r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14668
Expires: Tue, 31 Jan 2023 11:24:49 GMT
Date: Tue, 31 Jan 2023 07:20:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15025
Expires: Tue, 31 Jan 2023 11:30:46 GMT
Date: Tue, 31 Jan 2023 07:20:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 06:35:52 GMT
content-type: application/json
age: 2669
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5974
Expires: Tue, 31 Jan 2023 08:59:55 GMT
Date: Tue, 31 Jan 2023 07:20:21 GMT
Connection: keep-alive
www.newera.su/
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET / HTTP/1.1
Host: www.newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/7.4.33
X-Redirect-By: WordPress
Location: http://newera.su/
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 05MmJUQT42aWMG0PPoWXxVg6QOkOAZNuKfTsrBNQEqtE1Zu7N5rU39cjjeCLuD22VM5SsnFhiiFq16aT6LjMJQ==
x-amz-request-id: 4MPQMYC6Y5P1AA6Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 06:22:06 GMT
age: 3495
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:20:21 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
newera.su/
200 OK 14 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 1df366cb436a88e8211e30add63968a1
9513f218461552b90d268a1d926ac45d6aee0f3b
a6e48f2d25b545264db5b3bda3ee11a6f9d77bfb45be5b45f4d980e5ac978730
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET / HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Link: <http://newera.su/>; rel=shortlink
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 06:41:42 GMT
age: 2319
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
newera.su/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
200 OK 12 kB URL HTTP/1.1 newera.su/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
File type ASCII text, with very long lines (47826)
Hash 981383d43a7adb38d6c2bf5286dcd065
e41871905868763178f7d8127e3dfb87909f108f
fceb208fc5a1581abc1926596d5f59fa41e7a7d72027b563303b445cdf7ed126
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:21 GMT
Content-Type: text/css
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-172a9"
Expires: Tue, 07 Feb 2023 07:20:21 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-includes/css/classic-themes.min.css?ver=1
200 OK 189 B URL HTTP/1.1 newera.su/wp-includes/css/classic-themes.min.css?ver=1
IP
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: text/css
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-d9"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3
200 OK 995 B URL HTTP/1.1 newera.su/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3
IP
Hash a81b8fb4af6a0bfef4d8fb610b7e3fd2
54ac8812d0ee99a38e33f734f34179a77e95e547
6a391fc773bce731189bf93ecf097629718030c411493a92842b12939bee8479
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: text/css
Last-Modified: Mon, 30 Jan 2023 14:27:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63d7d3c3-af3"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/wp-recall/assets/rcl-awesome/rcl-awesome.min.css?ver=16.26.5
200 OK 7.0 kB URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/assets/rcl-awesome/rcl-awesome.min.css?ver=16.26.5
IP
File type ASCII text, with very long lines (34408), with no line terminators
Hash e865107d12b20969d461a3638a0e3ace
5b9e1a31c61954817233aebf72e0f0ce5f9b66bd
fa8f14bb7bedb7403706f8fa714db317e4a43c57310d5c77a322ceb35c5fb951
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/assets/rcl-awesome/rcl-awesome.min.css?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: text/css
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-8668"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-regular.woff2
200 OK 29 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-regular.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29188, version 1.0\012- data
Hash 0d79aa427c0459b1383b658bb7515f0f
75f67cf6df833d90f4511cf8b8e43d42e1d93aad
9b69f15ac269fa295d22ef5cacebc51a7f603f25929d70a7864a80ecc7978374
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-regular.woff2 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/font-woff2
Content-Length: 29188
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-7204"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-500.woff2
200 OK 29 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-500.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 29424, version 1.0\012- data
Hash ab59f44d85c440db4b99c36230657baf
7e3b12adde3f2563ec42139a18c33d1d7b3be26f
c6953d8dbfdbf83da2b8b3b7b85bfb83115aa0b26a63eeace0cfe0dd15a8fff8
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-500.woff2 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/font-woff2
Content-Length: 29424
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-72f0"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-700.woff2
200 OK 31 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-700.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 30936, version 1.0\012- data
Hash eda0206155fd78692dd249016dba4f2b
3ae25f83196fbbcbeea27359bea8414fdbcb943c
ea7068f709ea27cf12020ad5f86e2e2889f3a343f4c79d970208c24c097f384f
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/files/font/fira-sans-v11-latin_cyrillic-700.woff2 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/font-woff2
Content-Length: 30936
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-78d8"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.2 kB URL HTTP/1.1 newera.su/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-2bd8"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/wp-recall/assets/js/core.js?ver=16.26.5
200 OK 11 kB URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/assets/js/core.js?ver=16.26.5
IP
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash a13586477b6512367a26846d91b38241
22515a5c6cc63390d1b451b0564d6f1ee2f01992
b04284f21fd28c0830c74cf96c13105c53d2e9b16691c670ddef555cf64ca650
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/assets/js/core.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-c285"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/wp-recall/assets/js/scripts.js?ver=16.26.5
200 OK 3.5 kB URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/assets/js/scripts.js?ver=16.26.5
IP
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e86d348c1f7b6ac51dd25242c0ec84b9
07a3ad28ade22161908de1cde8def51d2853052e
2f4bf97811488105ba6f7fad4fafa79d73d5e614eb0220bc9dd9f220211ebfda
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/assets/js/scripts.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-41f6"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/uploads/rcl-uploads/css/303366ed67988316997169fdcd986af4.css?ver=16.26.5
200 OK 18 kB URL HTTP/1.1 newera.su/wp-content/uploads/rcl-uploads/css/303366ed67988316997169fdcd986af4.css?ver=16.26.5
IP
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 6953e1c6de1545796abca229eec0e500
f8a8a24e58b68bccb235a4995ac73707db7a6cbb
5d1a4126f491520c926c79b14f3162d8a553d7d3e06ab4b10c12bba2dd36f88c
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/uploads/rcl-uploads/css/303366ed67988316997169fdcd986af4.css?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: text/css
Last-Modified: Fri, 20 Jan 2023 09:11:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63ca5ac4-18a04"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
200 OK 25 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
IP
File type assembler source, Unicode text, UTF-8 text, with very long lines (2865)
Hash dce21ea9a4221cac85a6f420c3c96f59
dbab7d1ff30a589740094735b826524d4a080867
6014712a4f2859f806186a959aa1ccf859f11b6e6ea2aaab29730415b8145432
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/style.css?ver=1.0.1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: text/css
Last-Modified: Mon, 30 Jan 2023 13:59:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63d7cd47-180df"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 31 kB URL HTTP/1.1 newera.su/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
File type ASCII text, with very long lines (65447)
Hash 2eccf707201b564e5e0cc3637fe4fd79
13b3ab2c399a84808e8fd6a2c795a6a49f5090a4
fb2e62f5864ef969b2d586b0e589fc81d7689038cd54a90fbca4b463e0ca6261
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-15e54"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2ac1bcdceabf1fc4e07017906aa8a815
ba00b737325fc50b35af8d851ced0fe13d1cba22
c6c54f5dbbfc40b454b9c67a7972827f500d83b10a1594f7cb56c69158278c08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newera.su/wp-content/plugins/wp-recall/add-on/rating-system/js/scripts.js?ver=16.26.5
200 OK 626 B URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/add-on/rating-system/js/scripts.js?ver=16.26.5
IP
File type ASCII text, with CRLF line terminators
Hash b49bb55d600c9244dc9e914699724249
ca3b2df5bd9c67c6cb95c3c337991bf8e333034b
163869dfff54d258a0acc3c69483285faf56eed5eb97db84973690c963670ed9
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/add-on/rating-system/js/scripts.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-8d7"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4209
Expires: Tue, 31 Jan 2023 08:30:31 GMT
Date: Tue, 31 Jan 2023 07:20:22 GMT
Connection: keep-alive
newera.su/wp-content/plugins/wp-recall/add-on/publicpost/js/scripts.js?ver=16.26.5
200 OK 3.5 kB URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/add-on/publicpost/js/scripts.js?ver=16.26.5
IP
File type ASCII text, with CRLF line terminators
Hash a6bc21468d81cd66baf5cc72af437259
06f7ce0b6a61333875dc6b937d3bae36bc55f059
6e5eda58a3c6ac37f8f631efe18a2adc38e6674c4775a47da56f655467d23db7
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/add-on/publicpost/js/scripts.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-43d3"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/wp-recall/add-on/rcl-chat/js/scripts.js?ver=16.26.5
200 OK 3.2 kB URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/add-on/rcl-chat/js/scripts.js?ver=16.26.5
IP
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 171f19851ef89505a28e02647a809af7
a45911f72fc992c10f67a15a2a5f3b40acd97829
b0817c990af22558fab8f1509f0ccf879842a20bf52bbebda777b73f3f3f6146
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/add-on/rcl-chat/js/scripts.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-3b3a"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/wp-recall/add-on/user-balance/assets/js/scripts.js?ver=16.26.5
200 OK 709 B URL HTTP/1.1 newera.su/wp-content/plugins/wp-recall/add-on/user-balance/assets/js/scripts.js?ver=16.26.5
IP
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 193be4a12f7e3b42ce7f08b26c76d3ce
b5b04bf81b0a3a97c5ab2f767ba6d619fbc8f865
c936eac1b6ad5eaecef2ddd1eff5336a1818a5654ad5d07d05077c61d63f550a
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/wp-recall/add-on/user-balance/assets/js/scripts.js?ver=16.26.5 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:56:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c789f4-74b"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3
200 OK 3.0 kB URL HTTP/1.1 newera.su/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3
IP
File type ASCII text, with very long lines (10565), with no line terminators
Hash 20d191fbcefaf143ff6d9f0234b3afd4
85c302c0f4d2393bd1c3fb724a03741a14860b3a
0398c654fccf925b52ce33037cf350414bc27efc9da7db916ee7dbe646541f7a
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Jan 2023 14:27:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63d7d3c3-2945"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3
200 OK 4.1 kB URL HTTP/1.1 newera.su/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3
IP
File type HTML document, ASCII text, with very long lines (12761), with no line terminators
Hash 08d54a01c1e30726b24a1232b1342a35
e18007fdfdb7cd4f395894d75c952a99f6928628
3aae006ed148ced5daa1e75e7a23918d7b566b8d77b070a14df6ad546f689877
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Jan 2023 14:27:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63d7d3c3-31d9"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/themes/lawfactory/scripts/custom.js?ver=1.0.1
200 OK 17 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/scripts/custom.js?ver=1.0.1
IP
File type Unicode text, UTF-8 text, with very long lines (32000)
Hash f2ba84855a646345da1edceded76d324
e71b73e30d3de340793d525deea6113e0bbbfb6a
713c0bd3a6b51cc7c629eab708ac06df928bb2415d2159d52bdad327ec02e86a
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/scripts/custom.js?ver=1.0.1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c78960-e6e9"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
www.google.com/recaptcha/api.js?render=6LdIGxEkAAAAAPRy6A3KbrYgojfm6570bI0Vroiu&ver=3.0
200 OK 587 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LdIGxEkAAAAAPRy6A3KbrYgojfm6570bI0Vroiu&ver=3.0
IP
File type ASCII text, with very long lines (884), with no line terminators
Hash 888b0b03e8cea69d1aeef141821e1cd0
9521ceef9d1053a85f6e6f95ad9ec0b4f7349a6b
837387786ae12d52bac27dbdcc2d0a9a715a4510dbb13e75fc0ea1e7be7b243a
GET /recaptcha/api.js?render=6LdIGxEkAAAAAPRy6A3KbrYgojfm6570bI0Vroiu&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 31 Jan 2023 07:20:22 GMT
date: Tue, 31 Jan 2023 07:20:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 587
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
newera.su/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
200 OK 2.5 kB URL HTTP/1.1 newera.su/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP
File type ASCII text, with very long lines (6475), with no line terminators
Hash 27cbbd0a9d7c5ad9402118c4afc36035
7659d08a005f5ecfa6c779e3cda45c30007fd059
ebc771d0af626966e38535357861fab0090e0bd7ff346cbe3c7ffdde1683809f
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-194b"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
200 OK 6.5 kB URL HTTP/1.1 newera.su/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash 287748e15cc4a588d0df39da369d9035
b02e10a775f9d6ab54d448acffbc9253e2d9bfb9
742f6e950eecbeaf0c308f5d3877e48d6d57d48b7f8bd458d81875feb4b58654
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-459f"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.3
200 OK 507 B URL HTTP/1.1 newera.su/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.3
IP
File type ASCII text, with very long lines (999), with no line terminators
Hash 22f32f77e17fa7640cda0a401c2b0844
019765feeed7ea2a9e9e506ce000978ea3ecd171
269c0f075ceb9464731b25afc21ae41536b76ef76bf0cf856c42e3e6311ec6ce
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.3 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Jan 2023 14:27:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63d7d3c3-3e7"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-includes/js/comment-reply.min.js?ver=6.1.1
200 OK 1.4 kB URL HTTP/1.1 newera.su/wp-includes/js/comment-reply.min.js?ver=6.1.1
IP
File type ASCII text, with very long lines (2946)
Hash 28214bc78b9edfcfbc9c7b651fb4f56c
fb0847abdb33dd943a2dcda4c4b905fb5cdd116c
11691bc1acc1f3a7ab8ef7c67fb720ca58fb72e52f510009f7b0cbc2589d45e0
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-includes/js/comment-reply.min.js?ver=6.1.1 HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Jan 2023 05:47:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c787fe-ba5"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a5ff07b9b81cdf319f4a57d8d6dbbd6d
736ae15d0ed2068580d35a7cff8b33c0ec87af52
24406eda914ef8f78e1f60d6b54237ea6311f2fdf54b2b63647d84b397b41de0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-3-2.png
200 OK 5.8 kB URL HTTP/1.1 newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-3-2.png
IP
File type PNG image data, 300 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 86c8cc6261b037d3973a8099ce01ed01
38691bb261ee3c14b848f04832e7ddfa41ad54eb
b0678fe3aea53bc3c4fea22a486134f3e9b336cb8b8ce146ccdc769d850e3304
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-3-2.png HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/png
Content-Length: 5830
Last-Modified: Tue, 24 Jan 2023 09:19:12 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63cfa290-16c6"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/img/shape2.png
200 OK 10 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/img/shape2.png
IP
File type PNG image data, 400 x 400, 1-bit colormap, non-interlaced\012- data
Hash 7ef5d162d5ecdb6131d285c1a2c552c9
add547d6c578511ddb12df6bb241c1c374ec3411
c4d9208a1e14f5d4bf0526aa015fda9bf565e8c0945ba30d7d7152b0d50c25c4
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/img/shape2.png HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/png
Content-Length: 10115
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-2783"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/img/shape1.png
200 OK 4.0 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/img/shape1.png
IP
File type PNG image data, 400 x 900, 8-bit/color RGBA, non-interlaced\012- data
Hash f695108c3c7dd421c46a1ef66c54fb58
b6cd408a03c265a1e28adb3b02745346942c91d5
41e7f98e78f2168d2540b86e5308549095943b0519176a92effb68ac9aabf751
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/img/shape1.png HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/png
Content-Length: 4030
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-fbe"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/img/shape3.png
200 OK 30 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/img/shape3.png
IP
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Hash 93ea30941d99ff481a4176c2788c1e39
d3100f865499a4c409be29c73e83358d2dc7feb4
917164c8c81483336cf5eb9a417a26308c95a10a04fe665735f8565892aac0b9
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/img/shape3.png HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/png
Content-Length: 29484
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-732c"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/themes/lawfactory/img/demo/footer-bg.jpg
200 OK 32 kB URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/img/demo/footer-bg.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x1013, components 3\012- data
Hash 884a04757fc64503a8e0ab5b2f257b3e
83478e30dfb62f045a87734cce243a79437df8f0
90f2ee3ba2ac49c23c7858caf3d54ff46a712e638d5a4b287efb4f9a8bb2a0bb
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/img/demo/footer-bg.jpg HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/jpeg
Content-Length: 31953
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63c78960-7cd1"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-12222-scaled.jpg
200 OK 1.3 MB URL HTTP/1.1 newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-12222-scaled.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.0 (Windows), datetime=2023:01:25 19:59:32], baseline, precision 8, 2560x2560, components 3\012- data
Size 1.3 MB (1250953 bytes)
Hash ed6bfe958bf6aa89a4edcf1ffcef6bb6
ae31fe362ef2646b909e2e1787fd61bb3d3f73a1
ad60a5b57e2da0a07eba5471b854f50e876566020fac0f3f25e9392237cfb1c4
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-12222-scaled.jpg HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/jpeg
Content-Length: 1250953
Last-Modified: Wed, 25 Jan 2023 14:59:57 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63d143ed-131689"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
newera.su/wp-content/uploads/2023/01/sign-here-please-scaled.jpg
200 OK 357 kB URL HTTP/1.1 newera.su/wp-content/uploads/2023/01/sign-here-please-scaled.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=20, height=4912, bps=254, PhotometricIntepretation=RGB, description=Businessman showing his partner where to sign the contract, manufacturer=NIKON CORPORATION, model=NIKON D800E, orientation=upper-left, width=7360], baseline, precision 8, 2560x1709, components 3\012- data
Size 357 kB (357430 bytes)
Hash ab4570a52315000f7f879db68689d0b5
1c7e5f6821c102d34c7cebc57f8a2dcd70a7ad6e
26a4a0e26893cff17032e2a61d54e44d12f8452ee03a9e750d5a728db207508a
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/uploads/2023/01/sign-here-please-scaled.jpg HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/jpeg
Content-Length: 357430
Last-Modified: Mon, 30 Jan 2023 10:22:51 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63d79a7b-57436"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aIXl6PDxmjhy0wvqpWLeXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9CKtHMDZD940xgG+Vpy5OXsnzYQ=
newera.su/wp-json/contact-form-7/v1/contact-forms/7/feedback/schema
200 OK 1.2 kB URL HTTP/1.1 newera.su/wp-json/contact-form-7/v1/contact-forms/7/feedback/schema
IP
File type JSON data\012- , ASCII text, with very long lines (1190), with no line terminators
Hash 3461c0baab134e7afabe67750f947bae
30f17f2cccad52be49b6b2e98532f815de3180da
cf028bfb69e49cd259f6946b599e147a68ef106c3b2c03da70f4efe97d139fe2
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-json/contact-form-7/v1/contact-forms/7/feedback/schema HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, */*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://newera.su/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 1190
Connection: keep-alive
Keep-Alive: timeout=30
X-Powered-By: PHP/7.4.33
X-Robots-Tag: noindex
Link: <http://newera.su/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Allow: GET
Vary: Origin
newera.su/wp-content/themes/lawfactory/img/crime/gun.svg
200 OK 736 B URL HTTP/1.1 newera.su/wp-content/themes/lawfactory/img/crime/gun.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1275), with no line terminators
Hash e1c1be8a08f2a20cf510dfbfe100a7d4
10cc57cdd90d82d1cd057284d8e18d6a38064998
627d2c9e376a79dd25e5bc60c8bd1a4cae1f5199a9d5d723e2055636c15c2bf4
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/themes/lawfactory/img/crime/gun.svg HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/wp-content/themes/lawfactory/style.css?ver=1.0.1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/svg+xml
Last-Modified: Wed, 18 Jan 2023 05:53:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"63c78960-4fb"
Expires: Tue, 07 Feb 2023 07:20:22 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-2-1.png
200 OK 5.2 kB URL HTTP/1.1 newera.su/wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-2-1.png
IP
File type PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash b49bde9a3a8d61ec45a1311df86668f4
3ddc307bf7a0f19241b69d12538414ddbb0c9b7b
e86b126abd5e1193eb1bcb40823293a30ec0b5f20781cd5a3442bfb9a8868997
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /wp-content/uploads/2023/01/%D0%91%D0%B5%D0%B7-%D0%B8%D0%BC%D0%B5%D0%BD%D0%B8-2-1.png HTTP/1.1
Host: newera.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://newera.su/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: image/png
Content-Length: 5236
Last-Modified: Tue, 24 Jan 2023 09:08:27 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "63cfa00b-1474"
Expires: Thu, 02 Mar 2023 07:20:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 17:09:34 GMT
expires: Tue, 30 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
age: 51048
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gseccovsslca2018
200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash d7d4e42ebd348aca07f1c42d3c004e28
5afc9cb43bff8db7967456dd054cfeb04d1ec736
d885f0dd5b0417c7c444e0aeb5ac97920c81e2582a5d8ec170bbd399f4224ca5
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:20:22 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Sat, 04 Feb 2023 06:07:31 GMT
ETag: "5afc9cb43bff8db7967456dd054cfeb04d1ec736"
Last-Modified: Tue, 31 Jan 2023 06:07:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 913
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7920af367eacb500-OSL
mc.yandex.ru/metrika/tag.js
200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash a236c7014c1f1a1e52d356f59e5d665a
b66c638eb2346287364c37725819bbab1f409d66
ad2d57579e453af0eac49156840bcd1dcfbd802a82135af98f41f714d7e698f2
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73769
date: Tue, 31 Jan 2023 07:20:22 GMT
access-control-allow-origin: *
etag: "63c93a4b-12029"
expires: Tue, 31 Jan 2023 08:20:22 GMT
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:23 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Tue, 31 Jan 2023 08:20:23 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/92164211/1?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/92164211/1?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash adc081829fc3bf0f74d5ccc37cea4f6c
43192763c245cda7212ac0f8210af807ba3267ec
ff9d6959ff97c55efcb01651b76e4e54ad98c91abfc5cf6d4592bc8f298b8ab2
GET /watch/92164211/1?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://newera.su
Referer: http://newera.su/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Tue, 31 Jan 2023 07:20:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:23 GMT
last-modified: Tue, 31-Jan-2023 07:20:23 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/92164211?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
302 Found 15 kB URL HTTP/2 mc.yandex.ru/watch/92164211?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /watch/92164211?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/92164211/1?wmode=7&page-url=http%3A%2F%2Fnewera.su%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A1157%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A888978787938%3Ahid%3A949483932%3Az%3A0%3Ai%3A20230131072038%3Aet%3A1675149639%3Ac%3A1%3Arn%3A949943896%3Arqn%3A1%3Au%3A1675149639828418233%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C37%2C261%2C1%2C382%2C0%2C%2C505%2C2%2C%2C%2C%2C1197%3Aco%3A0%3Ans%3A1675149636977%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675149639%3At%3A%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5%20%D1%83%D1%81%D0%BB%D1%83%D0%B3%D0%B8%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D0%B5%D1%85&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Tue, 31 Jan 2023 07:20:23 GMT
access-control-allow-origin: http://newera.su
set-cookie: yabs-sid=2259699161675149623; Path=/; SameSite=None; Secure
i=qNg5TC9EpUwQkGlisYV+pTnMMAjq+N/3LaQu4Be3+sR6+w4evYbP0PdOQBWgXfcq4s3Z8KO1L7Yzg+/IKRfNwrTRXNg=; Expires=Fri, 28-Jan-2033 07:20:19 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=370303191675149623; Expires=Wed, 31-Jan-2024 07:20:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=370303191675149623; Expires=Wed, 31-Jan-2024 07:20:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1706685623.yc.1675149623#1706685623.yrts.1675149623#1706685623.yrtsi.1675149623; Expires=Wed, 31-Jan-2024 07:20:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:23 GMT
last-modified: Tue, 31-Jan-2023 07:20:23 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 16:40:43 GMT
expires: Fri, 26 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 398380
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14827
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:20:23 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14827
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:20:23 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14827
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:20:23 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 00:33:02 GMT
age: 24441
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 36E3JCGqpkeMmb_fzM0DTb24ElUMGDdikE1IdqQABDlbT28XRs7B-w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 11:52:37 GMT
age: 70066
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde59a1de-2b64-4d28-8e63-6d511c4c70d5.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde59a1de-2b64-4d28-8e63-6d511c4c70d5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d143b65b98551bde96a7f026808d4583
3e995e5933e6f8c15ecd3bc642ce1778a11f7ca7
004be88ebe2a4840bb718a5148fcf7d2dc1400f6c1c880cee4428d66ba91dbd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde59a1de-2b64-4d28-8e63-6d511c4c70d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9972
x-amzn-requestid: 8a609804-1429-4a2d-abdc-7dc74a83a35b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcWB-GO8oAMF5Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4d072-0a0afc9625eb840c0b14b259;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:36:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uOHt5PEtB9XCEUi1eFA_7pTZsZgHQnvadZNw7BiXJTYMmnYgAzZ7pQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:58 GMT
age: 12565
etag: "3e995e5933e6f8c15ecd3bc642ce1778a11f7ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83d9e98a4575077e7400343c7f2038d2
6ac3ca84e97fa35afff9045f35d45499c0b34a23
da6d6d90a5ea8f5a864f3739591693b5f4b9793f2c4bb971486572f6bf2e940c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: e62c149b-ca5f-4d0c-8d2d-e8bb2a7f9d8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbvSzH2soAMFiYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d49278-1214fc750a312e46527b2fd7;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 03:11:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e9kVyPl84SxMlIqs-0wE831KRF1kg1HOPTgntElaEp1RGOsgqB19ZA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 04:10:37 GMT
age: 11386
etag: "6ac3ca84e97fa35afff9045f35d45499c0b34a23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tAR5c5rQD0h5YZ6TU8pZKhUFUf5d0-l794EaYnwwkts3QXPhdYm6vA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:03:25 GMT
age: 37018
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e575f4c5e3aa793f846cadc8baf386c
f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d
09a5bbe4fb7f23ee43228267f30c1ef0cd8747e515e01c963df0756b866f23ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 713e2d23-21a3-4b9f-af7b-497d15494cdc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCYTEBToAMFQMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e434-24782bb73c8760d277497ded;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:12:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _-Hp-dTdgO95bYRa5Y5UkAUHHxHPMM9GFP2qKtbLIIylFOc2SGXjBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 04:10:01 GMT
age: 11422
etag: "f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=520643374&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072041%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=520643374&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072041%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=520643374&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072041%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 84261
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:26 GMT
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:26 GMT
last-modified: Tue, 31-Jan-2023 07:20:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=603378900&wv-type=3&browser-info=we%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072042%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=603378900&wv-type=3&browser-info=we%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072042%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/92164211?wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=603378900&wv-type=3&browser-info=we%3A1%3Aet%3A1675149642%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072042%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149642&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 607
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:26 GMT
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:26 GMT
last-modified: Tue, 31-Jan-2023 07:20:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49c7c3dd-3b94-47e5-83e3-d08d77011a06.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49c7c3dd-3b94-47e5-83e3-d08d77011a06.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5167f99b892b964436e3c85ec115e25d
4f35912cf744f1f8fe875ff13d333ff19a775155
8b2350b0d3cf009164143a9591e62c1fd77fa127cfe01ab6204fe8accd3d11b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49c7c3dd-3b94-47e5-83e3-d08d77011a06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10000
x-amzn-requestid: f4b22eb2-3e65-4b0b-bec9-b2782103cec7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcSZ6FznIAMF_AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4caa5-787125d9270792e5417f2891;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:11:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4SuH8GRiQqYRDlMFy3MI4KFbhHKwlDUbovcMITVrWtELKGQGTP-epw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 20:41:22 GMT
age: 38348
etag: "4f35912cf744f1f8fe875ff13d333ff19a775155"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/92164211?wv-check=55287&wv-type=0&wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=852156614&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/92164211?wv-check=55287&wv-type=0&wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=852156614&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/92164211?wv-check=55287&wv-type=0&wmode=0&wv-part=1&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=852156614&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:30 GMT
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:30 GMT
last-modified: Tue, 31-Jan-2023 07:20:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=533310560&wv-type=3&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=533310560&wv-type=3&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=533310560&wv-type=3&browser-info=we%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 21
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:30 GMT
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:30 GMT
last-modified: Tue, 31-Jan-2023 07:20:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=355045550&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=355045550&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/92164211?wmode=0&wv-part=2&wv-hit=949483932&page-url=http%3A%2F%2Fnewera.su%2F&rn=355045550&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1675149647%3Aw%3A1268x939%3Av%3A960%3Az%3A0%3Ai%3A20230131072046%3Au%3A1675149639828418233%3Avf%3Asm0eap24hzlr84c06sesn%3Ast%3A1675149647&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 15
Origin: http://newera.su
Connection: keep-alive
Referer: http://newera.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 31 Jan 2023 07:20:30 GMT
access-control-allow-origin: http://newera.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 31-Jan-2023 07:20:30 GMT
last-modified: Tue, 31-Jan-2023 07:20:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
87.236.16.248
104.18.21.226
34.120.237.76
23.36.76.226