zelenka.guru/threads/2347053/
151.80.169.28301 Moved Permanently 178 B URL HTTP/1.1 zelenka.guru/threads/2347053/
IP 151.80.169.28:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET /threads/2347053/ HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 31 Dec 2022 22:48:44 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://zelenka.guru/threads/2347053/
Strict-Transport-Security: max-age=15768000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c6a87f6d6b5c54dcb1b630ae6001c73
e0315c9936d6f2f58ff7d078e74a8ec7802265a8
d88ef07b9fcfb42d27a490cb57df4adaf3261efc7d0b38246db387da3ca32a8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D88EF07B9FCFB42D27A490CB57DF4ADAF3261EFC7D0B38246DB387DA3CA32A8D"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3669
Expires: Sat, 31 Dec 2022 23:49:53 GMT
Date: Sat, 31 Dec 2022 22:48:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ab3625faa748b97df39d95f3265ccd14
3930df2e3cb45a1abe47de735002fba535de4f08
0b0a1eb64c4a23598884f08be0a9694c8fcaeffc4b0df790a678104f44fe1c14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B0A1EB64C4A23598884F08BE0A9694C8FCAEFFC4B0DF790A678104F44FE1C14"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2906
Expires: Sat, 31 Dec 2022 23:37:10 GMT
Date: Sat, 31 Dec 2022 22:48:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 31 Dec 2022 22:47:14 GMT
content-type: application/json
age: 90
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b0a4b7e28ad3a91135d52c7457790b5
075f22ab45d169766252467ae44903250e480f9b
312744aeb6fcc4296025205bc70c40316dd3c8a4b626669ac43e32c33104473a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "312744AEB6FCC4296025205BC70C40316DD3C8A4B626669AC43E32C33104473A"
Last-Modified: Sat, 31 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5367
Expires: Sun, 01 Jan 2023 00:18:11 GMT
Date: Sat, 31 Dec 2022 22:48:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mUlrC/6GYK1icy4iGMLvVcSmYwERSPH4d0A+0ht6b1N2S1CwhZ9RY4bzQuOY7NpFUAkQm1qk1XPTk6ZakIeZIw==
x-amz-request-id: 2VQJMSH56S6Q1G5N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 31 Dec 2022 21:57:35 GMT
age: 3069
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 913242b358a3f4fa5cb5e6d86287ce85
4392257b1916d7ea08c4e8434b566c147543739f
47f92f3f2f3af9f4b5c65f31a5842b0ebea7834ac283dbde1fd256ba5a568087
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47F92F3F2F3AF9F4B5C65F31A5842B0EBEA7834AC283DBDE1FD256BA5A568087"
Last-Modified: Fri, 30 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2755
Expires: Sat, 31 Dec 2022 23:34:39 GMT
Date: Sat, 31 Dec 2022 22:48:44 GMT
Connection: keep-alive
zelenka.guru/threads/2347053/
151.80.169.28200 OK 1.3 kB URL HTTP/2 zelenka.guru/threads/2347053/
IP 151.80.169.28:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1173)
Hash dc8bf22d87a4e02aed35f59f94960195
1b92fc84efa758940cd9e8f1fff8cd07b71c9358
ffd70a1b9430c854b44f284d3d0f5e081915c28694115671e2e610dcb1692f08
Analyzer Verdict Alert fortinet Malware
GET /threads/2347053/ HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: text/html
content-length: 1347
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
zelenka.guru/aes.js
151.80.169.28200 OK 26 kB IP 151.80.169.28:0
File type ASCII text, with very long lines (25638), with no line terminators
Hash 535ff81ab45764c67a7336a70ee7c7a6
c1cdb3fc5b8e033fbc2be2638b6189e9f3a4f669
991fa3ac0febff65dd238aa07315e6ccb792fb207828b371de8cb353bd4dd121
Analyzer Verdict Alert fortinet Malware
GET /aes.js HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
content-length: 25638
last-modified: Sun, 03 Jun 2018 20:00:00 GMT
etag: "5b1448c0-6426"
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/threads/2347053/
151.80.169.28200 OK 23 kB URL HTTP/2 zelenka.guru/threads/2347053/
IP 151.80.169.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1257)
Hash ae7eac7986f560f5e79d2c077055bc6e
4f3f2ae9593ef2c16453b9ac7c8ddc53916751cc
e581e31269095e95d32b0f2d396d12ec4422114c430ae59b33c4b6e4fb87fa07
Analyzer Verdict Alert fortinet Malware
GET /threads/2347053/ HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: text/html; charset=UTF-8
content-length: 22796
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
set-cookie: xf_session=f3838f7db08b3ffc7e651d9a722beff9; path=/; secure; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1
last-modified: Sat, 31 Dec 2022 22:48:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/errorHandler.js?_v=28ef5a19
151.80.169.28200 OK 1.2 kB URL HTTP/2 zelenka.guru/js/lolzteam/errorHandler.js?_v=28ef5a19
IP 151.80.169.28:0
Hash 15b5173ad1ab6c8053a5c886e5f99b72
1d89619c6b28c943c63f9266d976826c59e51f69
4c9ac3fef5b0d9c7cf41cb4071e5f44da56b0b1e4bfdc05653f57803f0c56ad1
Analyzer Verdict Alert fortinet Malware
GET /js/lolzteam/errorHandler.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
content-length: 1176
last-modified: Fri, 11 Nov 2022 11:35:26 GMT
vary: Accept-Encoding
etag: "636e337e-498"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/js/xi/tag/discussion_edited.js?_v=28ef5a19
151.80.169.28200 OK 852 B URL HTTP/2 zelenka.guru/js/xi/tag/discussion_edited.js?_v=28ef5a19
IP 151.80.169.28:0
Hash 4cb72c4ae6702504fcd0a4952b0dd729
8644e84011138aa034d8117105267216843948d8
dc0574b5a68e8a864997652b63dc43885522c6d88a3ecbcfb720573ee0735588
Analyzer Verdict Alert fortinet Malware
GET /js/xi/tag/discussion_edited.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
content-length: 852
last-modified: Wed, 21 Dec 2022 20:49:18 GMT
vary: Accept-Encoding
etag: "63a3714e-354"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0468fec435ade9da599ed1f46bb61464
61294530d9be7c2a732758fb6b06ae51170f02b6
48497874c626a3cd466af1566fa28103970006af3756f9b5c0256cddcbd9dade
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81c87a3f088331ce54f7b42d3815e4d7
93f7ac5fa21edef94d130988ab2833a36a8db38d
e493ad44a81a5773112904c8141b028cac7298d3cf1b44368291d9a0a3b800d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zelenka.guru/styles/mm/home.svg
151.80.169.28200 OK 749 B URL HTTP/2 zelenka.guru/styles/mm/home.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (645)
Hash 585a86a8595a730b074d80e4b6959447
671f74ba8ce90a6b64b6e294038d966711da8b23
e8e5becab46e87d05b0551d9da64f510416a31811483c47478ee10d6ab7b0bbe
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/home.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 749
last-modified: Mon, 05 Sep 2022 09:36:32 GMT
etag: "6315c320-2ed"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/paper.svg
151.80.169.28200 OK 895 B URL HTTP/2 zelenka.guru/styles/mm/paper.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (336)
Hash 61772c52576c14fe293e82b271e2972f
a906379feb9106fa295ac0f7fa7eb3eb54dcdec9
777d52d10b4a8a981cc4ee43823500087dd0d2209e50514df3765d10d742a63d
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/paper.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 895
last-modified: Mon, 05 Sep 2022 09:36:32 GMT
etag: "6315c320-37f"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/buy.svg
151.80.169.28200 OK 1.2 kB URL HTTP/2 zelenka.guru/styles/mm/buy.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (344)
Hash f796e797192932ea9d82c2682b7568ea
744929b0b0b84c321048eb3d24e114590c320d87
a29c241035d53a2b9fd702f0b06821c16f2324fd580726afa0d32b5fdcc5728b
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/buy.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 1223
last-modified: Mon, 05 Sep 2022 09:36:32 GMT
etag: "6315c320-4c7"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/shield.svg
151.80.169.28200 OK 812 B URL HTTP/2 zelenka.guru/styles/mm/shield.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (565)
Hash ed4e97d8851b3beae7df510697a3eb80
22d2dbad5b9dafe90fc255e073c4800e616732b7
28bae4941d25a2b04e3c19d9da161c5b00355a141b1b554eb47ed98cf9db539a
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/shield.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 812
last-modified: Mon, 05 Sep 2022 09:36:32 GMT
etag: "6315c320-32c"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/send.svg
151.80.169.28200 OK 432 B URL HTTP/2 zelenka.guru/styles/mm/send.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (328)
Hash 8650fbba5c447a5aba47e0a7ac057829
48e6e755dd71913a17496fe0ed9f909865f28d2d
f03f16eb1f8689b4a3094f18fc905982c32361d7fa67a9eb85b9493f87982a58
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/send.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 432
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-1b0"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/chat.svg
151.80.169.28200 OK 1.4 kB URL HTTP/2 zelenka.guru/styles/mm/chat.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (686)
Hash a09482b9ec1e6bcec3cf0dc395ed2614
5358ea23c9902e1e65ed0eeb571df2787bea3788
9d07bff0ec207cf8097ab26b4599c29e219ddd058db3ce5d7ea7b640618f3fd2
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/chat.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 1354
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-54a"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/voice.svg
151.80.169.28200 OK 800 B URL HTTP/2 zelenka.guru/styles/mm/voice.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (369)
Hash 041c7deb4c221f1e51c9d6c66d588644
1298441e2319e8461d4a1698315444dc445eb242
5977716623714f02150a5f7c31f89c304265a8d5782b17e47a027c3d9001ad3f
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/voice.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 800
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-320"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/danger.svg
151.80.169.28200 OK 902 B URL HTTP/2 zelenka.guru/styles/mm/danger.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (433)
Hash a65e41a7b6ccaf049e2e775326e74a0c
30aaaca66bd18539ccccd56dc6d328651575a9e7
28d452a1efbf6d513a7d02dbca936882a3bf9552211f75087274056e3fdbaec4
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/danger.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 902
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-386"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/circle.svg
151.80.169.28200 OK 683 B URL HTTP/2 zelenka.guru/styles/mm/circle.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (339)
Hash 36c0971d9e77fc848b80f385242146a0
3ca04689f81ff0a21e81887bd9f32e8449b56378
8e4962642b4d7110d15d68553aaa0ddfc5dcaab5d4f4293d6cebb8705d74d844
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/circle.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 683
last-modified: Mon, 05 Sep 2022 09:36:32 GMT
etag: "6315c320-2ab"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/square.svg
151.80.169.28200 OK 719 B URL HTTP/2 zelenka.guru/styles/mm/square.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (376)
Hash 702eb53194b95a6318f0e8e9295c80cd
7330f4aa9b442db95d9bd85040e8e12bff079ef5
587e1039cd67e4f2a95a1614adc096941f2a29a047eb89d3dd6b9e4c166ff405
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/square.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 719
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-2cf"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/graph.svg
151.80.169.28200 OK 1.3 kB URL HTTP/2 zelenka.guru/styles/mm/graph.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (706)
Hash 865dc809dcb9f8fb94ca0dcae0a42d4d
bb482b7749efd9b1ed5b3881c335e689673fcc33
f362004a918d1c5d3405664a47c827b4696d599351ea28d969d6839ecc13767c
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/graph.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 1306
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: "6315c321-51a"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/language.svg?1
151.80.169.28200 OK 1.2 kB URL HTTP/2 zelenka.guru/styles/mm/language.svg?1
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1093)
Hash 47689d5587cfdc167eb024b2a1c76735
0ade34df01ae54d32cd147a0627672822e20eb04
2dcce233f1cf1f6c7988302fc2bc49b4a5704bc043bdf3b5ec25f43f7b17534b
GET /styles/mm/language.svg?1 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
content-length: 1228
last-modified: Mon, 05 Sep 2022 09:57:35 GMT
etag: "6315c80f-4cc"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/css.php?css=bb_code,discussion_list,faqe_comment_style,forumSearchThreads,message,message_simple,message_user_info,mmenu_all,notices,thread_view,thread_view_improvements&style=9&dir=LTR&d=1672484868
151.80.169.28200 OK 23 kB URL HTTP/2 zelenka.guru/css.php?css=bb_code,discussion_list,faqe_comment_style,forumSearchThreads,message,message_simple,message_user_info,mmenu_all,notices,thread_view,thread_view_improvements&style=9&dir=LTR&d=1672484868
IP 151.80.169.28:0
File type assembler source, ASCII text, with very long lines (7106)
Hash 41c0c435e447bc813b0dba6046ac1260
7152eb2d1c3cd97c5f1cb958d2dbc3e755f776d0
747a55873905ac78e5f93f8ea4c5b794125e9cbb42b34149d24ddd55235a0ffd
GET /css.php?css=bb_code,discussion_list,faqe_comment_style,forumSearchThreads,message,message_simple,message_user_info,mmenu_all,notices,thread_view,thread_view_improvements&style=9&dir=LTR&d=1672484868 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:45 GMT
content-type: text/css; charset=utf-8
content-length: 22618
expires: Sat, 07 Jan 2023 22:48:44 GMT
last-modified: Sat, 31 Dec 2022 11:07:48 GMT
cache-control: max-age=604800
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
151.80.169.28200 OK 93 kB URL HTTP/2 zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
IP 151.80.169.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f25209535366a89dd7ec3d2619c7b94b
ed6792efc6804879c53f10ad6826217a9dfa1c61
c3f5f113223b06d00582be8b353da336816b3b63ba7a017979a937a14d0777da
GET /css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:45 GMT
content-type: text/css; charset=utf-8
content-length: 93284
expires: Sat, 07 Jan 2023 22:48:45 GMT
last-modified: Sat, 31 Dec 2022 11:07:48 GMT
cache-control: max-age=604800
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js
151.101.1.229200 OK 34 kB URL HTTP/2 cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (32077)
Hash a221862c4d6002be5ca064b8b94096c3
0041a30fae6c55b4e80052316ceb19d9763b6813
13ca5a43448c333329543216c3b77a494e6d6087cba3bc0a4007ada48f5fdd6a
GET /npm/jquery@1.12.4/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.12.4
x-jsd-version-type: version
etag: W/"17b8b-Wp3PvvZVomaOeLrr6qjcb0HY2rs"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 31 Dec 2022 22:48:46 GMT
age: 22799065
x-served-by: cache-fra19160-FRA, cache-bma1679-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 33793
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-J7RS527GFK
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-J7RS527GFK
IP 142.250.74.168:0
File type ASCII text, with very long lines (20080)
Hash 626001825ce8462240e7306384930d08
7a1d720e5938a6381ec0a874ce0838a7999a2416
8d8befdd3526c4ffbd18e3078935081e909bf6fc341b77580fae3b4797cd981f
GET /gtag/js?id=G-J7RS527GFK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 Dec 2022 22:48:46 GMT
expires: Sat, 31 Dec 2022 22:48:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76338
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 31 Dec 2022 22:08:11 GMT
age: 2435
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash ebea6cfd65d8011156f021aaf1fa7044
50d39cb442497d079ff86a1ebb0d99f2074c05b2
977de67048ebf03d9269586ca47d1a3fd467fe4dfbdaf8bd498bf2d4573280e4
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 31 Dec 2022 22:48:46 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C19951BF446A78E05A90CBEB7822455A149E5089"
Expires: Sun, 01 Jan 2023 10:00:00 GMT
Last-Modified: Sat, 31 Dec 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2028
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 782690883961b4fa-OSL
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81c87a3f088331ce54f7b42d3815e4d7
93f7ac5fa21edef94d130988ab2833a36a8db38d
e493ad44a81a5773112904c8141b028cac7298d3cf1b44368291d9a0a3b800d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0468fec435ade9da599ed1f46bb61464
61294530d9be7c2a732758fb6b06ae51170f02b6
48497874c626a3cd466af1566fa28103970006af3756f9b5c0256cddcbd9dade
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zelenka.guru/styles/mm/profile.svg
151.80.169.28200 OK 2.6 kB URL HTTP/2 zelenka.guru/styles/mm/profile.svg
IP 151.80.169.28:0
Hash 5e6d8512730b8f313c8c069cc7fdfd03
267c2ea1d30209482661a41e6b80001d1f89782e
49cb6f5d7d4d5e6c0481a90ed29500ee9936db92cc42e9cfd7e71059d2c413b2
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/profile.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: W/"6315c321-b7c"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/381/381733.jpg?1671706864
151.80.169.28200 OK 2.3 kB URL HTTP/2 zelenka.guru/data/avatars/s/381/381733.jpg?1671706864
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e3390e6535b7558d5c62866196851e3b
3df33b9e98a2b5a59aeadbeb65b1673a10281ab3
83a80e6ef49ee1d159ae9c98f6d95c7422867ab47b278736e00a4e9dffcee471
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/381/381733.jpg?1671706864 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 2318
last-modified: Thu, 22 Dec 2022 11:01:04 GMT
etag: "63a438f0-90e"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/5837/5837831.jpg?1662048145
151.80.169.28200 OK 616 B URL HTTP/2 zelenka.guru/data/avatars/s/5837/5837831.jpg?1662048145
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11c418854db59633fd74bba04f44cb69
e852991b3675f5751cbec140c519a3fe5955fce3
0338bf52f39cda57e654ca79a829265105c9d5fdace80a52e25dc2e7bd61579d
GET /data/avatars/s/5837/5837831.jpg?1662048145 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 616
last-modified: Thu, 01 Sep 2022 16:02:26 GMT
etag: "6310d792-268"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/138/138347.jpg?1658903507
151.80.169.28200 OK 732 B URL HTTP/2 zelenka.guru/data/avatars/s/138/138347.jpg?1658903507
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7feb23bd92f618c8c438a09f99cd19d7
54cae83818682da7df8d9d4f934aaff3e18bd82b
6596a0a661502d2392b93eb77a39283a48993f46f1f095ca00ce056ef6d12962
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/138/138347.jpg?1658903507 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 732
last-modified: Wed, 27 Jul 2022 06:31:47 GMT
etag: "62e0dbd3-2dc"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/2493/2493258.jpg?1672007567
151.80.169.28200 OK 3.7 kB URL HTTP/2 zelenka.guru/data/avatars/s/2493/2493258.jpg?1672007567
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 07343fe7d47b77f057937219e0d60d02
b22df2612d962a0d6a77c97b806196e5a9183be3
86bcdbe519b937cb8712655eba9a4a49f7e44d8c01fffac3eb2885e65a608c67
GET /data/avatars/s/2493/2493258.jpg?1672007567 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 3696
last-modified: Sun, 25 Dec 2022 22:32:47 GMT
etag: "63a8cf8f-e70"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/3436/3436713.jpg?1672126787
151.80.169.28200 OK 1.9 kB URL HTTP/2 zelenka.guru/data/avatars/s/3436/3436713.jpg?1672126787
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 53b471bd5072abeff54b173ae8330cf4
0ba246df7bc2b6e376b77b3769da523b4e0ddada
3d2974e338b2f72000df8fc1c826664bb48b062e366c98c1565e8187b5e222e1
GET /data/avatars/s/3436/3436713.jpg?1672126787 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1942
last-modified: Tue, 27 Dec 2022 07:39:47 GMT
etag: "63aaa143-796"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/5180/5180226.jpg?1656438129
151.80.169.28200 OK 1.1 kB URL HTTP/2 zelenka.guru/data/avatars/s/5180/5180226.jpg?1656438129
IP 151.80.169.28:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Hash 1a926c148c11cfaee19a408e92ad6473
f336738316b634626c9209d58ea79e91c84da8ae
0f47b330c320a4349dc9da2c4bf2dd0c44051ad6669529c484b0f78b2a946654
GET /data/avatars/s/5180/5180226.jpg?1656438129 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1145
last-modified: Tue, 28 Jun 2022 17:42:09 GMT
etag: "62bb3d71-479"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/js/xenforo/comments_simple.js?_v=28ef5a19
151.80.169.28200 OK 4.1 kB URL HTTP/2 zelenka.guru/js/xenforo/comments_simple.js?_v=28ef5a19
IP 151.80.169.28:0
Hash dd756316603eb5b150f906fd7481aa63
3ac8bc8e9f491dfc6c131b36d797fb36709da405
f1624bf7afa7209087962ce85e7d2644fcaba9a89dc9bdbf3ec3ba2566766e39
Analyzer Verdict Alert fortinet Malware
GET /js/xenforo/comments_simple.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 11:35:41 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"636e338d-8ee"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/3348/3348028.jpg?1658240660
151.80.169.28200 OK 856 B URL HTTP/2 zelenka.guru/data/avatars/s/3348/3348028.jpg?1658240660
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 62c0a887815e4f7357af89afdbe22ae9
902fe9d2437d8d81258cb218576a946065325346
eb06b6672da3d4ac19a96b454be9fe5730fa0db51a258061b79e9960ace5df60
GET /data/avatars/s/3348/3348028.jpg?1658240660 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 856
last-modified: Tue, 19 Jul 2022 14:24:22 GMT
etag: "62d6be96-358"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/5814/5814891.jpg?1670953982
151.80.169.28200 OK 1.7 kB URL HTTP/2 zelenka.guru/data/avatars/s/5814/5814891.jpg?1670953982
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 89a997e0bd33d5668be0a873df129d2c
274221ae8cc320366ee896a74f845140110881f0
ec8b91d5278ea3d8ff453609eaeacecdd8b5e36809d18e89538abf79c33b6951
GET /data/avatars/s/5814/5814891.jpg?1670953982 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1658
last-modified: Tue, 13 Dec 2022 17:53:02 GMT
etag: "6398bbfe-67a"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/3689/3689639.jpg?1666248699
151.80.169.28200 OK 1.0 kB URL HTTP/2 zelenka.guru/data/avatars/s/3689/3689639.jpg?1666248699
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash eb6b7c61aadfb8e3065b8c575bf033f4
3d11be9512cbb2d22e5a882a44cd7aad3f8ab6bb
361aa52d30694467b84f1dd7b1c9c4c11114c957a484f983ad5a7d99ecdde14f
GET /data/avatars/s/3689/3689639.jpg?1666248699 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1028
last-modified: Thu, 20 Oct 2022 06:51:39 GMT
etag: "6350effb-404"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/2207/2207597.jpg?1672397369
151.80.169.28200 OK 1.8 kB URL HTTP/2 zelenka.guru/data/avatars/s/2207/2207597.jpg?1672397369
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1a1fa5b4f15f52b8b883f82be389776a
f0f02e75d3f84601c74939aeb03566a05c964763
ae0ee5ce13c9d3f4bb7e7c500768ac734fa16fc7583eda0ac1fa52c26bac9080
GET /data/avatars/s/2207/2207597.jpg?1672397369 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1804
last-modified: Fri, 30 Dec 2022 10:49:29 GMT
etag: "63aec239-70c"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash afc798d7819a9c19437d20a92eb6f6ec
badde0ed90ac423d5796dc35808a3cd6cec09820
f101fbf84795c278d89aafdadf23cca6c5010b372a48d39a5354555bfb961e61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5712
Cache-Control: max-age=129196
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Etag: "63affbaa-1d7"
Expires: Mon, 02 Jan 2023 10:42:02 GMT
Last-Modified: Sat, 31 Dec 2022 09:06:50 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
216.58.207.227200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Hash 4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zelenka.guru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:56:02 GMT
expires: Tue, 26 Dec 2023 18:56:02 GMT
cache-control: public, max-age=31536000
age: 445964
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/612/612414.jpg?1667926983
151.80.169.28200 OK 172 kB URL HTTP/2 zelenka.guru/data/avatars/s/612/612414.jpg?1667926983
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 172 kB (171724 bytes)
Hash d1b1eb958cd1534d463cf8f6cb5afbf3
7dcc195f187dd22c31133945b2235be7e534e155
611cf1a87cf4dd083183ba95053a08b2e6580aeab9497f4c7ff6add50407b36e
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/612/612414.jpg?1667926983 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 171724
last-modified: Tue, 08 Nov 2022 17:03:13 GMT
etag: "636a8bd1-29ecc"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zelenka.guru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Dec 2022 18:52:41 GMT
expires: Tue, 26 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 446165
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
zelenka.guru/styles/mm/users.svg
151.80.169.28200 OK 28 kB URL HTTP/2 zelenka.guru/styles/mm/users.svg
IP 151.80.169.28:0
Hash feae49c90190cea4330773316fa4f6e8
a07d4c7f8c5a21e63deb9a0c76c33bd41fd38231
f6aa8df78e5fba30ef15daf922e618aaf665cd930cd3dd85cd09c6863d7d5acc
Analyzer Verdict Alert fortinet Malware
GET /styles/mm/users.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Mon, 05 Sep 2022 09:36:33 GMT
etag: W/"6315c321-70b"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;1,400;1,600&display=swap
142.250.74.106200 OK 4.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;1,400;1,600&display=swap
IP 142.250.74.106:0
Hash 07fbebbf93700eaabc6589c40dc16a34
7a402321399f3e58bbd4d41272c38accf18ccd93
bf64b6efa95e1f37d958edffa3ae28fca05db8ae7ad3424056751895a2738b38
GET /css2?family=Open+Sans:ital,wght@0,400;0,600;1,400;1,600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 31 Dec 2022 22:48:46 GMT
date: Sat, 31 Dec 2022 22:48:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/611/611081.jpg?1658235605
151.80.169.28200 OK 1.0 kB URL HTTP/2 zelenka.guru/data/avatars/s/611/611081.jpg?1658235605
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 36bace1f1c1e3bcf83ef1a8621eab7a9
905c8f8dadb86e2fa4e73571722bb96d952dc91b
52d6917a1300c99ef32491d18232a3e4efde66357033ef49debd0f235bee0751
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/611/611081.jpg?1658235605 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1048
last-modified: Tue, 19 Jul 2022 13:00:06 GMT
etag: "62d6aad6-418"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/603/603462.jpg?1660944272
151.80.169.28200 OK 802 B URL HTTP/2 zelenka.guru/data/avatars/s/603/603462.jpg?1660944272
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c506850bb8cd8cb71a6fa01119bb0135
4f001e8b2dfe870d2cffa8215983b8bf5a9f59d2
adc759614698dce0b2da0a3d769ee6c545b73ccd25911073cde662810b662893
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/603/603462.jpg?1660944272 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 802
last-modified: Fri, 19 Aug 2022 21:24:32 GMT
etag: "62ffff90-322"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/5590/5590683.jpg?1669609899
151.80.169.28200 OK 4.4 kB URL HTTP/2 zelenka.guru/data/avatars/s/5590/5590683.jpg?1669609899
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9f3aa5d60f98c3648b1e54b526e1e29c
7906d8a8c3d007a4dbb140fcaef79eb3ab363c06
8c1b8dfffbc6f861cbd02ba80fbbb9803f823da3a9c24fb1ae0870aaab6d5a7d
GET /data/avatars/s/5590/5590683.jpg?1669609899 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 4398
last-modified: Mon, 28 Nov 2022 04:31:39 GMT
etag: "638439ab-112e"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/6346/6346823.jpg?1672504667
151.80.169.28200 OK 844 B URL HTTP/2 zelenka.guru/data/avatars/s/6346/6346823.jpg?1672504667
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 128x128, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8811cbc7afea9998ae11db774f02d62a
2c944650cdd06c58f79e9bd5275eb61f98dfc228
67efefacb383f23706004124fae2af7719048d0e6f3a8ab4a2160d94a08dc8b3
GET /data/avatars/s/6346/6346823.jpg?1672504667 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 844
last-modified: Sat, 31 Dec 2022 16:37:48 GMT
etag: "63b0655c-34c"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/m/882/882192.jpg?1658533463
151.80.169.28200 OK 2.7 kB URL HTTP/2 zelenka.guru/data/avatars/m/882/882192.jpg?1658533463
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 96x96, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 614c54175da7e59daf10048692a79d8e
61d0fcef42167483b6e7365963e63e0e8e010f58
7991f4cf501bd0779ded81439efaa15b363fd842b5c9d227153ea36407393278
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/m/882/882192.jpg?1658533463 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 2724
last-modified: Fri, 22 Jul 2022 23:44:35 GMT
etag: "62db3663-aa4"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/882/882192.jpg?1658533463
151.80.169.28200 OK 844 B URL HTTP/2 zelenka.guru/data/avatars/s/882/882192.jpg?1658533463
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 103c826584d8e1670dbd2b8a856ad0ad
f83ae1bf4f1a25c0c37dc19df39aa78a605df177
89d47b10b40411ab40323b378a6214dda90c8d79d4335180856342b588c286f4
Analyzer Verdict Alert fortinet Malware
GET /data/avatars/s/882/882192.jpg?1658533463 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 844
last-modified: Fri, 22 Jul 2022 23:44:35 GMT
etag: "62db3663-34c"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/public/cd-top-arrow.svg
151.80.169.28200 OK 555 B URL HTTP/2 zelenka.guru/public/cd-top-arrow.svg
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash c2bab96d57583d68d57a99dc04f16482
17f5b39cdf2f8cd02d5f3ff422372dcefd1bea53
d94bbee4b8120bf8e4937e3e9c54de44bdb866291db81088601bde90085092da
Analyzer Verdict Alert fortinet Malware
GET /public/cd-top-arrow.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/svg+xml
content-length: 555
last-modified: Mon, 23 May 2022 09:33:53 GMT
etag: "628b5501-22b"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/m/3890/3890642.jpg?1658250894
151.80.169.28200 OK 220 B URL HTTP/2 zelenka.guru/data/avatars/m/3890/3890642.jpg?1658250894
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 96x96, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b82f0a5441f03333a1d251a45485df8
b26955e38a9f404535ed17406049c435a882c298
7e7d55d70deb9fb6c1fa36e026788630f065bae1fd6349e482a3512d4d2c52b2
GET /data/avatars/m/3890/3890642.jpg?1658250894 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 220
last-modified: Tue, 19 Jul 2022 17:15:22 GMT
etag: "62d6e6aa-dc"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
accept-ranges: bytes
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/m/3553/3553395.jpg?1658241253
151.80.169.28200 OK 1.5 kB URL HTTP/2 zelenka.guru/data/avatars/m/3553/3553395.jpg?1658241253
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 96x96, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c766cbdd8139eb0d6ba4c9fb32ed75e3
7fe1c87b5be2bfdfc9ce8a0ce701a65f9ffb513c
a36c427d40cadc0a65cf6302783af94b8bc2ee55831b2cf53fde54b44f86d605
GET /data/avatars/m/3553/3553395.jpg?1658241253 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 1532
last-modified: Tue, 19 Jul 2022 14:34:16 GMT
etag: "62d6c0e8-5fc"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
accept-ranges: bytes
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/data/avatars/s/3890/3890642.jpg?1658250894
151.80.169.28200 OK 150 B URL HTTP/2 zelenka.guru/data/avatars/s/3890/3890642.jpg?1658250894
IP 151.80.169.28:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 48x48, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 84f135ffeac2295f17fecceb9a90a43e
7184849f223de671e0ae0af5c0ef9551e9d766c1
56918c07ed607ba58a86b1573379229f281805055108d8024deb4542b17dacdf
GET /data/avatars/s/3890/3890642.jpg?1658250894 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/jpeg
content-length: 150
last-modified: Tue, 19 Jul 2022 17:15:22 GMT
etag: "62d6e6aa-96"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
accept-ranges: bytes
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b8166fe0679d6ccf83bc7f27cb76f6a5
7c76f9e3b7cd828fd0bd9ddb3603e0f1c8fc6f23
d0799689c53c389718f8818863c88447440e69b8837264dbe7a24e62a746e1e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Dec 2022 22:48:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zelenka.guru/styles/font/fa/fa-regular-400.woff2?_v=5.15.3
151.80.169.28200 OK 169 kB URL HTTP/2 zelenka.guru/styles/font/fa/fa-regular-400.woff2?_v=5.15.3
IP 151.80.169.28:0
File type Web Open Font Format (Version 2), TrueType, length 168768, version 331.-31261\012- data
Size 169 kB (168768 bytes)
Hash d8689b99dce7c881d3130f3c91cfefdf
fb005c93930c13b3a5f449bbc75ba5ee23f609fa
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
Analyzer Verdict Alert fortinet Malware
GET /styles/font/fa/fa-regular-400.woff2?_v=5.15.3 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: font/woff2
content-length: 168768
last-modified: Mon, 23 May 2022 09:33:53 GMT
etag: "628b5501-29340"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/styles/font/fa/fa-solid-900.woff2?_v=5.15.3
151.80.169.28200 OK 137 kB URL HTTP/2 zelenka.guru/styles/font/fa/fa-solid-900.woff2?_v=5.15.3
IP 151.80.169.28:0
File type Web Open Font Format (Version 2), TrueType, length 136824, version 331.-31261\012- data
Size 137 kB (136824 bytes)
Hash 978b27ec5d8b81d2b15aa28aaaae1fcb
76625967fe113a088e0627605b9d1bbfb8a5e47c
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
Analyzer Verdict Alert fortinet Malware
GET /styles/font/fa/fa-solid-900.woff2?_v=5.15.3 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: font/woff2
content-length: 136824
last-modified: Mon, 23 May 2022 09:33:53 GMT
etag: "628b5501-21678"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
X-Firefox-Spdy: h2
zelenka.guru/public/2017/zelenka.png
151.80.169.28200 OK 9.6 kB URL HTTP/2 zelenka.guru/public/2017/zelenka.png
IP 151.80.169.28:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 152x152, components 3\012- data
Hash fadafbda2fab7c8a1feed8c6e00abcee
887f25e551c19dafeb8c0f00f30ab58fc2211346
e3742682cfdd81665035a5e97e6b43d5891e2379ab6c2b06dbd764e672965d4d
GET /public/2017/zelenka.png HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/png
content-length: 9579
last-modified: Fri, 19 Aug 2022 15:39:15 GMT
etag: "62ffaea3-256b"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/favicon.svg?4
151.80.169.28200 OK 1.4 kB URL HTTP/2 zelenka.guru/favicon.svg?4
IP 151.80.169.28:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (626)
Hash d22fbfe2ced1c6d4a8997bdb0c38d3b5
d57652506d9d076d17f556fe8ed29c2fa5a88ceb
f223ae0076c1bf119bc649fad179dfaf5a11aa91d3104957002678837c1a716a
Analyzer Verdict Alert fortinet Malware
GET /favicon.svg?4 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/svg+xml
content-length: 1352
last-modified: Thu, 25 Aug 2022 11:38:05 GMT
etag: "63075f1d-548"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/mmenu-light.js?_v=28ef5a19
151.80.169.28200 OK 1.9 kB URL HTTP/2 zelenka.guru/js/lolzteam/mmenu-light.js?_v=28ef5a19
IP 151.80.169.28:0
Hash f824ce09cd56b9f6c7bcde4aa9a47496
2d8b331c0e685b2a76eb8f355aecb1238ebfd5b9
f09c34f145fc0e48e7968c8563d4dee122a8046762af4b187a2f46b6b4ef92d9
Analyzer Verdict Alert fortinet Malware
GET /js/lolzteam/mmenu-light.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 11:35:26 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"636e337e-984"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 05032095a95b76df367f4a43d589d997
fa42f6732566f78099c165e72cec659e8f21d20d
0393363d638b39cc2f99b8630b4ffa57417844a39153dd9cb7127072a01c887a
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 31 Dec 2022 22:48:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 04 Jan 2023 21:02:56 GMT
ETag: "fa42f6732566f78099c165e72cec659e8f21d20d"
Last-Modified: Sat, 31 Dec 2022 21:02:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3356
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7826908abbe6fac0-OSL
counter.yadro.ru/hit?t52.6;rhttps%3A//zelenka.guru/threads/2347053/;s1280*1024*24;uhttps%3A//zelenka.guru/threads/2347053/;h%u041A%u0430%u043A%20%u043A%u0438%u043D%u0443%u0442%u044C%20%u0436%u0430%u043B%u043E%u0431%u0443%20%u043D%u0430%20%u0441%u043F%u0430%u043C%20%u0432%20%u0412%u041A%20%u0447%u0435%u0440%u0435%u0437%20python%20-%20%u0424%u043E%u0440%u0443%u043C%20%u0441%u043E%u0446%u0438%u0430%u043B%u044C%u043D%u043E%u0439%20%u0438%u043D%u0436%u0435%u043D%u0435%u0440%u0438%u0438%20%u2014%20Zelenka.guru%20%28Lolzteam%29;0.061695807588244334
88.212.201.198200 OK 437 B URL HTTP/1.1 counter.yadro.ru/hit?t52.6;rhttps%3A//zelenka.guru/threads/2347053/;s1280*1024*24;uhttps%3A//zelenka.guru/threads/2347053/;h%u041A%u0430%u043A%20%u043A%u0438%u043D%u0443%u0442%u044C%20%u0436%u0430%u043B%u043E%u0431%u0443%20%u043D%u0430%20%u0441%u043F%u0430%u043C%20%u0432%20%u0412%u041A%20%u0447%u0435%u0440%u0435%u0437%20python%20-%20%u0424%u043E%u0440%u0443%u043C%20%u0441%u043E%u0446%u0438%u0430%u043B%u044C%u043D%u043E%u0439%20%u0438%u043D%u0436%u0435%u043D%u0435%u0440%u0438%u0438%20%u2014%20Zelenka.guru%20%28Lolzteam%29;0.061695807588244334
IP 88.212.201.198:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash 3545402eaa67b52c4b2651d5e7e85802
162c451b08892dc9e2e68bcccd84f7eaa0e6552c
2bffc4940ac127d1b3909894b8ff9fd2310b936ccdedc13ed9faee58e5a51887
GET /hit?t52.6;rhttps%3A//zelenka.guru/threads/2347053/;s1280*1024*24;uhttps%3A//zelenka.guru/threads/2347053/;h%u041A%u0430%u043A%20%u043A%u0438%u043D%u0443%u0442%u044C%20%u0436%u0430%u043B%u043E%u0431%u0443%20%u043D%u0430%20%u0441%u043F%u0430%u043C%20%u0432%20%u0412%u041A%20%u0447%u0435%u0440%u0435%u0437%20python%20-%20%u0424%u043E%u0440%u0443%u043C%20%u0441%u043E%u0446%u0438%u0430%u043B%u044C%u043D%u043E%u0439%20%u0438%u043D%u0436%u0435%u043D%u0435%u0440%u0438%u0438%20%u2014%20Zelenka.guru%20%28Lolzteam%29;0.061695807588244334 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 31 Dec 2022 22:48:46 GMT
Content-Type: image/gif
Content-Length: 437
Connection: keep-alive
Expires: Fri, 31 Dec 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash b604b44a44140d3e443d1c1c9da02d8d
05407447253dbbd694e67456c6b25b5112bd359d
0dcc105aceee70b68e812bdb6033ab465720efe541259c35f19aa09fadc88bf8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73737
date: Sat, 31 Dec 2022 22:48:46 GMT
access-control-allow-origin: *
etag: "63ae6ee1-12009"
expires: Sat, 31 Dec 2022 23:48:46 GMT
last-modified: Fri, 30 Dec 2022 07:53:53 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8Ep2D5NnuaIzwJDFuCDtRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: teqxj8VriWgNBuqJcGNkst8+hr4=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4122
Expires: Sat, 31 Dec 2022 23:57:28 GMT
Date: Sat, 31 Dec 2022 22:48:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4122
Expires: Sat, 31 Dec 2022 23:57:28 GMT
Date: Sat, 31 Dec 2022 22:48:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4122
Expires: Sat, 31 Dec 2022 23:57:28 GMT
Date: Sat, 31 Dec 2022 22:48:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F625ac435-5ac8-46ca-9178-7aa9cb621f60.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F625ac435-5ac8-46ca-9178-7aa9cb621f60.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c820340d5ed98c9573754e3a749bf40c
09d31b45d4cc16c4d321e616e5445d9ba921a1ba
2a69c58358ae763ddef6603f783d7d25c465ff4d3777e6bd540c1b673381813a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F625ac435-5ac8-46ca-9178-7aa9cb621f60.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8307
x-amzn-requestid: 978a4b33-aded-49d7-a4a8-2ff5ee894b02
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0Oh0EhpIAMFyYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab2ad8-485bd7767c2ad3756ae98e7d;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 17:26:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nM4xeK1NnmKtlbbjTTjxN7O5AGUFLK69EHJgTY-Af_auYVSS_9Qtpw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 00:30:58 GMT
age: 80268
etag: "09d31b45d4cc16c4d321e616e5445d9ba921a1ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95a124fe-e6d2-4e12-bdda-561617ed7c45.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95a124fe-e6d2-4e12-bdda-561617ed7c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7cd52020f9a37bec75dea90eb6745889
8dd0e16dc4f3223680d1fbf695f715cd8d8d2a1c
d40af1ad8c20159972e0a3118eb9f2669736dd86fb4f5f03924d9cda7a277076
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95a124fe-e6d2-4e12-bdda-561617ed7c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5608
x-amzn-requestid: 00005f6c-985a-4deb-9094-ab8315b0df26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d9wMxFBGIAMFR6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aefa51-6720d7c2621a99ea7220304f;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 14:48:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y6iAy8ahj3FPkHFS6WauAob4QmgBGpD2mmtvfaQhY3zPLGjsRgdX2A==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 14:12:56 GMT
etag: "8dd0e16dc4f3223680d1fbf695f715cd8d8d2a1c"
content-type: image/jpeg
age: 30950
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67b75ebf-7439-4cd2-bd89-000ec5f3aab8.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67b75ebf-7439-4cd2-bd89-000ec5f3aab8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c0dc083dd00810ff8d197c5ad7fb6f7
9e1ca8f2da2a53f7941b6869684b458a3c72a96f
6abddb307b4eab72eeafc413d0eb005773e5100120c4e074f7f3baadf12fa954
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67b75ebf-7439-4cd2-bd89-000ec5f3aab8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8537
x-amzn-requestid: 4e0f7a60-ab06-4494-984d-34fcacf63ba1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d_oI7GZfIAMFkGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63afba38-6a6424991c4612dd6d3888fa;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 04:27:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HVSax8zutp54N838OPZjYA6MGIF5tCK3plkg9G7R4fg9jm71_Mdcvg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 21:19:51 GMT
age: 5335
etag: "9e1ca8f2da2a53f7941b6869684b458a3c72a96f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23035a1b5389046dbc9821cd92244215
2deec757f1833f6ae0956a5e0876bc31029e8722
564db87897cfa6df3920203687b33c0315a58e804b22fed2e1dbaddb3c3832b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6443a10-1e35-4576-9471-56fc40767f0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13981
x-amzn-requestid: d73b4be8-3a1b-4ed8-9487-43d540ff93e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4u5fEhiIAMFkgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acf83c-38067c0820fd6f7e4771345b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 02:15:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ie_MDBnENQW3b3yeuQbJc8MDqHt5mYLo2Hv_h4bAYtsrlQ1CJOBzAA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 18:28:11 GMT
age: 83677
etag: "2deec757f1833f6ae0956a5e0876bc31029e8722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2bf0587-3dfc-43e4-bbed-f247a90fb411.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2bf0587-3dfc-43e4-bbed-f247a90fb411.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a3c6f4fe2da827d2344c3f5064c1239
578579fb2109c7d527285ea6c8529bf1db3d92da
64ecc25525f3dec5c4e8cac9da7aba43bbeeb07ecfb69f12dce6448b3f66945a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2bf0587-3dfc-43e4-bbed-f247a90fb411.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11037
x-amzn-requestid: 55076b2b-a5d4-4bef-9a71-be6bbc83e119
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d_KfGG_HIAMFx8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63af8ac6-5e85e255717038b34cefece6;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 01:05:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9cC0NIkF2yolxF2O_LNA36-LwCkLyKWuEidwN_7jaefvp-wNp6gEVg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 06:09:58 GMT
age: 59928
etag: "578579fb2109c7d527285ea6c8529bf1db3d92da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a92938ba6a58bd49a9938a24e404cba
2adeb5279f5a130a4ddc05199bc7b0b197a3cabc
1779831cec3a72aa82e2dab789c043da6a7fa432ff75a644733b0ee5f81b965b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10426
x-amzn-requestid: b6ad4eac-168a-477b-9883-f77fffc6468f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d5ZfRG7XIAMF7zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad3c61-7766d0293ca12d6e2436ac66;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 07:06:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64b2KYy3x32_Z7bLzCIDOVtTsC2OsBCcF4kmfb_2ZhulTcspF5c0Uw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 31 Dec 2022 07:47:42 GMT
age: 54064
etag: "2adeb5279f5a130a4ddc05199bc7b0b197a3cabc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 31 Dec 2022 22:48:46 GMT
access-control-allow-origin: *
etag: "63ae6ee1-2b"
expires: Sat, 31 Dec 2022 23:48:46 GMT
accept-ranges: bytes
last-modified: Fri, 30 Dec 2022 07:53:53 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/85597711/1?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20%28Lolzteam%29&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/85597711/1?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20%28Lolzteam%29&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash a3ffbeee6b9e6d4aeabcdd5aa22e227f
cf60cf086107c6fa9e44da7539745c81bb7ecb08
42e95b685c4c82a27620721f4abc71fd5bc6afe80aab709f51f8e38bebf9b2b0
GET /watch/85597711/1?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20%28Lolzteam%29&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zelenka.guru
Referer: https://zelenka.guru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sat, 31 Dec 2022 22:48:46 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://zelenka.guru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 31-Dec-2022 22:48:46 GMT
last-modified: Sat, 31-Dec-2022 22:48:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-J7RS527GFK>m=2oebu0&_p=2127533304&cid=473710325.1672526920&ul=en-us&sr=1280x1024&_s=1&sid=1672526919&sct=1&seg=0&dl=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dr=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dt=%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-J7RS527GFK>m=2oebu0&_p=2127533304&cid=473710325.1672526920&ul=en-us&sr=1280x1024&_s=1&sid=1672526919&sct=1&seg=0&dl=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dr=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dt=%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-J7RS527GFK>m=2oebu0&_p=2127533304&cid=473710325.1672526920&ul=en-us&sr=1280x1024&_s=1&sid=1672526919&sct=1&seg=0&dl=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dr=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&dt=%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zelenka.guru
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://zelenka.guru
date: Sat, 31 Dec 2022 22:48:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/FroalaEditor/utility.js?_v=28ef5a19
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/js/lolzteam/FroalaEditor/utility.js?_v=28ef5a19
IP 151.80.169.28:0
Analyzer Verdict Alert fortinet Malware
GET /js/lolzteam/FroalaEditor/utility.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 20:49:18 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a3714e-d66"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/thread_improvements/core.min.js?_v=28ef5a19
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/js/lolzteam/thread_improvements/core.min.js?_v=28ef5a19
IP 151.80.169.28:0
GET /js/lolzteam/thread_improvements/core.min.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 22:19:03 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a38657-3979"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/85597711?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/85597711?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
GET /watch/85597711?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20(Lolzteam)&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zelenka.guru
Connection: keep-alive
Referer: https://zelenka.guru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/85597711/1?wmode=7&page-url=https%3A%2F%2Fzelenka.guru%2Fthreads%2F2347053%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A1552%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A293121946713%3Ahid%3A920177188%3Az%3A0%3Ai%3A20221231224839%3Aet%3A1672526920%3Ac%3A1%3Arn%3A455046572%3Arqn%3A1%3Au%3A1672526920364294792%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C110%2C0%2C%2C0%2C%2C1298%2C103%2C%2C%2C%2C1556%3Aco%3A0%3Ans%3A1672526917716%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1672526920%3At%3A%D0%9A%D0%B0%D0%BA%20%D0%BA%D0%B8%D0%BD%D1%83%D1%82%D1%8C%20%D0%B6%D0%B0%D0%BB%D0%BE%D0%B1%D1%83%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%B0%D0%BC%20%D0%B2%20%D0%92%D0%9A%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20python%20-%20%D0%A4%D0%BE%D1%80%D1%83%D0%BC%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D0%B8%D0%BD%D0%B6%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D0%B8%20%E2%80%94%20Zelenka.guru%20%28Lolzteam%29&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 31 Dec 2022 22:48:46 GMT
access-control-allow-origin: https://zelenka.guru
set-cookie: yabs-sid=967451071672526926; Path=/; SameSite=None; Secure
i=DKNYg9/8tLwlkxAOgOa4BjXdALjCsHj0kn29VD57fm0cGTpHCm1a+1ydIdr63ldZyVJG3tdLLQppfmX9RJvBED2wv5k=; Expires=Tue, 28-Dec-2032 22:48:43 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=1691080561672526926; Expires=Sun, 31-Dec-2023 22:48:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1691080561672526926; Expires=Sun, 31-Dec-2023 22:48:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1704062926.yc.1672526926#1704062926.yrts.1672526926#1704062926.yrtsi.1672526926; Expires=Sun, 31-Dec-2023 22:48:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 31-Dec-2022 22:48:46 GMT
last-modified: Sat, 31-Dec-2022 22:48:46 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/im/mustache.min.js
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/js/lolzteam/im/mustache.min.js
IP 151.80.169.28:0
Analyzer Verdict Alert fortinet Malware
GET /js/lolzteam/im/mustache.min.js HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Mon, 23 May 2022 09:52:26 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"628b595a-26e1"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/public/zelenka/256-christmas.svg
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/public/zelenka/256-christmas.svg
IP 151.80.169.28:0
Analyzer Verdict Alert fortinet Malware
GET /public/zelenka/256-christmas.svg HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/css.php?css=xenforo,form,public&style=9&dir=LTR&d=1672484868
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:46 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Fri, 16 Dec 2022 19:32:51 GMT
etag: W/"639cc7e3-8158"
expires: Tue, 03 Jan 2023 22:48:46 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/xenforo/xenforo.js?_v=28ef5a191
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/js/lolzteam/xenforo/xenforo.js?_v=28ef5a191
IP 151.80.169.28:0
Analyzer Verdict Alert fortinet Malware
GET /js/lolzteam/xenforo/xenforo.js?_v=28ef5a191 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Sun, 25 Dec 2022 10:58:26 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a82cd2-6d28b"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
zelenka.guru/js/lolzteam/FroalaEditor/fix.js?_v=28ef5a19
151.80.169.28200 OK 0 B URL HTTP/2 zelenka.guru/js/lolzteam/FroalaEditor/fix.js?_v=28ef5a19
IP 151.80.169.28:0
GET /js/lolzteam/FroalaEditor/fix.js?_v=28ef5a19 HTTP/1.1
Host: zelenka.guru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zelenka.guru/threads/2347053/
Cookie: sfwefwe=7d0c17287f652c7263c275df0e332489; xf_session=f3838f7db08b3ffc7e651d9a722beff9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 31 Dec 2022 22:48:44 GMT
content-type: application/javascript
last-modified: Sat, 24 Dec 2022 12:40:21 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63a6f335-4b18"
expires: Tue, 03 Jan 2023 22:48:44 GMT
cache-control: max-age=259200
access-control-allow-origin: https://lzt.market
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-headers: x-ajax-referer
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2