHMFHJmN4CNhHRKiM1iIUnWRB5FsuZd0EKrz8MKC6Y7v93R-Pt5p5bU0gip9BCi3KWxvTcYhYsOAWWQPnRND9UerqvJjFhh-84PvZnL_1PbHT0vlquGtM_WpUMv0M-T7bO5apfUbRlYnuNcEn9ivVeUV40Q9cyZ-FvvtE_3CClOduK9XDcf26Fd1blSa_vhbR4Eu1Ym7sX9ExEyFKVCBFtPuo5j8LsDs02DJr4SwCP-7PyXPcWPvdOoW_etLkseqclLtJgpReVzo-mSg4ImD1JP-Q7PyT5xfWKo0BBEw6hZzSRsWYygYDyQehDh-CcbBbiiMma2nRmxZNC3EhOwE5d0dw46-3wVpq7b7bKtnrshERQNXdij21uqXzOzrUZmKlGhtRsmqfFxBCNXem56p8-OoI7Bzahn8_SKRyNjmenUQZmqr3ZxY4TvEs_UAN15XR0_75_SbTsvMMHmE8XNjl3fXu7aQQnmR1qyu0SSFoyXRi_nPKd2k6lR7xx4VMwmbBrPyI9nYgB8jaBt_5s_pNWJUerUxPmlG9Nl2vEJK0w6VI-_Rggtk5N85mBYV7DhpBn6jW00r_xU56XPK3OIO4OJP7NFCJha4V9vZcaQjoCgckb2o1GVdR4FhS3jlAuAMjjuoZeJTfujPQ8qs3QIxKGwG4wajz6bH0xniODpOYHoYfn9Xg7dS1AZDaivBPLl9KGQHHyCZk-bzT8ops5OpTI23PALt7V9x4wt-3RRtnbYrgc6nMgc3Zn5ew53Av0C08COfdcNKJNWvmkZYEFmzw2c4MneFvmu-MF3EeFi3ccMXfsR_4jIgU4V4469N5kRYxCC9jusLBvPRm7O8j2-UEoc
204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220831&jk=4047938674253562&bg=!kZKlktbNAAZTikH4c4o7ACkAdvg8Wv4N-fbuHuejHQ2bh951nqkxIpZBjLv1X1expNbLdqtukD0flAIAAACbUgAAAAJoAQeZAoI_YHMFHJmN4CNhHRKiM1iIUnWRB5FsuZd0EKrz8MKC6Y7v93R-Pt5p5bU0gip9BCi3KWxvTcYhYsOAWWQPnRND9UerqvJjFhh-84PvZnL_1PbHT0vlquGtM_WpUMv0M-T7bO5apfUbRlYnuNcEn9ivVeUV40Q9cyZ-FvvtE_3CClOduK9XDcf26Fd1blSa_vhbR4Eu1Ym7sX9ExEyFKVCBFtPuo5j8LsDs02DJr4SwCP-7PyXPcWPvdOoW_etLkseqclLtJgpReVzo-mSg4ImD1JP-Q7PyT5xfWKo0BBEw6hZzSRsWYygYDyQehDh-CcbBbiiMma2nRmxZNC3EhOwE5d0dw46-3wVpq7b7bKtnrshERQNXdij21uqXzOzrUZmKlGhtRsmqfFxBCNXem56p8-OoI7Bzahn8_SKRyNjmenUQZmqr3ZxY4TvEs_UAN15XR0_75_SbTsvMMHmE8XNjl3fXu7aQQnmR1qyu0SSFoyXRi_nPKd2k6lR7xx4VMwmbBrPyI9nYgB8jaBt_5s_pNWJUerUxPmlG9Nl2vEJK0w6VI-_Rggtk5N85mBYV7DhpBn6jW00r_xU56XPK3OIO4OJP7NFCJha4V9vZcaQjoCgckb2o1GVdR4FhS3jlAuAMjjuoZeJTfujPQ8qs3QIxKGwG4wajz6bH0xniODpOYHoYfn9Xg7dS1AZDaivBPLl9KGQHHyCZk-bzT8ops5OpTI23PALt7V9x4wt-3RRtnbYrgc6nMgc3Zn5ew53Av0C08COfdcNKJNWvmkZYEFmzw2c4MneFvmu-MF3EeFi3ccMXfsR_4jIgU4V4469N5kRYxCC9jusLBvPRm7O8j2-UEoc
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220831&jk=4047938674253562&bg=!kZKlktbNAAZTikH4c4o7ACkAdvg8Wv4N-fbuHuejHQ2bh951nqkxIpZBjLv1X1expNbLdqtukD0flAIAAACbUgAAAAJoAQeZAoI_YHMFHJmN4CNhHRKiM1iIUnWRB5FsuZd0EKrz8MKC6Y7v93R-Pt5p5bU0gip9BCi3KWxvTcYhYsOAWWQPnRND9UerqvJjFhh-84PvZnL_1PbHT0vlquGtM_WpUMv0M-T7bO5apfUbRlYnuNcEn9ivVeUV40Q9cyZ-FvvtE_3CClOduK9XDcf26Fd1blSa_vhbR4Eu1Ym7sX9ExEyFKVCBFtPuo5j8LsDs02DJr4SwCP-7PyXPcWPvdOoW_etLkseqclLtJgpReVzo-mSg4ImD1JP-Q7PyT5xfWKo0BBEw6hZzSRsWYygYDyQehDh-CcbBbiiMma2nRmxZNC3EhOwE5d0dw46-3wVpq7b7bKtnrshERQNXdij21uqXzOzrUZmKlGhtRsmqfFxBCNXem56p8-OoI7Bzahn8_SKRyNjmenUQZmqr3ZxY4TvEs_UAN15XR0_75_SbTsvMMHmE8XNjl3fXu7aQQnmR1qyu0SSFoyXRi_nPKd2k6lR7xx4VMwmbBrPyI9nYgB8jaBt_5s_pNWJUerUxPmlG9Nl2vEJK0w6VI-_Rggtk5N85mBYV7DhpBn6jW00r_xU56XPK3OIO4OJP7NFCJha4V9vZcaQjoCgckb2o1GVdR4FhS3jlAuAMjjuoZeJTfujPQ8qs3QIxKGwG4wajz6bH0xniODpOYHoYfn9Xg7dS1AZDaivBPLl9KGQHHyCZk-bzT8ops5OpTI23PALt7V9x4wt-3RRtnbYrgc6nMgc3Zn5ew53Av0C08COfdcNKJNWvmkZYEFmzw2c4MneFvmu-MF3EeFi3ccMXfsR_4jIgU4V4469N5kRYxCC9jusLBvPRm7O8j2-UEoc HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 04 Sep 2022 17:44:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6884
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 17:44:50 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6884
Expires: Sun, 04 Sep 2022 19:39:34 GMT
Date: Sun, 04 Sep 2022 17:44:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc4ceb10dd9fcaab21ae58dcf10c401f
6ce530af682094dc5413db9de02565691fab4da7
84ad58e126cce2ab6b1568ffe89a116bc1de0310bb72d4530eead2fb8191572c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11380
x-amzn-requestid: 61f37e21-33a8-49e6-b384-4ca1fcfbffa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8TLFA3oAMFQjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117414-42de5c4128eb9e011d848356;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sywGj-wLtW091vZYhx1AbRAgljYQWe6LuffDjwTDhEebqVzxpQuzEQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 03:48:58 GMT
age: 50152
etag: "6ce530af682094dc5413db9de02565691fab4da7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a800f15-3953-4184-a77c-3696aba95488.jpeg
200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a800f15-3953-4184-a77c-3696aba95488.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5012bd324b91ad44151392700e27a369
1d17869c30cdeb7643fe3bcc976c21136799b4e6
11e23381d21ca461bb31fc1b832f53613de1316b09dde72b4deda55067011e8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a800f15-3953-4184-a77c-3696aba95488.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6122
x-amzn-requestid: c8e3c2f9-8314-40ea-82ce-ac203aea0cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjlE-8IAMFzlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b0-0ef61461611d547c76354cbe;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: i3LihiLuF38T7NM6YU0qhC0RqNswNOkdcRX_7ZGbNGK-69pguND8dA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:04:35 GMT
age: 70815
etag: "1d17869c30cdeb7643fe3bcc976c21136799b4e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uz2NbcE4AmOvFQkhJALSpXCGizilya0TuFcczfEwtV09cGXtgVNlpQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:04:35 GMT
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
age: 70815
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M9Y8U9vqVs1ATiPP9jLPybTJ-xwC--5oiRUpj9-imTWfh6_rmtL5Kw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:58:42 GMT
age: 71168
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: e408351e-ba6c-4e55-815d-449af808282f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMEFBLoAMFtqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-13831d8572a3b3cf54a0e747;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GFM9jerDkTPdhlUTm99E7Lpksw2ZGnV81bNVaZLvWSAiRNDNtkZi4g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
age: 71803
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdfdf7e36f78f2f0e4d7ede9fdb76a8
babb88202741bbf2d4fd25e0731a4a7a6fcc28f8
949ea108642789e1014150909060f11d99608f082760d0e868a90282f2768d43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: 614c99f8-116a-4603-bcde-3fbd5bfa14d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wx1HInIAMFiYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80b-25c09c3227d72395408782f0;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5_jCLvdAC-XR-ax3RUbbx9275KPwACOPtAMxSbmv-aP-Lra4sC5zvw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:51:26 GMT
age: 71604
etag: "babb88202741bbf2d4fd25e0731a4a7a6fcc28f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cravtr.ru/wp-content/themes/allium/css/fontawesome-all.css?ver=5.4.11
200 OK 0 B URL HTTP/1.1 cravtr.ru/wp-content/themes/allium/css/fontawesome-all.css?ver=5.4.11
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/allium/css/fontawesome-all.css?ver=5.4.11 HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Wed, 01 Jun 2022 13:49:55 GMT
ETag: "117b5-5e0632a0bbdcb"
Accept-Ranges: bytes
Content-Length: 71605
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700%2C700i&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700%2C700i&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext
IP
GET /css?family=Roboto%3A400%2C400i%2C700%2C700i&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cravtr.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Sep 2022 17:44:48 GMT
date: Sun, 04 Sep 2022 17:44:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cravtr.ru/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
200 OK 0 B URL HTTP/1.1 cravtr.ru/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: cravtr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cravtr.ru/
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 17:44:48 GMT
Server: Apache/2.4.6 (CentOS) mod_fastcgi/mod_fastcgi-SNAP-0910052141
Last-Modified: Tue, 31 May 2022 18:09:13 GMT
ETag: "17a69-5e052ab895057"
Accept-Ranges: bytes
Content-Length: 96873
Content-Type: application/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive
31.28.24.244
142.250.74.164
93.184.220.29
23.36.76.226
0.0.0.0