302 Found 2 B URL User Request GET HTTP/1.1 IP
ASN #133618 Trellian Pty. Limited
Certificate IssuerLet's Encrypt
Subjectf6u8.xyz
FingerprintD7:D5:28:5E:79:B2:AB:67:56:2F:C8:17:F4:F9:EC:B4:C1:8E:2A:B0
ValidityFri, 18 Oct 2024 04:19:18 GMT - Thu, 16 Jan 2025 04:19:17 GMT
Hash e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: ruzewiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
date: Fri, 13 Dec 2024 14:08:56 GMT
server: Apache
set-cookie: __tad=1734098936.2102390; expires=Mon, 11-Dec-2034 14:08:56 GMT; Max-Age=315360000
location: http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
200 OK 1.2 kB URL User Request GET HTTP/1.1 ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
IP
File type HTML document, ASCII text, with very long lines (438)
Hash 9cbdb3b0dcf533e7652b6766afa0a323
e2a06604040f824d2fa77e68a0f9d965d1d96b28
04fb7cc90de693e14e50c7187c4fbea5df460f8403568777037bbd88c5adcf26
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?subid1=20241214-0108-56f2-ae86-1110dcdee27e HTTP/1.1
Host: ww25.ruzewiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 13 Dec 2024 14:08:55 GMT
content-type: text/html; charset=utf-8
content-length: 1170
x-request-id: 7b4833e0-9fd3-4ba1-8d10-61140cdc3652
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PAxmGC3L17VBy4lxxQNTbxe5qqFwnVaVCndchqcM20djPcwfXyh1pe17c163NitPVGDR5ocg4FxwIFFUKvD1vQ==
set-cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652; expires=Fri, 13 Dec 2024 14:23:56 GMT; path=/
GET ww25.ruzewiy.com/beVxDUDtq.js
200 OK 35 kB URL GET HTTP/1.1 ww25.ruzewiy.com/beVxDUDtq.js
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (35078)
Hash 4150be91c2a3cfe950ecd06dfda28bd6
aec65ee382f38ad6e2d4d6f35bbef215b97421b8
a5b590c1b46928f9679900f4943c4caa3cab59fe7ba28645f21c20331ebeb4e6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /beVxDUDtq.js HTTP/1.1
Host: ww25.ruzewiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 13 Dec 2024 14:08:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 35081
x-request-id: 166ab418-ad5b-48f6-883d-34f1cc169b08
set-cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652; expires=Fri, 13 Dec 2024 14:23:56 GMT
POST ww25.ruzewiy.com/_fd?subid1=20241214-0108-56f2-ae86-1110dcdee27e
200 OK 5.7 kB URL POST HTTP/1.1 ww25.ruzewiy.com/_fd?subid1=20241214-0108-56f2-ae86-1110dcdee27e
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
File type ASCII text, with very long lines (5717), with no line terminators
Hash a000c8e319653b58ec3938292eaa11b4
8fe7b53790402787a6689a74d6b97f591886f341
2c76280589f30cdda37c5b23d9809bb83490a09fff3fc10d1da3c67e11e9a294
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /_fd?subid1=20241214-0108-56f2-ae86-1110dcdee27e HTTP/1.1
Host: ww25.ruzewiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Content-Type: application/json
Origin: http://ww25.ruzewiy.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
date: Fri, 13 Dec 2024 14:08:55 GMT
content-type: application/json; charset=utf-8
content-length: 5717
x-request-id: 489a97b1-d831-4699-9a13-99dca8aa889d
set-cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652; expires=Fri, 13 Dec 2024 14:23:56 GMT
GET syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e
200 OK 2.8 kB URL GET HTTP/2 syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint58:3D:9C:C1:AD:FF:DB:76:C6:A2:47:40:3C:B0:40:4D:0E:9E:28:A8
ValidityMon, 04 Nov 2024 08:40:55 GMT - Mon, 27 Jan 2025 08:40:54 GMT
File type HTML document, ASCII text, with very long lines (13245)
Hash f9ae961b78db265609513470e73b35ff
36da0d9f9ba52b9486b97e6a4e2e69c49d13dfa1
f1d51bf9163ebbb1a94de0081a8d657d687f771d3cdb4ba1e76a78f088f72302
GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.ruzewiy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 13 Dec 2024 14:08:57 GMT
expires: Fri, 13 Dec 2024 14:08:57 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-rYJ5jLvwC195jj1lZD0K6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
POST ww25.ruzewiy.com/_tr
200 OK 2 B IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /_tr HTTP/1.1
Host: ww25.ruzewiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Content-Type: application/json
Content-Length: 2009
Origin: http://ww25.ruzewiy.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 13 Dec 2024 14:08:56 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-request-id: 7b72695b-38a9-40d4-813a-9cf12a108eec
set-cookie: parking_session=7b4833e0-9fd3-4ba1-8d10-61140cdc3652; expires=Fri, 13 Dec 2024 14:23:57 GMT
GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
200 OK 278 B URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint38:49:64:1C:E7:DB:46:FE:EB:37:6F:02:8A:1F:A4:10:71:7B:92:A0
ValidityMon, 04 Nov 2024 08:38:44 GMT - Mon, 27 Jan 2025 08:38:43 GMT
File type SVG Scalable Vector Graphics image
Hash fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 13 Dec 2024 12:48:49 GMT
expires: Sat, 14 Dec 2024 11:48:49 GMT
cache-control: public, max-age=82800
age: 4808
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
200 OK 174 B URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint38:49:64:1C:E7:DB:46:FE:EB:37:6F:02:8A:1F:A4:10:71:7B:92:A0
ValidityMon, 04 Nov 2024 08:38:44 GMT - Mon, 27 Jan 2025 08:38:43 GMT
File type SVG Scalable Vector Graphics image
Hash d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Dec 2024 17:35:13 GMT
expires: Fri, 13 Dec 2024 16:35:13 GMT
cache-control: public, max-age=82800
age: 74024
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET syndicatedsearch.goog/adsense/domains/caf.js
200 OK 54 kB URL GET HTTP/3 syndicatedsearch.goog/adsense/domains/caf.js
IP
Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol114%2Cpid-bodis-gcontrol456%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol160&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fcaf%3D1%26bpt%3D345%26subid1%3D20241214-0108-56f2-ae86-1110dcdee27e&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717107&format=r3&nocache=5151734098937004&num=0&output=afd_ads&domain_name=ww25.ruzewiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1734098937005&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=704712957&rurl=http%3A%2F%2Fww25.ruzewiy.com%2F%3Fsubid1%3D20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint58:3D:9C:C1:AD:FF:DB:76:C6:A2:47:40:3C:B0:40:4D:0E:9E:28:A8
ValidityMon, 04 Nov 2024 08:40:55 GMT - Mon, 27 Jan 2025 08:40:54 GMT
File type gzip compressed data, max compression
Hash adb2e35fb625319ec6e4798958dc6d8b
7cfbadf27a0ac9df5a83e58a19d56c62965c6b4d
12555ff9d364e4ec90b79ec8e1001caee8b54246d290fa5236c55fb3fe5e718f
GET /adsense/domains/caf.js HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndicatedsearch.goog/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 13 Dec 2024 14:08:57 GMT
expires: Fri, 13 Dec 2024 14:08:57 GMT
cache-control: private, max-age=3600
etag: "13035411928280928102"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=tce0asahnr1l&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0
204 No Content 0 B URL GET HTTP/3 syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=tce0asahnr1l&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint58:3D:9C:C1:AD:FF:DB:76:C6:A2:47:40:3C:B0:40:4D:0E:9E:28:A8
ValidityMon, 04 Nov 2024 08:40:55 GMT - Mon, 27 Jan 2025 08:40:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=tce0asahnr1l&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.ruzewiy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LB1QaEcse7i93iGYlI96kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 13 Dec 2024 14:08:58 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=e1yxxrxmkrq0&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0
204 No Content 0 B URL GET HTTP/3 syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=e1yxxrxmkrq0&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subjectsyndicatedsearch.goog
Fingerprint58:3D:9C:C1:AD:FF:DB:76:C6:A2:47:40:3C:B0:40:4D:0E:9E:28:A8
ValidityMon, 04 Nov 2024 08:40:55 GMT - Mon, 27 Jan 2025 08:40:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=e1yxxrxmkrq0&aqid=-T9cZ47JCaC2xdwPneDJ6Q0&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=704712957&csala=7%7C0%7C295%7C63%7C10&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: syndicatedsearch.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.ruzewiy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-MTEquM03rxqsVu5Gtm971w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 13 Dec 2024 14:08:58 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET www.google.com/adsense/domains/caf.js?abp=1&bodis=true
200 OK 147 kB URL GET HTTP/2 www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
Requested by http://ww25.ruzewiy.com/?subid1=20241214-0108-56f2-ae86-1110dcdee27e
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintC1:EF:1D:9F:32:BB:31:2D:F3:08:D9:D6:97:9C:21:A1:A2:67:F9:C5
ValidityMon, 04 Nov 2024 08:39:37 GMT - Mon, 27 Jan 2025 08:39:36 GMT
File type JavaScript source, ASCII text, with very long lines (1932)
Size 147 kB (146818 bytes)
Hash 666d8ead3cbe7889e07d257871a93a98
dce56f9d2f84af88b8d7e3f21956398c91a426e9
eca612ed2b6e3bdb3a27a494b0ac0b620a4d01b5da31229d8620177160670244
GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.ruzewiy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 13 Dec 2024 14:08:56 GMT
expires: Fri, 13 Dec 2024 14:08:56 GMT
cache-control: private, max-age=3600
etag: "4428106443768995416"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
103.224.212.214
199.59.243.227