{"report_id":"80cfb3ca-7a1d-4333-9c36-2a94f2b21a98","version":6,"status":"done","tags":[],"date":"2025-12-24T22:30:43Z","url":{"schema":"http","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":0,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"title":"Тайный Санта для: Зам. Зав. ТП | Mila Luna","dom":{"size":36935,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (36659)","md5":"bc497c280ef8775a63d467cc19a423d9","sha1":"5cae0e68bbac57b3ca1551df3c44d8ca910c8ece","sha256":"7f934870e2e931328110945d7a81291c93723fcd4306ab82192241f7acf7ef76","sha512":"aa5f325acb4d5555cb56ec1aeb733e9e44c0bb03f7b6972adf7918b4c3b09b86fad2dfc37e1a76f6890ef0c342e3c46fa97df09d198fd1da86dfef33b4c5bb86","ssdeep":"768:FdljsVgPA3Va48UETJa7LZ7JZYsuQo26Ce3f5P3qxooX:FdmV+Axiy7JZnu926CehPxoX","tlshash":"c6f209cd7fa1b06383aa65e4813f580b633f6a4eb44c45a9b255c9f4187e44d632bf38","dom_hash":"domhash04e1eb926a2f0d2de8b1ec6314c31f5b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":0,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-28T22:30:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T22:30:22Z","timestamp":1766615422,"ip_dst":{"addr":"172.18.0.4","port":49314,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.115.92.104","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 36","source":"{\"timestamp\":\"2025-12-24T22:30:22.418980+0000\",\"flow_id\":2212131118160619,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.115.92.104\",\"src_port\":443,\"dest_ip\":\"172.18.0.4\",\"dest_port\":49314,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400035,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 36\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-12-24T22:30:22.367339+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-24T22:30:23Z","timestamp":1766615423,"ip_dst":{"addr":"172.18.0.4","port":59098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.115.93.195","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 36","source":"{\"timestamp\":\"2025-12-24T22:30:23.629986+0000\",\"flow_id\":765661294884002,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.115.93.195\",\"src_port\":443,\"dest_ip\":\"172.18.0.4\",\"dest_port\":59098,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400035,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 36\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-12-24T22:30:23.586914+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"sync.opendsp.ru","ip":{"addr":"176.114.85.200","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2022-08-24","domain_rank":261604,"first_seen":"2022-09-01T11:01:38Z","last_seen":"2025-12-20T07:22:34.027916Z","alert_count":0,"request_count":3,"received_data":750,"sent_data":1429,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sp.kombinat.digital","ip":{"addr":"77.223.103.139","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2025-04-16","domain_rank":596572,"first_seen":"2025-07-09T21:59:17.553875Z","last_seen":"2025-12-16T06:16:38.416948Z","alert_count":0,"request_count":1,"received_data":520,"sent_data":540,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tube.buzzoola.com","ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"domain_registered":"2010-08-11","domain_rank":205387,"first_seen":"2013-05-29T20:05:56Z","last_seen":"2025-12-16T08:26:46.025328Z","alert_count":0,"request_count":7,"received_data":450673,"sent_data":3357,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-21T22:17:07.06462Z","alert_count":0,"request_count":1,"received_data":13500,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"match.targetrtb.com","ip":{"addr":"185.115.92.104","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2025-03-06","domain_rank":272934,"first_seen":"2025-04-13T22:36:56.532641Z","last_seen":"2025-12-19T05:27:35.942891Z","alert_count":0,"request_count":2,"received_data":502,"sent_data":936,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-21T22:14:03.270461Z","alert_count":0,"request_count":6,"received_data":174301,"sent_data":3258,"comment":"","tags":null,"fingerprints":null},{"fqdn":"a.adspector.io","ip":{"addr":"172.67.161.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-02","domain_rank":213577,"first_seen":"2024-06-28T02:35:48Z","last_seen":"2025-12-18T01:51:28.980621Z","alert_count":0,"request_count":2,"received_data":1848,"sent_data":905,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"dm-eu.hybrid.ai","ip":{"addr":"37.230.131.16","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-12-19","domain_rank":74067,"first_seen":"2021-01-25T11:48:59Z","last_seen":"2025-12-20T13:52:42.976503Z","alert_count":0,"request_count":1,"received_data":401,"sent_data":473,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sync.programmatica.com","ip":{"addr":"77.246.157.204","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"domain_registered":"2016-10-12","domain_rank":256275,"first_seen":"2022-12-17T01:18:07Z","last_seen":"2025-12-16T15:00:59.962328Z","alert_count":0,"request_count":2,"received_data":690,"sent_data":966,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.gonet-ads.com","ip":{"addr":"188.42.104.140","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2022-04-05","domain_rank":164679,"first_seen":"2023-02-03T11:32:31Z","last_seen":"2025-12-16T06:16:39.648851Z","alert_count":0,"request_count":1,"received_data":345,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kimberlite.io","ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2017-03-16","domain_rank":17539,"first_seen":"2017-09-14T05:18:59Z","last_seen":"2025-12-23T07:07:39.209996Z","alert_count":0,"request_count":6,"received_data":3569,"sent_data":2902,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"redirect-frontend.weborama-tech.ru","ip":{"addr":"178.154.231.214","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-03-09","domain_rank":442195,"first_seen":"2023-04-13T07:28:45Z","last_seen":"2025-12-20T11:15:17.467019Z","alert_count":0,"request_count":1,"received_data":440,"sent_data":530,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cmr.bidderstack.com","ip":{"addr":"185.149.242.234","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2017-04-25","domain_rank":274973,"first_seen":"2024-06-26T06:54:13Z","last_seen":"2025-12-18T12:24:46.159503Z","alert_count":0,"request_count":1,"received_data":271,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}]},{"fqdn":"match.ohmy.bid","ip":{"addr":"37.0.127.205","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-06-09","domain_rank":283479,"first_seen":"2023-05-23T09:17:10Z","last_seen":"2025-12-16T06:16:39.422162Z","alert_count":0,"request_count":1,"received_data":512,"sent_data":532,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1026--9ebc542c-be63-4fb3-8333-d4ead91babe8.stbid.ru","ip":{"addr":"185.115.93.195","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":204,"sent_data":512,"comment":"","tags":null,"fingerprints":[{"name":"Angie:1.10.3","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}]},{"fqdn":"ssp-rtb.sape.ru","ip":{"addr":"193.3.184.90","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2006-06-19","domain_rank":153781,"first_seen":"2016-02-02T17:01:03Z","last_seen":"2025-12-21T01:59:34.060908Z","alert_count":0,"request_count":2,"received_data":1255,"sent_data":1246,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cm.pxltag.com","ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2025-05-25","domain_rank":0,"first_seen":"2025-11-18T10:18:49.548967Z","last_seen":"2025-12-18T12:24:45.158333Z","alert_count":0,"request_count":1,"received_data":402,"sent_data":580,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sync.upravel.com","ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2017-03-25","domain_rank":187521,"first_seen":"2017-05-29T09:13:46Z","last_seen":"2025-12-17T10:03:57.280379Z","alert_count":0,"request_count":6,"received_data":5073,"sent_data":2988,"comment":"","tags":null,"fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}]},{"fqdn":"ssp.al-adtech.com","ip":{"addr":"45.139.25.123","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"domain_registered":"2024-01-16","domain_rank":164448,"first_seen":"2024-01-30T10:38:38Z","last_seen":"2025-12-16T19:48:52.968222Z","alert_count":0,"request_count":1,"received_data":688,"sent_data":439,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mc.acint.net","ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":245226,"first_seen":"2024-01-29T15:31:01Z","last_seen":"2025-12-24T02:51:37.714005Z","alert_count":0,"request_count":1,"received_data":455,"sent_data":571,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"match.new-programmatic.com","ip":{"addr":"217.65.2.150","port":443,"asn":3175,"as":"Citytelecom LLC","country":"Russia","country_code":"RU"},"domain_registered":"2020-02-18","domain_rank":172258,"first_seen":"2020-02-18T20:50:06Z","last_seen":"2025-12-24T01:31:58.680492Z","alert_count":0,"request_count":2,"received_data":571,"sent_data":950,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.digitalcaramel.com","ip":{"addr":"178.72.133.225","port":443,"asn":0,"as":"","country":"Armenia","country_code":"AM"},"domain_registered":"2017-09-17","domain_rank":0,"first_seen":"2025-07-14T09:44:15.922971Z","last_seen":"2025-12-21T12:11:41.457094Z","alert_count":0,"request_count":1,"received_data":250,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sync.dmp.otm-r.com","ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-01-16","domain_rank":124233,"first_seen":"2017-02-03T07:19:51Z","last_seen":"2025-12-24T11:46:20.42683Z","alert_count":0,"request_count":2,"received_data":603,"sent_data":943,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"randpad.ru","ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":11,"request_count":11,"received_data":106819,"sent_data":8946,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"dm.hybrid.ai","ip":{"addr":"37.230.131.16","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-12-19","domain_rank":93939,"first_seen":"2018-08-22T12:51:55Z","last_seen":"2025-12-21T17:18:54.24873Z","alert_count":0,"request_count":2,"received_data":688,"sent_data":798,"comment":"","tags":null,"fingerprints":null},{"fqdn":"exchange.buzzoola.com","ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2010-08-11","domain_rank":80108,"first_seen":"2014-10-17T15:20:27Z","last_seen":"2025-12-16T06:16:39.23062Z","alert_count":0,"request_count":13,"received_data":12780,"sent_data":7247,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cs.alfasense.com","ip":{"addr":"104.21.43.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-01-29","domain_rank":421111,"first_seen":"2022-04-13T13:39:50Z","last_seen":"2025-12-19T05:27:35.665743Z","alert_count":0,"request_count":2,"received_data":2047,"sent_data":994,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.acint.net","ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":175167,"first_seen":"2014-02-14T21:23:16Z","last_seen":"2025-12-24T17:21:20.85273Z","alert_count":0,"request_count":2,"received_data":1443,"sent_data":1259,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acint.net","ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":7617,"first_seen":"2014-02-14T21:23:16Z","last_seen":"2025-12-16T18:11:47.145006Z","alert_count":0,"request_count":3,"received_data":1502,"sent_data":1781,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.dvgroup.com","ip":{"addr":"82.148.21.217","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"1998-09-12","domain_rank":429256,"first_seen":"2024-09-03T12:22:07Z","last_seen":"2025-12-17T06:52:56.921748Z","alert_count":0,"request_count":1,"received_data":250,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.utraff.com","ip":{"addr":"213.171.19.244","port":443,"asn":56694,"as":"LLC Smart Ape","country":"Russia","country_code":"RU"},"domain_registered":"2016-09-27","domain_rank":179342,"first_seen":"2019-02-27T10:01:37Z","last_seen":"2025-12-23T09:58:07.957075Z","alert_count":0,"request_count":1,"received_data":661,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"traffaret.com","ip":{"addr":"194.186.91.196","port":443,"asn":3216,"as":"PVimpelCom","country":"Russia","country_code":"RU"},"domain_registered":"2021-04-02","domain_rank":39350,"first_seen":"2025-05-20T15:21:58.332469Z","last_seen":"2025-12-20T16:35:16.768271Z","alert_count":0,"request_count":1,"received_data":820,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"f73e9c0659a190cc38cc77c818b0ad0b","sha1":"3009a189960e709b60470ccaf2150989d1531081","sha256":"a3e4f8f37fa273ea7258bb15d5f94692c1b12f09d3caa364199b2b73741620f6","sha512":"a7b6ba6a0352356847dd7e64420658265981c1b8118c40d12378910b00aa05eec743a824dc80fc69e2bfca255a863f26021080b9387f626a15f2781aa6ebeb29","ssdeep":"","tlshash":"37d0233331c8d064d0432e394f6d03dd5935696130c3d115440fa67054800130f377db","size":217,"data":"","first_seen":"2023-03-07T01:25:01Z","last_seen":"2026-04-01T07:03:56.211184Z","times_seen":1241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal-script.js?v=2.0","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"457c73ca5f2dbe915282d20120c00e89","sha1":"9c7a36402e87e302eeb8491d48f04d80e5da618b","sha256":"b945c25a586c82c857310c4ecd637ce720ff11c2347e0fe01a8e11238a2b421c","sha512":"82c88b9cbdd287a284ee7d530a36d8349ce0aa332292544c5f429fba4c4dda1f90c19de65459d762a7aaae93d23db1442793c392db6e6b3ef0066cb6c311049b","ssdeep":"192:WykQax3ZfgmjWxldYDXzJCQClTswD//ZZaHyLlkYLD:Wy/+ShP","tlshash":"e1e1870530f7145e0453a0ab9b8792487a6690bf399ac5957d2d4b3e3ff2a1095fb3cc","size":7091,"data":"","first_seen":"2025-12-24T22:30:53.179947Z","last_seen":"2025-12-24T22:30:53.179947Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/js/snow.js","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"ece1ab7668db61fb5e0776c13228da35","sha1":"938572f8c9375bad479ecdc2ac21ae0fd4d5766f","sha256":"8c524c47fa67b1ae363af045493bbe98dbaca0750746034537a22749acc7ffa4","sha512":"1087d1f9fc62eb73c77490d7005a40c37f52455a360682cac5af3799af5fee3f3740ef14090fb55f80abeeca5637e503f17617ad7336b634783f588c79449a1a","ssdeep":"","tlshash":"2141420ea6f306280023303e1b5bf205f3a3803b3945cc09b91da7948ff79265a65b6d","size":2205,"data":"","first_seen":"2025-12-24T22:30:53.197195Z","last_seen":"2025-12-24T22:30:53.197195Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/js/menu.js","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f2f744b968863e40db20631e8ef5ae9e","sha1":"c916e98c3ad2a9d291768a8020d2280acf9296cc","sha256":"8f8668bc46012b9748ecde74650504cda61fd2d665cceb4e95f1269296217b53","sha512":"a7883eef75840f71eb73418e87f4e2093f2db51e79cc166443d8260cc5835841487a6c0259b643b35b9e9eeff4ad473fcb5060a47a512d3ea32e2e761d8d38f7","ssdeep":"192:pTc0xJNqKzcIXcCF7twuQvj/v2BsHU6swhJ4UO3MM:pTc0xJ59s/2BCU6bh6UmV","tlshash":"77d185b581bb00a74163703a4b4be5083eb504bf3146ee66746e6e0e3fd680485ba7e5","size":6704,"data":"","first_seen":"2025-12-24T22:30:53.193049Z","last_seen":"2025-12-24T22:30:53.193049Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"66eac4ec9cac62aee5454f793369ad82","sha1":"f8ffbc182fb45377175a8c3b74ea917529c0d3ad","sha256":"ce0b2c954d9960f3bf98684c71c51de44f04649bd7e762dc75625c2791ad7812","sha512":"3eb5a8f16b19e3f60c089eca1347174be3574108a411bb28197e1cf2bf7f555e3a4cd422fafa9cc316f805a0b15b66ef3225b58035bba6fa26b710ee47e9309f","ssdeep":"1536:/2idjjZ10IU7e335uQ7C/C2m0hXEYVEFRgd5KV4MXAMrP2H:/2imIU7e3pu1XEYVEFW7aCac","tlshash":"2aa32acd7fa0b06343e362d4903f550e637b5a2ea80cc5a4b699c5e4587d88e423bf79","size":107045,"data":"","first_seen":"2025-12-24T00:12:42.132586Z","last_seen":"2026-01-14T23:52:27.915933Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"eventHandler","is_inline":false,"md5":"7c3c3ddeb80438dcbb3d081d2d00e152","sha1":"5a4016732ee72ec77b4f6ab17047bcea6d2ea34d","sha256":"321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187","sha512":"b252f7dc795284fe8ce404711809130d8e16670a8e49b271f9a24b04a542a0fccb7a8c7238c12b37db35fe73a2fbf1cdb374468574db4e6d39975a17dca547a3","ssdeep":"","tlshash":"de6000f0003000000003c30000330cf300000c0f00ccc30cfc0000c000c00000000c03","size":16,"data":"","first_seen":"2023-04-10T15:57:29Z","last_seen":"2026-04-03T22:30:33.244237Z","times_seen":232868,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"26301fca2ee22e214f43b1e977e9fb64","sha1":"2e367b2eaf70d1c653d3277e9da3aa00fbb53290","sha256":"1c78297c9ebdba62342b16f74257ebf40b5fbcaadfa080eabecbf0758e8714be","sha512":"ef935099acd4751721f134da6698b6bfbc74485affc947cb2f905c40166e3272ef1957bed9a5310256e29e3c6de6dd4dbcdf9f49830e1a3475c74ee0707887d4","ssdeep":"768:LdljsVgPA3Va48UETJa7LZ7JZYsuQo26Ce3f5P3qxooo:LdmV+Axiy7JZnu926CehPxoo","tlshash":"02f209cd7fa1b06383aa65e4813f580b633f6a4eb44c45a9b255c9f4187e44d632bf38","size":36598,"data":"","first_seen":"2025-12-24T00:12:42.114352Z","last_seen":"2026-01-14T23:52:28.03623Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.d423e035659df80a2fae188845e1ca30.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"d3885645e4829af8c72366f36b662d92","sha1":"ef6ffaedb5f8a199ec179429ca3f4a090c429ada","sha256":"fd051873f8b04c1f115eaeccfe541543a44e37c6df0157043355bb611fd69c03","sha512":"73acfbf56b62cf6bb2f4c1c4c45bf78f5c7c321cdd436c0d06bd36916deaa5fe9de57fbdb984c267b59aa75d1bb861e10d0b7bfdc20fa4877d3f7d324e8250cb","ssdeep":"96:ka/1r413eAYuH+HDfIUYrYVQhhcvsgLIg2XwhuhX+wJGYXSuPDY6h:kV13yuH+HDsWIg2Xw0hX+w07o","tlshash":"fde1a6c971d2f1b8076221b4852f850ae33f363c548d59b4e394e0e7bd7426e4b5abb8","size":6875,"data":"","first_seen":"2024-06-05T20:08:08Z","last_seen":"2026-04-03T19:05:07.665299Z","times_seen":508,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad6fbb969f52c0323f1c93d8b6cf3f04","sha1":"8c2c55c43fed06ba87371f97f1c2b5ee7905a7ad","sha256":"9f4e79fab75d6c7cfc9862a78a88f8c84b6a2d97ad77061044fbb3163d32fd2b","sha512":"82374dd02c75e8b8280f2ed9e1cc242f73ad3d96ae46c42e9290f984860b56fe01dd37c82b520ff3663b242ec07dc0b896249ae9db4bbfb17f76d0daa500426b","ssdeep":"","tlshash":"dcd01239b211543d0137949a665571de7851015fa80c701d3d1c02502f1c79fc762a95","size":196,"data":"","first_seen":"2025-12-24T22:30:53.206102Z","last_seen":"2025-12-24T22:30:53.206102Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/js/lib/buzzoola_ufp.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4f91442f3c51aa0ab4d00240cb9ca53","sha1":"9fad8ac07c22c86ab006bac7207e7928098a22c1","sha256":"c5b7be7ff5a92d4d03ae4b96a3931d1349f726affed96d8b64ecbd1ef7de598f","sha512":"b7af177eaf8de9bb7cfe4332c223524d40415e517b4770fb923b71c8d31bc22f08c975226934e9d4d2262a3e94acdf718d5c970725ed9cbb75589da98207b7c0","ssdeep":"384:MtJpg1qCMUYbJZ9uhMN9wgR1YOO6ghS++1ZBneflJnbRbpxsqmpv4Ypm7RnCE0i6:8Jpg17MUYbJZ9Oiw1uWSjH0ftsuNCR","tlshash":"6452d7e9f28ee4f745f43756582a635a7371c43064384918f90cd682ea07dea907ebb4","size":13432,"data":"","first_seen":"2025-03-28T18:47:27.609281Z","last_seen":"2026-04-03T22:41:05.791616Z","times_seen":2645,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.buzzplayer_submodules.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"354533172e367838032baf8e7f6313f2","sha1":"bba73a7c0e3a627b626b82ace32d2d007503b675","sha256":"eb2045931e6de1ddb6d326e566702d1b3fd37a00cac7e1efb15eb648bd33df74","sha512":"428000952f34f28292804f8333a73c631ba8aa751c247614af2123d06b425c25a1ce7b23135def41b16b54787d56b7b37e8599f3f365e5066a23a7968fdee5aa","ssdeep":"3072:/9FmFLvdn9tKlR6ahbe2n5n2VmmnoQr1yMoCFiYtXD7://mptKCagnoQr1yMoYiCn","tlshash":"e0042add7721b472439a92b8502f160a333a359de04085bdb9b9dce558b9c98223ff7c","size":173768,"data":"","first_seen":"2025-12-24T00:12:42.116623Z","last_seen":"2026-01-13T09:51:12.584465Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.buzzplayer_placement_submodules.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"88c6f0d0aa2df2e041be9b3b9919fbec","sha1":"b04d994fd9b0cb9e3d096ecb5acb77db1db94ece","sha256":"66f05e474e90b95b3d0c607a99d7fcc48068e3fa3623a1a7773263a0b1bd715d","sha512":"630e48bf838fe03e00d95807c15d5e9d16de5028a9158f1365fa13102eb262c3afa2f4cb532ca714b003db3bb9f4721b7710f64b6ba4d0dd9afa40afa9191aa2","ssdeep":"384:Y+l04Yvx9jlAZyJz7nKFUt+N9UTujaHvQzYMhrywY8s:Y+l0PZhlAZyJz7nKetC9UTu2Hv49hzYl","tlshash":"bd92d999bb61317193d660f8a12b1f4e3336716c940582bc79acd8fa09f4d1d122fbb9","size":20620,"data":"","first_seen":"2025-12-20T02:25:16.684156Z","last_seen":"2026-01-13T09:51:12.577724Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"match.targetrtb.com/userbind?clid=\u0026src=carousel\u0026gi=1","fqdn":"match.targetrtb.com","domain":"targetrtb.com","tld":"com"},"ip":{"addr":"185.115.92.104","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"targetrtb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 10:35:51 GMT","end":"Mon, 05 Jan 2026 10:35:50 GMT"},"fingerprint":{"sha1":"29:EC:C3:6E:30:D2:33:FF:D3:2D:B4:55:6B:7C:AB:3C:26:FB:67:57","sha256":"0C:33:00:D4:8D:F0:EC:6A:F8:CF:B0:C9:BE:F3:15:39:38:0E:A2:8B:FF:59:C5:11:E0:0A:97:BF:7B:81:17:17"}}},"request":{"raw":"GET /userbind?clid=\u0026src=carousel\u0026gi=1 HTTP/1.1\r\nHost: match.targetrtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 22:30:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/upravel-video?uid=faae1aaa-b516-4e04-86ae-153d8b8ae99d","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/upravel-video?uid=faae1aaa-b516-4e04-86ae-153d8b8ae99d HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 23 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 97665\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T22:29:59.391883Z","times_seen":713237,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":174,"dns":1,"connect":15,"send":0,"wait":10,"receive":3,"ssl":164},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/multi/adn?set_buzzoola_cookie=t","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","date":"2025-12-24T22:30:22.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"POST /multi/adn?set_buzzoola_cookie=t HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 580\r\nOrigin: https://tube.buzzoola.com\r\nX-Alt-Referer: \r\nReferer: https://tube.buzzoola.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":580,"data":"{\"localtime\":\"2025-12-24 22:30:21\",\"site\":\"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\",\"tech_url\":\"https://randpad.ru\",\"ad_requests\":{\"buzzplayer-ad_unit-dd01d14d-1851-b8b8-6c86-064ac0f5cbd8\":{\"placement_id\":1308769}}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: application/json\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, X-Aidata-FP, If-None-Match\r\naccess-control-allow-origin: https://tube.buzzoola.com\r\naccess-control-expose-headers: Set-Cookie, Etag\r\nserverid: TODO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4375,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f55432e4d57f9fd7e5f1565e85ffc11a","sha1":"bf779f4bd6368cefe5693223f49ceef4904e96ca","sha256":"3eea3612ddad6902ba48472ada8b16ad41ef24bce9ccef50fee0d7c3a3601d72","sha512":"c426fb804dc836b08cdf0f2aa84b315952abaa25f8a087da3b3dd63a34bc5d7b47d2bfebf7f49287fbd2513ebf433223fe56c237553d24509f5dfc3bebe3e8ba","ssdeep":"96:QX6BsXzX6X4XcGXMXLuXodMsQXLy+X1jGXxXNXkXnQolTGNJtXXNXfErM+EXx5XL:5BRB9QZDhOJGxEQcOAys","tlshash":"8891c9fb90483794cb561bd400aef80ddc8f1adf99f598abd7b882455a882b3415d28a","first_seen":"2025-12-24T22:30:53.178043Z","last_seen":"2025-12-24T22:30:53.178043Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cm.pxltag.com/rsync?platform_id=09a40b4bd3eb414eadc690d25c3a3f57\u0026sync_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fadwile-banner-buzzoola%3Fuid%3D%7Binner_id%7D","fqdn":"cm.pxltag.com","domain":"pxltag.com","tld":"com"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pxltag.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 06:13:44 GMT","end":"Tue, 10 Mar 2026 06:13:43 GMT"},"fingerprint":{"sha1":"E4:D2:DA:16:48:1F:14:8A:3B:A2:4F:3C:9D:D6:D9:1C:49:B3:5A:0D","sha256":"A5:05:F3:6D:C3:71:05:C2:64:63:4F:3B:F6:68:00:58:3E:45:9B:8A:A8:18:B8:F8:1A:9D:AC:CC:FC:DB:1F:2F"}}},"request":{"raw":"GET /rsync?platform_id=09a40b4bd3eb414eadc690d25c3a3f57\u0026sync_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fadwile-banner-buzzoola%3Fuid%3D%7Binner_id%7D HTTP/1.1\r\nHost: cm.pxltag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.20.1\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\nlocation: https://exchange.buzzoola.com/cookiesync/dsp/adwile-banner-buzzoola?uid=RwOPKQLp9\r\nset-cookie: smi_uid=RwOPKQLp9; max-age=31536000; domain=.pxltag.com; path=/; HttpOnly; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":144,"dns":4,"connect":29,"send":0,"wait":79,"receive":0,"ssl":138},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/targetdsp-video?uid=","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/targetdsp-video?uid= HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/amberdata/sync","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /amberdata/sync HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session_tptc=1766615422842; user_id=9ebc542c-be63-4fb3-8333-d4ead91babe8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:24 GMT\r\ncontent-length: 0\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\nset-cookie: user_id=9ebc542c-be63-4fb3-8333-d4ead91babe8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\nuser_id-legacy=9ebc542c-be63-4fb3-8333-d4ead91babe8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\r\nlocation: https://dmg.digitaltarget.ru/1/6401/i/i?a=685\u0026e=9ebc542c-be63-4fb3-8333-d4ead91babe8\u0026i=2806975417051791\u0026c=up:9ebc542c-be63-4fb3-8333-d4ead91babe8.ss:685\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":62,"dns":1,"connect":24,"send":0,"wait":78,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 23 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 97665\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T22:29:59.391883Z","times_seen":713237,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":184,"dns":1,"connect":7,"send":0,"wait":13,"receive":4,"ssl":178},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dmp.otm-r.com/match/buzzoola_ssp","fqdn":"sync.dmp.otm-r.com","domain":"otm-r.com","tld":"com"},"ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.dmp.otm-r.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 06:06:37 GMT","end":"Tue, 10 Mar 2026 06:06:36 GMT"},"fingerprint":{"sha1":"C0:50:09:84:7A:D9:92:52:FE:BD:EA:94:B3:65:D6:83:2C:B3:52:8A","sha256":"6A:F5:31:88:A3:2A:6E:A1:F0:48:DA:7C:7D:A2:DD:EF:82:C2:71:12:9E:54:D7:9E:4F:C0:88:FA:C6:F9:E3:B3"}}},"request":{"raw":"GET /match/buzzoola_ssp HTTP/1.1\r\nHost: sync.dmp.otm-r.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.24.0 (Ubuntu)\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nlocation: /match/buzzoola_ssp?otcm_check=1766615422\r\nset-cookie: mpid=Njk0YzY5N2UwZTQzYjA0ZQ==; max-age=31536000; domain=otm-r.com; path=/; secure; SameSite=None; Partitioned\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":278,"dns":1,"connect":68,"send":0,"wait":67,"receive":0,"ssl":236},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/buzzoola_dsp?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"176.114.85.200","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/buzzoola_dsp?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":263,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":235},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/syncd","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/syncd HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nlocation: /rtb/syncd?rc=1\r\nset-cookie: u=aUxpfuYUmHI~fn5q0DVxxzXaEPmDuEATau7yMio; path=/; max-age=7776000; samesite=none; httponly; secure\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s24a;dur=0.0002\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":606,"timings":{"blocked":278,"dns":0,"connect":0,"send":0,"wait":69,"receive":1,"ssl":258},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/buzzoola2","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/buzzoola2 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nlocation: /rtb/sync/buzzoola2?rc=1\r\nset-cookie: u=aUxpfmwZxLQ~t15SXcKhdkTR2Yyi_tbWNWaThWc; path=/; max-age=7776000; samesite=none; httponly; secure\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s13;dur=0.0002\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":369,"timings":{"blocked":-1,"dns":1,"connect":56,"send":0,"wait":62,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"redirect-frontend.weborama-tech.ru/rd?url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdmp%2Fweborama%3Fuid%3D{WEBO_CID}","fqdn":"redirect-frontend.weborama-tech.ru","domain":"weborama-tech.ru","tld":"ru"},"ip":{"addr":"178.154.231.214","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.weborama-tech.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 Aug 2025 14:42:06 GMT","end":"Tue, 15 Sep 2026 18:38:30 GMT"},"fingerprint":{"sha1":"A5:CA:D7:3C:27:83:66:F7:26:43:0B:05:21:09:FF:7A:7A:AB:7D:A9","sha256":"53:AA:89:0C:4A:26:10:43:C0:A9:5C:10:98:06:D7:D5:6A:76:CC:34:2E:77:15:88:33:37:B6:31:0C:D7:CF:0B"}}},"request":{"raw":"GET /rd?url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdmp%2Fweborama%3Fuid%3D{WEBO_CID} HTTP/1.1\r\nHost: redirect-frontend.weborama-tech.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\np3p: CP=\"NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM\"\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\npragma: no-cache\r\nexpires: Tue, 03 Jul 2001 06:00:00 GMT\r\nlast-modified: Wed, 24 Dec 2025 22:30:22 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":377,"timings":{"blocked":54,"dns":6,"connect":38,"send":0,"wait":46,"receive":0,"ssl":228},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.kombinat.digital/cm?ssp=buzz\u0026redirect_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsmartreach-video%3Fuid%3D%7Buid%7D","fqdn":"sp.kombinat.digital","domain":"kombinat.digital","tld":"digital"},"ip":{"addr":"77.223.103.139","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.kombinat.digital","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 10:23:18 GMT","end":"Sun, 01 Mar 2026 10:23:17 GMT"},"fingerprint":{"sha1":"8F:91:B2:43:1C:1F:A6:7C:68:6E:71:E2:4A:D8:77:95:57:07:CE:0C","sha256":"3F:EC:8A:F1:CB:4E:59:7A:CB:F6:B0:F9:54:88:5C:B3:1A:7B:72:38:BF:75:51:79:B2:E6:7D:62:32:10:45:03"}}},"request":{"raw":"GET /cm?ssp=buzz\u0026redirect_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsmartreach-video%3Fuid%3D%7Buid%7D HTTP/1.1\r\nHost: sp.kombinat.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-02 1.105.a1db8cf\r\nLocation: https://exchange.buzzoola.com/cookiesync/dsp/smartreach-video?uid=99ef722d-114d-4996-8a1d-b640371ddced\r\nSet-Cookie: uid=99ef722d-114d-4996-8a1d-b640371ddced.694c697e.b94c581e565f22f; domain=.kombinat.digital; path=/; expires=Fri, 23-Jan-2026 22:30:22 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":115,"dns":1,"connect":32,"send":0,"wait":28,"receive":1,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal-script.js?v=2.0","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /tools/secret-santa/reveal-script.js?v=2.0 HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Wed, 03 Dec 2025 14:46:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69304d49-1bb3\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7091,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"457c73ca5f2dbe915282d20120c00e89","sha1":"9c7a36402e87e302eeb8491d48f04d80e5da618b","sha256":"b945c25a586c82c857310c4ecd637ce720ff11c2347e0fe01a8e11238a2b421c","sha512":"82c88b9cbdd287a284ee7d530a36d8349ce0aa332292544c5f429fba4c4dda1f90c19de65459d762a7aaae93d23db1442793c392db6e6b3ef0066cb6c311049b","ssdeep":"192:WykQax3ZfgmjWxldYDXzJCQClTswD//ZZaHyLlkYLD:Wy/+ShP","tlshash":"e1e1870530f7145e0453a0ab9b8792487a6690bf399ac5957d2d4b3e3ff2a1095fb3cc","first_seen":"2025-12-24T22:30:53.179947Z","last_seen":"2025-12-24T22:30:53.179947Z","times_seen":1,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.utraff.com/sync?ssp=Buzzoola","fqdn":"a.utraff.com","domain":"utraff.com","tld":"com"},"ip":{"addr":"213.171.19.244","port":443,"asn":56694,"as":"LLC Smart Ape","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"utraff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 12 Dec 2025 04:18:08 GMT","end":"Thu, 12 Mar 2026 04:18:07 GMT"},"fingerprint":{"sha1":"7F:77:C5:6F:57:1F:C2:53:D7:D3:04:93:B1:75:D8:91:AA:38:A0:78","sha256":"B2:CE:C5:75:9F:E8:F2:94:5D:6D:78:3C:9D:ED:55:DC:C8:2F:EA:4F:D2:50:B2:6F:A7:4A:85:A1:5F:4F:C0:14"}}},"request":{"raw":"GET /sync?ssp=Buzzoola HTTP/1.1\r\nHost: a.utraff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.24.0\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: preutid=1; Expires=Sat, 24 Jan 2026 01:30:22 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/\npreutid=1; Expires=Sat, 24 Jan 2026 01:30:22 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":5,"connect":46,"send":0,"wait":85,"receive":0,"ssl":236},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cs.alfasense.com/p?ssp=bz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"cs.alfasense.com","domain":"alfasense.com","tld":"com"},"ip":{"addr":"104.21.43.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"alfasense.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 17:33:11 GMT","end":"Thu, 05 Feb 2026 18:31:38 GMT"},"fingerprint":{"sha1":"7C:A8:71:BF:EA:34:98:A5:47:61:CD:C0:74:D4:29:41:ED:EF:BB:29","sha256":"E9:AE:19:EF:83:B7:81:30:53:5A:8D:B4:19:86:57:06:B1:38:A7:E5:D8:1A:48:63:E5:0A:10:A1:BF:4C:BD:78"}}},"request":{"raw":"GET /p?ssp=bz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: cs.alfasense.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\nlocation: https://cs.alfasense.com/p?ssp=bz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434\u0026_r=1\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccess-control-allow-headers: authorization, DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: no-store, no-cache, must-revalidate\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nset-cookie: uuid=47281db6-b003-4116-ad9a-0988c0e24d71; expires=Tue, 15 Dec 2026 22:30:22 GMT; domain=.alfasense.com; path=/; secure; SameSite=None\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-host: 192.168.0.7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8OBfck64w5btNWnQUL7Y6rHkxFbuVGk0LU7%2BwXLyduaZkLDHtoIpcMnwKxUBwIJqMZO4TXZ4uFTdoAbf0219NGJ9Wsti9xxAUFPx07T0CpQ%3D\"}]}\r\ncf-ray: 9b338af54b71723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":5,"connect":5,"send":0,"wait":35,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"176.114.85.200","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":1,"connect":33,"send":0,"wait":30,"receive":0,"ssl":228},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3D%26n%3D1","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3D%26n%3D1 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 116\r\nlocation: https://kimberlite.io/rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=\u0026n=1\r\nset-cookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434; Path=/; Domain=buzzoola.com; Expires=Fri, 23 Jan 2026 22:30:22 GMT; Max-Age=2592000; Secure; SameSite=None\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/multi/adn?set_buzzoola_cookie=t","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","date":"2025-12-24T22:30:21.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"OPTIONS /multi/adn?set_buzzoola_cookie=t HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-alt-referer\r\nReferer: https://tube.buzzoola.com/\r\nOrigin: https://tube.buzzoola.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\naccess-control-allow-origin: https://tube.buzzoola.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, X-Aidata-FP, If-None-Match, Content-Type\r\naccess-control-expose-headers: Set-Cookie, Etag\r\nallow: GET, POST\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/css/tool-page.css","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/css/tool-page.css HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 05 Nov 2025 07:46:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690b00e3-19bf\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6591,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with LF, NEL line terminators","md5":"c267fd61ffc3085e8705d79df510c7b2","sha1":"c848b644231f196236023684d27aad270dfad431","sha256":"b369196328a00153f9e460bf3d10c2eafc35d4e7b985fa917f2a16ba4cfa12f5","sha512":"c489d3a4dc35696ae69c3d9e0491fb43f7fa7e91723b8c4885023aa1230e62762befbe51028afd565c5ba4f0ea28eb69d8993b30c40303923671351b2c07529a","ssdeep":"96:y0kAitY0sfSTPbM+2zcPy0ocwrHHoQO6T96uYiYP48Tkc:y0BKJuSTzM5cPy0obxO8Yik4qv","tlshash":"c3d196405627186d190b3039eb592b8432a9e0fbef0fc6fe798959449fc53f492a3748","first_seen":"2025-12-24T22:30:53.181039Z","last_seen":"2025-12-24T22:30:53.181039Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/images/santa-hat.png","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/images/santa-hat.png HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/assets/css/main.css\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 20949\r\nlast-modified: Mon, 22 Dec 2025 22:08:40 GMT\r\netag: \"6949c168-51d5\"\r\nexpires: Fri, 23 Jan 2026 22:30:20 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20949,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"16155e7d7cc6cf7aabf488b7e53e652a","sha1":"8afea425a5d7d0d1ae88173948e508a5593b8510","sha256":"0f40c8c9c5d953132037d2f8a13476315a100a1e8b6824d03d3f1f930abfe10e","sha512":"5df277a3562b69c21c119da5f7172677e43bbaf2548544f8c52a66d023c9c074078d1a17849ba8c677e92940f199272bea21005829f478ee8e9cac3e4d439117","ssdeep":"384:WXo1VnM0tf0yS/w2kO4WT5wk2/kEY4lrCW0jQPZqTz5gC14Ng8sOtwxvSDAvMneL:WY110yS42kswBkNWGW0EMVgDg8yvSAVb","tlshash":"6d92d00ab0370525dca6387711878c3aff371631df381166e72ed633bd9d96421ba524","first_seen":"2025-12-24T22:30:53.182318Z","last_seen":"2025-12-24T22:30:53.182318Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cmr.bidderstack.com/bzla/cm?user_id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"cmr.bidderstack.com","domain":"bidderstack.com","tld":"com"},"ip":{"addr":"185.149.242.234","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bidderstack.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 26 Dec 2024 14:42:05 GMT","end":"Wed, 14 Jan 2026 11:07:44 GMT"},"fingerprint":{"sha1":"D3:CF:38:0C:FA:18:1C:F8:E8:E3:18:35:3E:3D:E6:82:B4:44:12:C1","sha256":"C6:91:A1:27:F0:56:52:64:73:25:39:60:8B:AA:DA:0C:92:DF:DD:2B:3C:50:92:0B:D8:7F:AF:F4:5B:3C:A8:79"}}},"request":{"raw":"GET /bzla/cm?user_id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: cmr.bidderstack.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie\r\nDate: Wed, 24 Dec 2025 22:30:34 GMT\r\nContent-Type: image/gif\r\nContent-Length: 44\r\nConnection: keep-alive\r\nx-from: nrr-3\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":44,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"f9d60352c70a2ba15616d1c9421f3844","sha1":"e9abc8bea7721a4b6a50295850d13c515006a95c","sha256":"82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9","sha512":"c236b22bcd48790ff970b8bc566061eae734e0d34c1a68cd8d6160415303e0b0b51fe5780fafe7349cf71cb10089c9f322495267eee019cc63f879727263df4b","ssdeep":"","tlshash":"49900003eb80c002c2a2c0300e0ccb802b88b030ae28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-06T18:33:49Z","last_seen":"2026-04-03T14:38:25.913479Z","times_seen":4252,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":157,"dns":0,"connect":19,"send":0,"wait":20,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.ohmy.bid/cm?ssp=buzz\u0026redirect_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fohmybid-video%3Fuid%3D%7Buid%7D","fqdn":"match.ohmy.bid","domain":"ohmy.bid","tld":"bid"},"ip":{"addr":"37.0.127.205","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ohmy.bid","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Oct 2025 15:45:39 GMT","end":"Sat, 03 Jan 2026 15:45:38 GMT"},"fingerprint":{"sha1":"EF:A2:21:7D:62:B9:E9:0F:EE:11:F0:38:1C:D6:7A:E7:53:65:15:8D","sha256":"45:80:3D:62:8B:EC:78:D5:D1:84:F8:93:1B:E2:FF:CE:65:BC:36:20:3B:B4:48:50:BD:29:09:74:68:5A:BA:B8"}}},"request":{"raw":"GET /cm?ssp=buzz\u0026redirect_url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fohmybid-video%3Fuid%3D%7Buid%7D HTTP/1.1\r\nHost: match.ohmy.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-05 1.2245.f77a67ed\r\nLocation: https://exchange.buzzoola.com/cookiesync/dsp/ohmybid-video?uid=867d93a0-4c27-461c-aeab-2420f3de1cc7\r\nSet-Cookie: uid=867d93a0-4c27-461c-aeab-2420f3de1cc7.694c697e.fca21431183ca53f; domain=.ohmy.bid; path=/; expires=Fri, 23-Jan-2026 22:30:22 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":-1,"dns":5,"connect":73,"send":0,"wait":58,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"traffaret.com/c/m.gif?s=14\u0026id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"traffaret.com","domain":"traffaret.com","tld":"com"},"ip":{"addr":"194.186.91.196","port":443,"asn":3216,"as":"PVimpelCom","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"traffaret.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 23:10:39 GMT","end":"Sun, 15 Mar 2026 23:10:38 GMT"},"fingerprint":{"sha1":"DB:14:72:A4:5A:E1:A1:6E:B2:75:54:9A:64:3F:5B:FA:AD:0E:3B:A1","sha256":"8A:9D:BB:7A:2E:5C:94:C3:DE:78:B7:BA:8F:49:33:66:6C:A3:A6:6F:76:7E:A3:C4:43:F0:E6:DA:41:69:CF:60"}}},"request":{"raw":"GET /c/m.gif?s=14\u0026id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: traffaret.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\ncache-control: no-cache, max-age=0, must-revalidate, no-store\r\npragma: no-cache\r\nexpires: Tue, 11 Sep 2001 12:46:00 GMT\r\nset-cookie: idntfy=VUkVOhgYy5RBVfz; expires=Sat, 22-Dec-2035 22:30:22 GMT; domain=traffaret.com; path=/c/; SameSite=None; Secure\nidntfy=VUkVOhgYy5RBVfz; expires=Sat, 22-Dec-2035 22:30:22 GMT; domain=traffaret.com; path=/core/; SameSite=None; Secure\nidntfy=deleted; path=/c; domain=traffaret.com; expires=Tue, 11 Sep 2001 12:46:00 GMT; SameSite=None; Secure\nidntfy=deleted; path=/core; domain=traffaret.com; expires=Tue, 11 Sep 2001 12:46:00 GMT; SameSite=None; Secure\r\nalt-svc: h3=\":443\"; ma=86400,h3-29=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":381,"timings":{"blocked":121,"dns":0,"connect":53,"send":0,"wait":51,"receive":0,"ssl":153},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/multi/adn","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","date":"2025-12-24T22:30:21.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"POST /multi/adn HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Alt-Referer: \r\nContent-Type: application/json\r\nContent-Length: 580\r\nOrigin: https://tube.buzzoola.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tube.buzzoola.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":580,"data":"{\"localtime\":\"2025-12-24 22:30:21\",\"site\":\"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\",\"tech_url\":\"https://randpad.ru\",\"ad_requests\":{\"buzzplayer-ad_unit-dd01d14d-1851-b8b8-6c86-064ac0f5cbd8\":{\"placement_id\":1308769}}}"}},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, X-Aidata-FP, If-None-Match\r\naccess-control-allow-origin: https://tube.buzzoola.com\r\naccess-control-expose-headers: Set-Cookie, Etag\r\nlocation: /multi/adn?set_buzzoola_cookie=t\r\nset-cookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434; Path=/; Domain=buzzoola.com; Expires=Fri, 23 Jan 2026 22:30:21 GMT; Max-Age=2592000; Secure; SameSite=None\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4375,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":33,"connect":30,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/buzzoola/sync","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /buzzoola/sync HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\nlocation: https://sync.upravel.com/buzzoola/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0=\r\nset-cookie: session_tptc=1766615422825;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180\nsession_tptc-legacy=1766615422825;Version=1;Domain=.upravel.com;Path=/;Max-Age=180\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":617,"timings":{"blocked":11,"dns":6,"connect":269,"send":0,"wait":50,"receive":0,"ssl":274},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/style.css","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /build/style.css HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: c4da83f9cd0728232cca1f02f6c44e62\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89542,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"9d8706e8729d2714d281dc2719eef3e4","sha1":"cdfd6267d1af52305481e98e3e9821e28b71307b","sha256":"ac0951c61aa254fad88a685e7c66c20513c8568fc9bca23ef37504aac69d971c","sha512":"849ca7a67c1c4605d3fa6370574be62a01badc5d7206a0d5beb90312ca2e3389b2e2df354a0a9c9580d5383a7f4bc8be4becf5af0a601640d4bb471849308c8d","ssdeep":"1536:dmPv60OmQ/HS3wtU/jwMS3wtU/jw7o48a2VFDk5sz4FEbsrefP9+wA7ihNBWv41E:4PC0OBIwIIw7M5FDkfiyX","tlshash":"7893d732eb103429b17a9652d2916bee3c78c403921317bdde653fe8828e0de3d6674d","first_seen":"2025-10-11T13:13:06.835318Z","last_seen":"2026-01-03T13:07:16.938683Z","times_seen":21,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/buzzoola2?rc=1","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/buzzoola2?rc=1 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: u=aUxpfmwZxLQ~t15SXcKhdkTR2Yyi_tbWNWaThWc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: u=aUxpfmwZxLQ~t15SXcKhdkTR2Yyi_tbWNWaThWc; path=/; max-age=7776000; samesite=none; httponly; secure\nda=UX4CYAAAAAE; path=/rtb; max-age=604800; samesite=none; httponly; secure\r\nlocation: https://exchange.buzzoola.com/cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsolta-video%253Fuid%253DaUxpfmwZxLQ%26n%3D1\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s11a;dur=0.0008\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/syncd?rc=1","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/syncd?rc=1 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: u=aUxpfuYUmHI~fn5q0DVxxzXaEPmDuEATau7yMio\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: u=aUxpfuYUmHI~fn5q0DVxxzXaEPmDuEATau7yMio; path=/; max-age=7776000; samesite=none; httponly; secure\nda=UX4CYAAAAAE; path=/rtb; max-age=604800; samesite=none; httponly; secure\r\nlocation: https://exchange.buzzoola.com/cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3D%26n%3D1\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s7a;dur=0.0009\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsape-banner%253Fuid%253D$%257BUSER_ID%257D\u0026dp=14","fqdn":"ssp-rtb.sape.ru","domain":"sape.ru","tld":"ru"},"ip":{"addr":"193.3.184.90","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sape.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 23:36:44 GMT","end":"Sat, 07 Mar 2026 23:36:43 GMT"},"fingerprint":{"sha1":"3D:9F:9C:85:A9:AB:7C:9C:83:0D:C2:B6:55:54:6F:89:BB:7F:7F:EE","sha256":"49:D9:BD:BD:C8:71:CC:CD:39:05:E4:44:2E:9E:54:03:9D:A8:07:B3:9E:E4:4E:FD:7A:38:89:6D:8A:12:EA:15"}}},"request":{"raw":"GET /rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsape-banner%253Fuid%253D$%257BUSER_ID%257D\u0026dp=14 HTTP/1.1\r\nHost: ssp-rtb.sape.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sspuid=CkIDU2lMaX6KqwFFm6fjAlhOSynYrvEt5Uc5imr6D74yG22N\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 142\r\nlocation: https://acint.net/rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lato/v25/S6u9w4BMUTPHh6UVSwiPGQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/lato/v25/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23040\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 09:54:26 GMT\r\nexpires: Fri, 18 Dec 2026 09:54:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 563755\r\nlast-modified: Mon, 15 Sep 2025 17:11:31 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23040,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23040, version 1.0","md5":"de69cf9e514df447d1b0bb16f49d2457","sha1":"2ac78601179c3a63ba3f3f3081556b12ddcaf655","sha256":"c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49","sha512":"4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1","ssdeep":"384:adpABC4a0HkBpR1HWtGu06B6lsoAKiwY0HcLKglV6Z+DVb35PJZDdiZeJ1vqYg:0AHa0Ezf2tZn6lsoABwTKK46ZQb3V7wD","tlshash":"fca2e1c05cc1e2d4ae02daf7fda5a4eab4e2f01123a8f65f8f114b75d505993640fe01","first_seen":"2023-04-05T13:28:45Z","last_seen":"2026-04-03T22:33:47.27874Z","times_seen":134877,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":101,"dns":0,"connect":7,"send":0,"wait":8,"receive":4,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adspector.io/sync?dsp=48\u0026buyerid=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"a.adspector.io","domain":"adspector.io","tld":"io"},"ip":{"addr":"172.67.161.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"adspector.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 03:16:35 GMT","end":"Wed, 11 Feb 2026 04:14:56 GMT"},"fingerprint":{"sha1":"70:93:AE:0A:86:B3:EC:6A:26:43:0C:59:15:5C:6D:1C:C5:C6:F8:11","sha256":"16:49:F6:10:DA:6C:F1:EC:DB:5E:3C:6B:52:FE:1B:B8:2A:EC:A0:D1:73:71:15:1E:94:F3:29:C7:95:AB:81:A3"}}},"request":{"raw":"GET /sync?dsp=48\u0026buyerid=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: a.adspector.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: preadspector=1; Expires=Sat, 24 Jan 2026 01:30:22 GMT; Domain=.adspector.io; SameSite=None; Secure; Path=/\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SOWZhIEVycfecq%2FEf%2F4vNJ84dGcnMcXjQkussJ9Ea%2BB433Dit63mgAc509otnPAhzCt2LXK89m2kcAspaU17qYJFQJgyLGIyMuTV8A%3D%3D\"}]}\r\ncf-ray: 9b338af6bc3cb4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":395,"timings":{"blocked":88,"dns":0,"connect":1,"send":0,"wait":102,"receive":0,"ssl":200},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.d423e035659df80a2fae188845e1ca30.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /build/buzzlibrary.d423e035659df80a2fae188845e1ca30.js HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: d4f63990f2385adc2d71fc52415d45e4\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6875,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6875), with no line terminators","md5":"d3885645e4829af8c72366f36b662d92","sha1":"ef6ffaedb5f8a199ec179429ca3f4a090c429ada","sha256":"fd051873f8b04c1f115eaeccfe541543a44e37c6df0157043355bb611fd69c03","sha512":"73acfbf56b62cf6bb2f4c1c4c45bf78f5c7c321cdd436c0d06bd36916deaa5fe9de57fbdb984c267b59aa75d1bb861e10d0b7bfdc20fa4877d3f7d324e8250cb","ssdeep":"96:ka/1r413eAYuH+HDfIUYrYVQhhcvsgLIg2XwhuhX+wJGYXSuPDY6h:kV13yuH+HDsWIg2Xw0hX+w07o","tlshash":"fde1a6c971d2f1b8076221b4852f850ae33f363c548d59b4e394e0e7bd7426e4b5abb8","first_seen":"2024-06-05T20:08:08Z","last_seen":"2026-04-03T19:05:07.665299Z","times_seen":508,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/adwile-banner-buzzoola?uid=RwOPKQLp9","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/adwile-banner-buzzoola?uid=RwOPKQLp9 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1026--9ebc542c-be63-4fb3-8333-d4ead91babe8.stbid.ru/?r=https%3A%2F%2Fsync.upravel.com%2Fimage%3Fsource%3Dpbd","fqdn":"1026--9ebc542c-be63-4fb3-8333-d4ead91babe8.stbid.ru","domain":"stbid.ru","tld":"ru"},"ip":{"addr":"185.115.93.195","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.stbid.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Apr 2025 09:20:40 GMT","end":"Sun, 24 May 2026 09:20:39 GMT"},"fingerprint":{"sha1":"CD:D0:42:9B:03:7A:27:A9:42:E1:4D:28:F3:FC:EA:D1:AC:D7:13:7E","sha256":"17:48:80:43:30:8B:5E:01:B8:65:DF:1B:22:DC:DB:13:D8:6B:DF:48:78:50:08:AB:69:B1:90:41:E5:62:3E:C4"}}},"request":{"raw":"GET /?r=https%3A%2F%2Fsync.upravel.com%2Fimage%3Fsource%3Dpbd HTTP/1.1\r\nHost: 1026--9ebc542c-be63-4fb3-8333-d4ead91babe8.stbid.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: Angie/1.10.3\r\nDate: Wed, 24 Dec 2025 22:30:23 GMT\r\nContent-Length: 0\r\nConnection: close\r\nLocation: https://sync.upravel.com/image?source=pbd\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Angie:1.10.3","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":595,"timings":{"blocked":272,"dns":124,"connect":43,"send":0,"wait":45,"receive":2,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T22:30:20.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: text/html\r\ncontent-length: 274\r\nlast-modified: Fri, 06 Jun 2025 09:11:50 GMT\r\netag: \"6842b0d6-112\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":274,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"dde72ae232dc63298465861482d7bb93","sha1":"557c5dbebc35bc82280e2a744a03ce5e78b3e6fb","sha256":"0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091","sha512":"389eb8f7b18fcdd1a6f275ff8acad211a10445ff412221796cd645c9a6458719cced553561e2b4d438783459d02e494d5140c0d85f2b3df617b7b2e031d234b2","ssdeep":"","tlshash":"57d02e723688c4a8e4923ea90eaa83cc5d28a9a034c3c215084ab6b098801574e336ea","first_seen":"2023-04-06T02:35:57Z","last_seen":"2026-04-03T21:36:45.74583Z","times_seen":2233,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":105,"dns":13,"connect":38,"send":0,"wait":38,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/js/lib/buzzoola_ufp.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /js/lib/buzzoola_ufp.js HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: 0209a178b4c72a9617e2a7b83b9e4cd5\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13432,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13432), with no line terminators","md5":"f4f91442f3c51aa0ab4d00240cb9ca53","sha1":"9fad8ac07c22c86ab006bac7207e7928098a22c1","sha256":"c5b7be7ff5a92d4d03ae4b96a3931d1349f726affed96d8b64ecbd1ef7de598f","sha512":"b7af177eaf8de9bb7cfe4332c223524d40415e517b4770fb923b71c8d31bc22f08c975226934e9d4d2262a3e94acdf718d5c970725ed9cbb75589da98207b7c0","ssdeep":"384:MtJpg1qCMUYbJZ9uhMN9wgR1YOO6ghS++1ZBneflJnbRbpxsqmpv4Ypm7RnCE0i6:8Jpg17MUYbJZ9Oiw1uWSjH0ftsuNCR","tlshash":"6452d7e9f28ee4f745f43756582a635a7371c43064384918f90cd682ea07dea907ebb4","first_seen":"2025-03-28T18:47:27.609281Z","last_seen":"2026-04-03T22:41:05.791616Z","times_seen":2645,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Lato:wght@400;700\u0026family=Roboto:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"43:D3:3F:93:6C:4F:F7:67:58:9D:D5:48:20:4C:74:A2:69:DB:13:9F","sha256":"8C:DB:D2:85:E1:AB:12:7B:1D:5A:65:A7:EC:22:67:6F:B3:A6:65:01:28:29:FA:D2:3B:01:8D:10:7E:4D:09:52"}}},"request":{"raw":"GET /css2?family=Lato:wght@400;700\u0026family=Roboto:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 24 Dec 2025 22:30:21 GMT\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12814,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"fba46801a355574eb3abc3d4ae338cfc","sha1":"496b5fb7d67594468eda3540690ad2925121d95d","sha256":"be997757a9441dfe44a856c5aafdad048092d8809711cb4b3f0de60975737b52","sha512":"5e17ae5b55386c4f0d5042d129bdb2183b7356aeb47994c49ae374b0d6edd2f00a53e902aa1a3e14e27130d931ad85a5f20db66fd20a3469cc5668b3ec1fdd82","ssdeep":"384:+KfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/qY4aK8KcKq:+TcfFBhiEymdmtC0BQiVPTX","tlshash":"2f420da1041b50009b834ce223cebf35fe1f52517042d0b5abfeab6baddbc66426935d","first_seen":"2025-11-27T02:06:53.278148Z","last_seen":"2026-02-13T22:23:43.324115Z","times_seen":22,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":164,"dns":2,"connect":16,"send":0,"wait":48,"receive":0,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dm-eu.hybrid.ai/match?id=111\u0026vid=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"dm-eu.hybrid.ai","domain":"hybrid.ai","tld":"ai"},"ip":{"addr":"37.230.131.16","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hybrid.ai","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Sun, 04 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"18:21:9E:FA:EF:FF:FF:F2:8D:68:A8:F9:EB:ED:53:32:CC:17:9B:ED","sha256":"C9:20:9A:53:1E:FA:35:C7:29:64:1F:C3:7B:1E:34:73:C8:15:87:43:EA:35:06:B8:8D:86:E5:11:19:2A:60:FC"}}},"request":{"raw":"GET /match?id=111\u0026vid=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: dm-eu.hybrid.ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:28:17 GMT\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\nexpires: -1\r\np3p: CP=\"NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC\"\r\nx-mode: 5067\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://randpad.ru\r\naccess-control-allow-credentials: true\r\nserver: Hybrid Web Server\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":65,"dns":1,"connect":22,"send":0,"wait":41,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.programmatica.com/match/Buzzoola_DSP?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.programmatica.com","domain":"programmatica.com","tld":"com"},"ip":{"addr":"77.246.157.204","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.programmatica.com","organization":"SEILZ CHEMPIONS LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 12 Jun 2025 08:15:09 GMT","end":"Tue, 14 Jul 2026 08:15:08 GMT"},"fingerprint":{"sha1":"24:BD:30:02:10:4A:A8:5A:1F:05:8C:61:02:DC:C3:F3:28:FB:6C:5A","sha256":"9A:1B:2C:A1:D1:0D:32:8B:00:14:BB:36:3A:EE:10:82:80:22:3D:A4:7A:EC:23:8A:AD:0B:EF:F2:95:6C:19:C2"}}},"request":{"raw":"GET /match/Buzzoola_DSP?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.programmatica.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":797,"timings":{"blocked":350,"dns":6,"connect":33,"send":0,"wait":77,"receive":0,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/rmatch?dp=126\u0026euid=674478e7-5a1c-4482-50cd-212e92c15434\u0026r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D%24%7BUSER_ID%7D","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /rmatch?dp=126\u0026euid=674478e7-5a1c-4482-50cd-212e92c15434\u0026r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D%24%7BUSER_ID%7D HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: /rmatch?r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D\u0026dp=126\u0026tc=1\u0026euid=674478e7-5a1c-4482-50cd-212e92c15434\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nset-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Wed, 24-Dec-25 22:40:22 GMT\naid=fwAACWlMaX5QmiGE4zL5AtLH4NRM4YUmnlVM10vInxZNwhom; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":1,"dns":4,"connect":30,"send":0,"wait":27,"receive":0,"ssl":214},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D14","fqdn":"ssp-rtb.sape.ru","domain":"sape.ru","tld":"ru"},"ip":{"addr":"193.3.184.90","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sape.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 23:36:44 GMT","end":"Sat, 07 Mar 2026 23:36:43 GMT"},"fingerprint":{"sha1":"3D:9F:9C:85:A9:AB:7C:9C:83:0D:C2:B6:55:54:6F:89:BB:7F:7F:EE","sha256":"49:D9:BD:BD:C8:71:CC:CD:39:05:E4:44:2E:9E:54:03:9D:A8:07:B3:9E:E4:4E:FD:7A:38:89:6D:8A:12:EA:15"}}},"request":{"raw":"GET /rmatch/?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D14 HTTP/1.1\r\nHost: ssp-rtb.sape.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 142\r\nlocation: https://acint.net/rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nset-cookie: sspuid=CkIDU2lMaX6KqwFFm6fjAlhOSynYrvEt5Uc5imr6D74yG22N; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":99,"dns":4,"connect":34,"send":0,"wait":29,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dmp.otm-r.com/match/buzzoola_ssp?otcm_check=1766615422","fqdn":"sync.dmp.otm-r.com","domain":"otm-r.com","tld":"com"},"ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.dmp.otm-r.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Dec 2025 06:06:37 GMT","end":"Tue, 10 Mar 2026 06:06:36 GMT"},"fingerprint":{"sha1":"C0:50:09:84:7A:D9:92:52:FE:BD:EA:94:B3:65:D6:83:2C:B3:52:8A","sha256":"6A:F5:31:88:A3:2A:6E:A1:F0:48:DA:7C:7D:A2:DD:EF:82:C2:71:12:9E:54:D7:9E:4F:C0:88:FA:C6:F9:E3:B3"}}},"request":{"raw":"GET /match/buzzoola_ssp?otcm_check=1766615422 HTTP/1.1\r\nHost: sync.dmp.otm-r.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: mpid=Njk0YzY5N2UwZTQzYjA0ZQ==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.24.0 (Ubuntu)\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\naccess-control-allow-origin: *\r\nset-cookie: mpid=Njk0YzY5N2UwZTQzYjA0ZQ==; max-age=31536000; domain=otm-r.com; path=/; secure; SameSite=None; Partitioned\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp.al-adtech.com/api/sync/buzzoola","fqdn":"ssp.al-adtech.com","domain":"al-adtech.com","tld":"com"},"ip":{"addr":"45.139.25.123","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.al-adtech.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Oct 2025 07:19:40 GMT","end":"Sun, 18 Jan 2026 07:19:39 GMT"},"fingerprint":{"sha1":"49:E7:E6:61:8C:94:61:60:5D:BD:36:D3:9F:62:39:4D:B0:9E:4F:32","sha256":"5E:4B:55:76:B2:4F:F0:62:A1:AB:66:B8:93:41:28:AD:E7:86:98:99:13:64:E8:01:12:8A:4F:8C:A1:D6:21:97"}}},"request":{"raw":"GET /api/sync/buzzoola HTTP/1.1\r\nHost: ssp.al-adtech.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin\r\nAccess-Control-Allow-Origin: \r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://exchange.buzzoola.com/cookiesync/dsp/astralab-video?uid=0078e618-8a0c-4cc0-8992-6749ccc1b4b0\r\nSet-Cookie: afp_cookie=gAAAAABpTGl-quy4ut48F2mvKm1ACmlTQTUu7A1WxUtfbiFQsQdgsIOz_UZPZ12N1kT7mDlHBnJ3qPMIpQwmCNGoA61SHcFIhTRdbzuygoD-Q4EgZQB0m4LTcb3kqFaHt51mSU4y-MHiJq9ApVQe24cJ4-NG-EpAPGIXZnpBV7TILPU-4e36R8v-9NCQzD0j0XKEVV1J5CYi6WkTWXZSSgfMOHH6JxN2pg==$; expires=Sat, 24 Jan 2026 22:30:22 GMT; path=/; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":15,"connect":76,"send":0,"wait":78,"receive":2,"ssl":258},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /api_iframe.html HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: 92438c6004a945712f8237afc4ca3f8a\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36950,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (36659)","md5":"f96b028fe7f615a55e2134fb4b7260d3","sha1":"21f33a5597f343c0ca9f935c99575338c2922cf0","sha256":"307438df851dca936c6e44082d9e75cac0182602ad7645b6a3d905a22faa5e97","sha512":"b2860d5987c4c68ecb30b64de24d4ba25a561a82b426d95a646132f68422f55f18ede789d68f07fb81a457c2bba3b741547aef00b7c3c2aa5fd1fbced03154f0","ssdeep":"768:JdljsVgPA3Va48UETJa7LZ7JZYsuQo26Ce3f5P3qxooX:JdmV+Axiy7JZnu926CehPxoX","tlshash":"80f209cd7fa1b06383aa65e4813f580b633f6a4eb44c45a9b255c9f4187e44d632bf38","first_seen":"2025-12-24T22:30:53.187973Z","last_seen":"2026-01-14T23:52:27.898888Z","times_seen":8,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 23 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 97665\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-03T22:13:59.94105Z","times_seen":18052,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":169,"dns":1,"connect":15,"send":0,"wait":13,"receive":3,"ssl":162},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/buzzoola_ex?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"176.114.85.200","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/buzzoola_ex?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":112,"dns":1,"connect":28,"send":0,"wait":34,"receive":0,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsolta-video%3Fuid%3DaUxpfmwZxLQ\u0026n=1","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsolta-video%3Fuid%3DaUxpfmwZxLQ\u0026n=1 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: da=UX4CYAAAAAE; u=aUxpfuYUmHI~fn5q0DVxxzXaEPmDuEATau7yMio\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: as=T72MF2lMaX8; path=/rtb; max-age=604800; samesite=none; httponly; secure\nda=2OZrzwAAAAE; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsolta-video%3Fuid%3DaUxpfmwZxLQ; max-age=30; samesite=none; httponly; secure\nn=2; max-age=30; samesite=none; httponly; secure\r\nlocation: https://dm.hybrid.ai/match?id=414\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s13a;dur=0.0008\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/pbd/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0=","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /pbd/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0= HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session_tptc=1766615422842\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-length: 0\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\nset-cookie: user_id=9ebc542c-be63-4fb3-8333-d4ead91babe8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\nuser_id-legacy=9ebc542c-be63-4fb3-8333-d4ead91babe8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\r\nlocation: https://1026--9ebc542c-be63-4fb3-8333-d4ead91babe8.stbid.ru/?r=https%3A%2F%2Fsync.upravel.com%2Fimage%3Fsource%3Dpbd\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=14","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /cmatch?dp=14 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cSyncDp14v6=1766615422; aid=fwAACWlMaX5QmiGE4zL5AtLH4NRM4YUmnlVM10vInxZNwhom; test_cookie=CheckForPermission; cSyncDp14v4=1766615422\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://px.adhigh.net/p/cm/sape?u=0900007F7E694C6984219A5002F932E3\r\nset-cookie: cSyncDp17v3=1766615423; expires=Fri, 23-Jan-26 22:30:23 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dm.hybrid.ai/match?id=414","fqdn":"dm.hybrid.ai","domain":"hybrid.ai","tld":"ai"},"ip":{"addr":"37.230.131.16","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hybrid.ai","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Sun, 04 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"18:21:9E:FA:EF:FF:FF:F2:8D:68:A8:F9:EB:ED:53:32:CC:17:9B:ED","sha256":"C9:20:9A:53:1E:FA:35:C7:29:64:1F:C3:7B:1E:34:73:C8:15:87:43:EA:35:06:B8:8D:86:E5:11:19:2A:60:FC"}}},"request":{"raw":"GET /match?id=414 HTTP/1.1\r\nHost: dm.hybrid.ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:28:19 GMT\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\nexpires: -1\r\np3p: CP=\"NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC\"\r\nx-mode: 0589\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: *\r\nserver: Hybrid Web Server\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /build/buzzlibrary.js HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: ab68af1bcd2e6cc6e4a9ed33cf33d411\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107045,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"66eac4ec9cac62aee5454f793369ad82","sha1":"f8ffbc182fb45377175a8c3b74ea917529c0d3ad","sha256":"ce0b2c954d9960f3bf98684c71c51de44f04649bd7e762dc75625c2791ad7812","sha512":"3eb5a8f16b19e3f60c089eca1347174be3574108a411bb28197e1cf2bf7f555e3a4cd422fafa9cc316f805a0b15b66ef3225b58035bba6fa26b710ee47e9309f","ssdeep":"1536:/2idjjZ10IU7e335uQ7C/C2m0hXEYVEFRgd5KV4MXAMrP2H:/2imIU7e3pu1XEYVEFW7aCac","tlshash":"2aa32acd7fa0b06343e362d4903f550e637b5a2ea80cc5a4b699c5e4587d88e423bf79","first_seen":"2025-12-24T00:12:42.132586Z","last_seen":"2026-01-14T23:52:27.915933Z","times_seen":53,"resource_available":true,"data":null}},"time_used":463,"timings":{"blocked":218,"dns":84,"connect":20,"send":0,"wait":19,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/sape-banner?uid=0900007F7E694C6984219A5002F932E3","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/sape-banner?uid=0900007F7E694C6984219A5002F932E3 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T22:30:20.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: beget=begetok\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: text/html\r\ncontent-length: 11129\r\nlast-modified: Tue, 23 Dec 2025 13:44:52 GMT\r\netag: \"2b79-6469ebf8d6e12\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11129,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1741)","md5":"8d3d1e3eed5d62c7fd5172a9b52e214a","sha1":"0413e233b1354740f75ab585ebb81b8be626d75b","sha256":"4f782be1bd47ad9b8b22bbd9b8ec0dfed0d31cc34f15a8a32afa0be449df4ca7","sha512":"f5d127bfcb4981e5a01bfedcb643a024d2728d626c5547aa0d7aa1223ed638f537aa8e68daa0fb61ad8171f8d138e287a87ca723ed01886647ef703eb7cf0c50","ssdeep":"192:wJiQDlsmAIi18nmAFdtc6RnGNXEtns4ru9/c5xFDPpoyg99QT:8ZDl1zjnmAvtc6RnGStn1ru6dDayTT","tlshash":"65320a6283f590ba0101c08dfd22671dbda6d45ffa59849872ee0d19afc2de1cc1fa6c","first_seen":"2025-12-24T22:30:53.190921Z","last_seen":"2025-12-24T22:30:53.190921Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sync.programmatica.com/match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.programmatica.com","domain":"programmatica.com","tld":"com"},"ip":{"addr":"77.246.157.204","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.programmatica.com","organization":"SEILZ CHEMPIONS LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 12 Jun 2025 08:15:09 GMT","end":"Tue, 14 Jul 2026 08:15:08 GMT"},"fingerprint":{"sha1":"24:BD:30:02:10:4A:A8:5A:1F:05:8C:61:02:DC:C3:F3:28:FB:6C:5A","sha256":"9A:1B:2C:A1:D1:0D:32:8B:00:14:BB:36:3A:EE:10:82:80:22:3D:A4:7A:EC:23:8A:AD:0B:EF:F2:95:6C:19:C2"}}},"request":{"raw":"GET /match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.programmatica.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":771,"timings":{"blocked":324,"dns":14,"connect":39,"send":0,"wait":79,"receive":0,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/cmatch?dp=126","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /cmatch?dp=126 HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D14\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nset-cookie: cSyncDp14v6=1766615422; expires=Fri, 23-Jan-26 22:30:22 GMT; path=/; Secure; SameSite=None; domain=.acint.net\naid=fwAACmlMaX5PNCF7Rj5/AtfqiwDKJtPDKCzCLsrG4yMvOyZi; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":5,"connect":37,"send":0,"wait":26,"receive":0,"ssl":204},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adspector.io/sync?ssp=47","fqdn":"a.adspector.io","domain":"adspector.io","tld":"io"},"ip":{"addr":"172.67.161.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"adspector.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 03:16:35 GMT","end":"Wed, 11 Feb 2026 04:14:56 GMT"},"fingerprint":{"sha1":"70:93:AE:0A:86:B3:EC:6A:26:43:0C:59:15:5C:6D:1C:C5:C6:F8:11","sha256":"16:49:F6:10:DA:6C:F1:EC:DB:5E:3C:6B:52:FE:1B:B8:2A:EC:A0:D1:73:71:15:1E:94:F3:29:C7:95:AB:81:A3"}}},"request":{"raw":"GET /sync?ssp=47 HTTP/1.1\r\nHost: a.adspector.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: preadspector=1; Expires=Sat, 24 Jan 2026 01:30:22 GMT; Domain=.adspector.io; SameSite=None; Secure; Path=/\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j3NXAZAXX1BfSZIDMkLl%2BE1oaCvLWWEGER9ugsACcWduntBP1Y0jpXRN7gWZyt2KRuRiPcF2Ow4%2Bjd0paG1lPP6%2FbGW7vhwXQSJCsQ%3D%3D\"}]}\r\ncf-ray: 9b338af68c16b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":378,"timings":{"blocked":65,"dns":1,"connect":1,"send":0,"wait":109,"receive":0,"ssl":200},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.new-programmatic.com/userbind?src=buz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"match.new-programmatic.com","domain":"new-programmatic.com","tld":"com"},"ip":{"addr":"217.65.2.150","port":443,"asn":3175,"as":"Citytelecom LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"admanager.geniusgroup.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 09:13:46 GMT","end":"Tue, 03 Mar 2026 09:13:45 GMT"},"fingerprint":{"sha1":"8E:DB:65:4E:B4:C0:6B:8E:F4:21:46:D2:07:19:4B:66:31:CA:47:14","sha256":"B3:2D:0D:52:14:DE:FA:E7:6C:F7:2E:51:97:84:95:E1:45:E6:C5:A5:8F:60:9A:B5:00:B9:83:59:83:32:89:8B"}}},"request":{"raw":"GET /userbind?src=buz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: match.new-programmatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nLocation: https://match.new-programmatic.com/userbind?src=adblast0\u0026pbf=1\u0026gi=1\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":6,"connect":39,"send":0,"wait":30,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.buzzplayer_placement_submodules.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /build/buzzlibrary.buzzplayer_placement_submodules.js HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: 2f4b5c34bc7f5a2fbb8332ba3aa35208\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20620,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (20620), with no line terminators","md5":"88c6f0d0aa2df2e041be9b3b9919fbec","sha1":"b04d994fd9b0cb9e3d096ecb5acb77db1db94ece","sha256":"66f05e474e90b95b3d0c607a99d7fcc48068e3fa3623a1a7773263a0b1bd715d","sha512":"630e48bf838fe03e00d95807c15d5e9d16de5028a9158f1365fa13102eb262c3afa2f4cb532ca714b003db3bb9f4721b7710f64b6ba4d0dd9afa40afa9191aa2","ssdeep":"384:Y+l04Yvx9jlAZyJz7nKFUt+N9UTujaHvQzYMhrywY8s:Y+l0PZhlAZyJz7nKetC9UTu2Hv49hzYl","tlshash":"bd92d999bb61317193d660f8a12b1f4e3336716c940582bc79acd8fa09f4d1d122fbb9","first_seen":"2025-12-20T02:25:16.684156Z","last_seen":"2026-01-13T09:51:12.577724Z","times_seen":55,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/ohmybid-video?uid=867d93a0-4c27-461c-aeab-2420f3de1cc7","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/ohmybid-video?uid=867d93a0-4c27-461c-aeab-2420f3de1cc7 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/js/menu.js","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/js/menu.js HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Tue, 23 Dec 2025 23:40:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694b2865-1a30\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6704,"size_decoded":0,"mime_type":"application/x-javascript","magic":"Unicode text, UTF-8 text","md5":"f2f744b968863e40db20631e8ef5ae9e","sha1":"c916e98c3ad2a9d291768a8020d2280acf9296cc","sha256":"8f8668bc46012b9748ecde74650504cda61fd2d665cceb4e95f1269296217b53","sha512":"a7883eef75840f71eb73418e87f4e2093f2db51e79cc166443d8260cc5835841487a6c0259b643b35b9e9eeff4ad473fcb5060a47a512d3ea32e2e761d8d38f7","ssdeep":"192:pTc0xJNqKzcIXcCF7twuQvj/v2BsHU6swhJ4UO3MM:pTc0xJ59s/2BCU6bh6UmV","tlshash":"77d185b581bb00a74163703a4b4be5083eb504bf3146ee66746e6e0e3fd680485ba7e5","first_seen":"2025-12-24T22:30:53.193049Z","last_seen":"2025-12-24T22:30:53.193049Z","times_seen":1,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 23 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 97665\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-03T22:13:59.94105Z","times_seen":18052,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":230,"dns":1,"connect":13,"send":0,"wait":8,"receive":2,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.targetrtb.com/userbind?src=buz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"match.targetrtb.com","domain":"targetrtb.com","tld":"com"},"ip":{"addr":"185.115.92.104","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"targetrtb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 10:35:51 GMT","end":"Mon, 05 Jan 2026 10:35:50 GMT"},"fingerprint":{"sha1":"29:EC:C3:6E:30:D2:33:FF:D3:2D:B4:55:6B:7C:AB:3C:26:FB:67:57","sha256":"0C:33:00:D4:8D:F0:EC:6A:F8:CF:B0:C9:BE:F3:15:39:38:0E:A2:8B:FF:59:C5:11:E0:0A:97:BF:7B:81:17:17"}}},"request":{"raw":"GET /userbind?src=buz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: match.targetrtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 22:30:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nLocation: https://exchange.buzzoola.com/cookiesync/dsp/targetdsp-video?uid=\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":382,"timings":{"blocked":136,"dns":2,"connect":55,"send":0,"wait":51,"receive":0,"ssl":136},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14 HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cSyncDp14v6=1766615422; aid=fwAACWlMaX5QmiGE4zL5AtLH4NRM4YUmnlVM10vInxZNwhom; test_cookie=CheckForPermission; cSyncDp14v4=1766615422\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=14\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/buzzoola/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0=","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /buzzoola/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0= HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session_tptc=1766615422842\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-length: 0\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\nset-cookie: user_id=faae1aaa-b516-4e04-86ae-153d8b8ae99d;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\nuser_id-legacy=faae1aaa-b516-4e04-86ae-153d8b8ae99d;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\r\nlocation: https://exchange.buzzoola.com/cookiesync/dsp/upravel-video?uid=faae1aaa-b516-4e04-86ae-153d8b8ae99d\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /rmatch?dp=14\u0026euid=5303420A7E694C694501AB8A02E3A79B\u0026r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cSyncDp14v6=1766615422; aid=fwAACWlMaX5QmiGE4zL5AtLH4NRM4YUmnlVM10vInxZNwhom; test_cookie=CheckForPermission; cSyncDp14v4=1766615422\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://exchange.buzzoola.com/cookiesync/dsp/sape-banner?uid=0900007F7E694C6984219A5002F932E3\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/tools/secret-santa/style.css?v=2.0","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /tools/secret-santa/style.css?v=2.0 HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 03 Dec 2025 21:49:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6930b074-287c\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10364,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"bb947eaea82da5bdab4d7034f94ed638","sha1":"db8a2fee83491c031a5b3f783f43ecd6e41b5457","sha256":"c99fa5af0a14645f091484488914a0fb5189fbf31a8645f19a7a0ba53e3a4a36","sha512":"bb1312478d8cdb44a5ea5ef142b56402b4d502d39cd836fbb9734c55a0460e675736e9f96af83c7a3ef836a5acb4ee0e717a1dfd05bc56486de016842756f450","ssdeep":"192:g+2FXdjCTRzaxYjKNu2HuMoAO8Yik4sufsdSQhDhoMkIVSRo2YMjRqb:g+2vyDZ","tlshash":"0e2298405e63282e2403103efbde674932ad50afae0dcafa7e5c59984fc537451a674c","first_seen":"2025-12-24T22:30:53.194173Z","last_seen":"2025-12-24T22:30:53.194173Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/images/favicon.svg","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/images/favicon.svg HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Nov 2025 07:46:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690b00e3-7ef\"\r\nexpires: Wed, 31 Dec 2025 22:30:21 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2031,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7bd183138d1587fb305f206bde851ad6","sha1":"49ff7e2099c66cc572babfba4699ac56101c322e","sha256":"d7d0ddb8fed6eee73e55e4ec11e32a257b067f737494b036ba61aff36dea7466","sha512":"b913405c3539d5d1bd422a83f1766c1e746eee23879ca109cd01d16e2b227571e8973dd29e7fa25cda263102ad945782c66dec6b08b987c07a037562756d1d38","ssdeep":"","tlshash":"034178c7032adb68b84605b83eb93543236484d4d9f241ac436f5d14b807afb1f38f94","first_seen":"2025-12-24T22:30:53.195788Z","last_seen":"2025-12-24T22:30:53.195788Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/pbd/sync","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /pbd/sync HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-length: 0\r\nlocation: https://sync.upravel.com/pbd/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9yYW5kcGFkLnJ1LyJdfX0=\r\nset-cookie: session_tptc=1766615422842;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180\nsession_tptc-legacy=1766615422842;Version=1;Domain=.upravel.com;Path=/;Max-Age=180\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":647,"timings":{"blocked":68,"dns":1,"connect":307,"send":0,"wait":49,"receive":0,"ssl":220},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.digitalcaramel.com/match/buzoola?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.digitalcaramel.com","domain":"digitalcaramel.com","tld":"com"},"ip":{"addr":"178.72.133.225","port":443,"asn":0,"as":"","country":"Armenia","country_code":"AM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.digitalcaramel.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 20 Jun 2025 00:00:00 GMT","end":"Fri, 19 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"81:3D:9D:AF:50:A3:E5:70:B2:F6:BA:7A:C6:D3:DA:88:A6:21:00:CE","sha256":"FB:DF:27:E6:81:72:E4:99:29:9F:B1:F4:47:57:2B:9D:F5:B8:71:4A:E3:B3:61:C4:17:1F:EC:DC:8A:CC:56:E7"}}},"request":{"raw":"GET /match/buzoola?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.digitalcaramel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":943,"timings":{"blocked":104,"dns":6,"connect":18,"send":0,"wait":21,"receive":0,"ssl":793},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsolta-video%253Fuid%253DaUxpfmwZxLQ%26n%3D1","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/redirect?redirect_url=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fbuzzoola%3Fu%3D%24%7BUUID%7D%26f%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsolta-video%253Fuid%253DaUxpfmwZxLQ%26n%3D1 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 204\r\nlocation: https://kimberlite.io/rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsolta-video%3Fuid%3DaUxpfmwZxLQ\u0026n=1\r\nset-cookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434; Path=/; Domain=buzzoola.com; Expires=Fri, 23 Jan 2026 22:30:22 GMT; Max-Age=2592000; Secure; SameSite=None\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.upravel.com/image?source=pbd","fqdn":"sync.upravel.com","domain":"upravel.com","tld":"com"},"ip":{"addr":"157.90.94.85","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.upravel.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 18 Jun 2025 16:48:51 GMT","end":"Mon, 20 Jul 2026 16:48:50 GMT"},"fingerprint":{"sha1":"8D:89:EE:F7:48:68:E7:7D:F7:C4:AF:97:AB:98:A3:A3:1E:8D:6A:92","sha256":"08:06:AA:31:11:0F:33:B8:7D:B5:7E:B4:A2:2A:65:C6:77:DE:F6:65:A2:F4:BE:D3:7E:8D:9F:84:17:CE:20:A0"}}},"request":{"raw":"GET /image?source=pbd HTTP/1.1\r\nHost: sync.upravel.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session_tptc=1766615422842; user_id=9ebc542c-be63-4fb3-8333-d4ead91babe8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: Angie\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-length: 0\r\nlocation: https://sync.upravel.com/amberdata/sync\r\nset-cookie: user_id=9ebc542c-be63-4fb3-8333-d4ead91babe8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\nuser_id-legacy=9ebc542c-be63-4fb3-8333-d4ead91babe8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000\r\np3p: CP=\"NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccess-control-allow-credentials: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/js/snow.js","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/js/snow.js HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 19 Dec 2025 17:51:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69459086-89d\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2205,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"ece1ab7668db61fb5e0776c13228da35","sha1":"938572f8c9375bad479ecdc2ac21ae0fd4d5766f","sha256":"8c524c47fa67b1ae363af045493bbe98dbaca0750746034537a22749acc7ffa4","sha512":"1087d1f9fc62eb73c77490d7005a40c37f52455a360682cac5af3799af5fee3f3740ef14090fb55f80abeeca5637e503f17617ad7336b634783f588c79449a1a","ssdeep":"","tlshash":"2141420ea6f306280023303e1b5bf205f3a3803b3945cc09b91da7948ff79265a65b6d","first_seen":"2025-12-24T22:30:53.197195Z","last_seen":"2025-12-24T22:30:53.197195Z","times_seen":1,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/multi/adn","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tube.buzzoola.com/api_iframe.html#id=t-6b9cd950-1fab-e4f5-9feb-5b31d6dbfad9","date":"2025-12-24T22:30:21.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"OPTIONS /multi/adn HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-alt-referer\r\nReferer: https://tube.buzzoola.com/\r\nOrigin: https://tube.buzzoola.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\naccess-control-allow-origin: https://tube.buzzoola.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, X-Aidata-FP, If-None-Match, Content-Type\r\naccess-control-expose-headers: Set-Cookie, Etag\r\nallow: GET, POST\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":105,"dns":31,"connect":26,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/astralab-video?uid=0078e618-8a0c-4cc0-8992-6749ccc1b4b0","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/astralab-video?uid=0078e618-8a0c-4cc0-8992-6749ccc1b4b0 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=\u0026n=1","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/buzzoola?u=674478e7-5a1c-4482-50cd-212e92c15434\u0026f=\u0026n=1 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: da=UX4CYAAAAAE; u=aUxpfuYUmHI~fn5q0DVxxzXaEPmDuEATau7yMio\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Wed, 24 Dec 2025 22:30:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: as=T72MF2lMaX8; path=/rtb; max-age=604800; samesite=none; httponly; secure\nda=2OZrzwAAAAE; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=; max-age=30; samesite=none; httponly; secure\nn=2; max-age=30; samesite=none; httponly; secure\r\nlocation: https://dm.hybrid.ai/match?id=414\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s13a;dur=0.0011\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dm.hybrid.ai/match?id=414","fqdn":"dm.hybrid.ai","domain":"hybrid.ai","tld":"ai"},"ip":{"addr":"37.230.131.16","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:23.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hybrid.ai","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Sun, 04 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"18:21:9E:FA:EF:FF:FF:F2:8D:68:A8:F9:EB:ED:53:32:CC:17:9B:ED","sha256":"C9:20:9A:53:1E:FA:35:C7:29:64:1F:C3:7B:1E:34:73:C8:15:87:43:EA:35:06:B8:8D:86:E5:11:19:2A:60:FC"}}},"request":{"raw":"GET /match?id=414 HTTP/1.1\r\nHost: dm.hybrid.ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 24 Dec 2025 22:28:19 GMT\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\nexpires: -1\r\np3p: CP=\"NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC\"\r\nx-mode: 5019\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: *\r\nserver: Hybrid Web Server\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":75,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/css/main.css","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:20.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/css/main.css HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:20 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Dec 2025 22:12:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6949c25c-43a8\"\r\nexpires: Wed, 31 Dec 2025 22:30:20 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17320,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"53e1a7daa834ac4e9efed1cd84e98cd4","sha1":"0df3b82120ffcf84bb435445db3d8b3b7369602b","sha256":"6aad2f3813b1acb1cc6e15626fe112e7ad017b069945af44343e4bd888aaef72","sha512":"490841d51d51943b353f876b002212147d2ef7153f258c7090a4919b73ffe14991646e05a5228dec38c1b38331a74edd38b49ded55ae1e8f07f8e0c26f8a3ac4","ssdeep":"192:s69swwScf2OrZnsguiNKLZUN09t3zhO17kiT+4YVTCRpiSyAYZ:QvUoGKR8","tlshash":"807297519665101ab913113dbb9a874e333a4027e616e9ff399f09c89feb3f401a73c8","first_seen":"2025-12-24T22:30:53.198574Z","last_seen":"2025-12-24T22:30:53.198574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"randpad.ru/assets/images/favicon.png","fqdn":"randpad.ru","domain":"randpad.ru","tld":"ru"},"ip":{"addr":"87.236.16.177","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"randpad.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 12:58:53 GMT","end":"Tue, 24 Mar 2026 12:58:52 GMT"},"fingerprint":{"sha1":"95:31:7E:00:C1:5D:A3:A3:A7:58:4F:C2:CA:BA:3D:D1:5D:E3:A7:D9","sha256":"04:B5:90:49:EE:40:F5:EB:01:07:C2:31:F5:8E:F5:19:CE:86:37:D0:AB:7B:3E:0A:99:91:78:4D:62:45:E5:6C"}}},"request":{"raw":"GET /assets/images/favicon.png HTTP/1.1\r\nHost: randpad.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ\r\nCookie: beget=begetok\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Wed, 24 Dec 2025 22:30:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 18751\r\nlast-modified: Wed, 05 Nov 2025 07:46:43 GMT\r\netag: \"690b00e3-493f\"\r\nexpires: Fri, 23 Jan 2026 22:30:21 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18751,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"4d408c2a599baede1e8821b3c4a50cb4","sha1":"b6c7e0ef77ff937384585007447591191527f153","sha256":"9ebd3eb69451cc0d03524bbfc975046fae2019bd5e38d4e172dc19e26711224c","sha512":"1ee08a508a9ce0fed8683437fe21cb7cae690cce15531f3ab894a2f656403be582f6b3bd8579951f9a47a35cd9402f27dd54cbeb17bcfd8cfc9a7acee631c65f","ssdeep":"384:S8wAVLdNxlZE13OHsfj4GU/EA7VamHdZpqCD7rBk:PVLzxlOJQssGU/EAomHdZ9Bk","tlshash":"0882d0ebda829e63c2b584f65453d753183b4935c6b6090284add3ac2cf1dbacac07e5","first_seen":"2025-12-24T22:30:53.200036Z","last_seen":"2025-12-24T22:30:53.200036Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"randpad.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:21.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://randpad.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20408\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Dec 2025 20:14:59 GMT\r\nexpires: Wed, 23 Dec 2026 20:14:59 GMT\r\ncache-control: public, max-age=31536000\r\nage: 94522\r\nlast-modified: Tue, 18 Nov 2025 19:00:14 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20408,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20408, version 1.0","md5":"e8730678d4610fa908d3cba1ef0b4ddf","sha1":"1efcbee909ce74bf04878d74867f12a1e41ae7a4","sha256":"e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461","sha512":"d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c","ssdeep":"384:D+h1xN53scre+kLtT5+wpcR98ffVvdSMyNaHAUvLFNPBtn2aotFn9mTCAKDi055c:Ss/XRT5+wpM98ffxd6uZZRXnemWDj5WL","tlshash":"fa92d1cdfc0e5797a8e14ee93c0a7a4dd76f438af366a94b25e66122e67a55c040320c","first_seen":"2025-01-09T02:30:28.977279Z","last_seen":"2026-04-03T21:15:27.177231Z","times_seen":56139,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":84,"dns":1,"connect":21,"send":0,"wait":8,"receive":3,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.new-programmatic.com/userbind?src=adblast0\u0026pbf=1\u0026gi=1","fqdn":"match.new-programmatic.com","domain":"new-programmatic.com","tld":"com"},"ip":{"addr":"217.65.2.150","port":443,"asn":3175,"as":"Citytelecom LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"admanager.geniusgroup.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 09:13:46 GMT","end":"Tue, 03 Mar 2026 09:13:45 GMT"},"fingerprint":{"sha1":"8E:DB:65:4E:B4:C0:6B:8E:F4:21:46:D2:07:19:4B:66:31:CA:47:14","sha256":"B3:2D:0D:52:14:DE:FA:E7:6C:F7:2E:51:97:84:95:E1:45:E6:C5:A5:8F:60:9A:B5:00:B9:83:59:83:32:89:8B"}}},"request":{"raw":"GET /userbind?src=adblast0\u0026pbf=1\u0026gi=1 HTTP/1.1\r\nHost: match.new-programmatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.22.1\r\nDate: Wed, 24 Dec 2025 22:30:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nLocation: https://match.targetrtb.com/userbind?clid=\u0026src=carousel\u0026gi=1\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/smartreach-video?uid=99ef722d-114d-4996-8a1d-b640371ddced","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.76","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"buzzoola.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 06:11:29 GMT","end":"Mon, 09 Mar 2026 06:11:28 GMT"},"fingerprint":{"sha1":"6D:1A:28:D1:AB:8D:18:D1:38:1A:55:28:34:A1:03:2A:BC:7A:1C:5A","sha256":"AB:C0:F2:6B:07:6C:D6:89:63:34:97:78:29:CD:C6:D1:2A:75:3D:C0:7C:E0:05:94:11:71:82:6B:67:8C:2D:36"}}},"request":{"raw":"GET /cookiesync/dsp/smartreach-video?uid=99ef722d-114d-4996-8a1d-b640371ddced HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-03T22:29:02.840773Z","times_seen":75760,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.gonet-ads.com/match/Buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.gonet-ads.com","domain":"gonet-ads.com","tld":"com"},"ip":{"addr":"188.42.104.140","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gonet-ads.com","organization":"Go Mobile Inc"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 10 Jun 2025 00:00:00 GMT","end":"Fri, 19 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:9B:E1:71:D4:17:D5:18:6C:A4:F9:5F:2F:DD:DE:56:8C:CB:EC:5F","sha256":"A2:75:01:34:62:6B:85:83:76:99:89:B4:24:0B:18:DF:F2:6E:B4:35:EE:60:EC:E8:1C:4D:E1:23:9E:07:6B:1D"}}},"request":{"raw":"GET /match/Buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.gonet-ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":0,"connect":22,"send":0,"wait":58,"receive":0,"ssl":306},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dvgroup.com/match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"sync.dvgroup.com","domain":"dvgroup.com","tld":"com"},"ip":{"addr":"82.148.21.217","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtb.dvgroup.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 11:37:34 GMT","end":"Sat, 31 Jan 2026 11:37:33 GMT"},"fingerprint":{"sha1":"A8:46:6D:9C:F3:36:47:77:5A:7D:E0:13:19:BC:F3:96:D5:2A:86:F0","sha256":"E5:FC:4C:96:76:05:51:82:82:91:C6:98:76:9A:8F:B4:03:09:E7:D4:88:C0:12:BA:E8:B1:03:AF:3D:C4:D0:32"}}},"request":{"raw":"GET /match/buzzoola?id=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: sync.dvgroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-03T21:58:52.487812Z","times_seen":31090,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":78,"dns":1,"connect":34,"send":0,"wait":29,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.buzzplayer_submodules.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"151.236.74.83","port":443,"asn":57363,"as":"CDNvideo LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Mon, 05 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"76:BF:FF:17:F0:C7:C2:2E:72:94:BB:5B:0B:5B:68:05:B8:65:88:14","sha256":"89:D4:D1:4E:BC:83:C9:C2:09:E9:10:88:E2:2F:D6:82:C7:6D:45:17:2B:C6:8B:1F:CA:43:02:DA:8B:E9:21:B2"}}},"request":{"raw":"GET /build/buzzlibrary.buzzplayer_submodules.js HTTP/1.1\r\nHost: tube.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://randpad.ru/\r\nCookie: uuid=674478e7-5a1c-4482-50cd-212e92c15434\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Tue, 23 Dec 2025 14:58:50 GMT\r\nexpires: Wed, 24 Dec 2025 23:00:00 GMT\r\ncontent-encoding: gzip\r\nx-cdn-edge-cache: HIT\r\nx-cdn-edge-id: 237\r\nx-cdn-request-id: 05f579512c729d59037d6b7f60b1c2c5\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173768,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65494), with no line terminators","md5":"354533172e367838032baf8e7f6313f2","sha1":"bba73a7c0e3a627b626b82ace32d2d007503b675","sha256":"eb2045931e6de1ddb6d326e566702d1b3fd37a00cac7e1efb15eb648bd33df74","sha512":"428000952f34f28292804f8333a73c631ba8aa751c247614af2123d06b425c25a1ce7b23135def41b16b54787d56b7b37e8599f3f365e5066a23a7968fdee5aa","ssdeep":"3072:/9FmFLvdn9tKlR6ahbe2n5n2VmmnoQr1yMoCFiYtXD7://mptKCagnoQr1yMoYiCn","tlshash":"e0042add7721b472439a92b8502f160a333a359de04085bdb9b9dce558b9c98223ff7c","first_seen":"2025-12-24T00:12:42.116623Z","last_seen":"2026-01-13T09:51:12.584465Z","times_seen":49,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cs.alfasense.com/p?ssp=bz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434\u0026_r=1","fqdn":"cs.alfasense.com","domain":"alfasense.com","tld":"com"},"ip":{"addr":"104.21.43.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"alfasense.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 17:33:11 GMT","end":"Thu, 05 Feb 2026 18:31:38 GMT"},"fingerprint":{"sha1":"7C:A8:71:BF:EA:34:98:A5:47:61:CD:C0:74:D4:29:41:ED:EF:BB:29","sha256":"E9:AE:19:EF:83:B7:81:30:53:5A:8D:B4:19:86:57:06:B1:38:A7:E5:D8:1A:48:63:E5:0A:10:A1:BF:4C:BD:78"}}},"request":{"raw":"GET /p?ssp=bz\u0026id=674478e7-5a1c-4482-50cd-212e92c15434\u0026_r=1 HTTP/1.1\r\nHost: cs.alfasense.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=47281db6-b003-4116-ad9a-0988c0e24d71\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 24 Dec 2025 22:30:23 GMT\r\ncontent-type: image/gif\r\ncontent-length: 35\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccess-control-allow-headers: authorization, DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncache-control: no-store, no-cache, must-revalidate\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-host: 192.168.0.7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tl4KIc0n%2B%2Fbm7BDPsnR5yautfGXKDfDPw8XcWKyd1qME05u0tzFKdC8cvBBA5STnvgG02mBajb0c56yz27q%2BvgA%2FSe7dsk0hjr19enJFxgc%3D\"}]}\r\ncf-ray: 9b338af58bfc723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"c2196de8ba412c60c22ab491af7b1409","sha1":"5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b","sha256":"6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992","sha512":"84e24a70b78e9de9c9d0dfeb49f3f4247dbc1c715d8844471ee40669270682e199d48f5fbec62bd984c9c0270534b407c4d2561dd6c05adec3c83c1534f32d5c","ssdeep":"","tlshash":"d4800003e280c002c2a2c0300e0ccb802b88b0208a28030fb0ec2baeec3a2a00c02000","first_seen":"2023-04-05T07:36:27Z","last_seen":"2026-04-03T22:30:40.081022Z","times_seen":150673,"resource_available":true,"data":null}},"time_used":1030,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":1029,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/rmatch?r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D\u0026dp=126\u0026tc=1\u0026euid=674478e7-5a1c-4482-50cd-212e92c15434","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.76","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://randpad.ru/tools/secret-santa/reveal?data=eyJnaXZlciI6ItCX0LDQvC4g0JfQsNCyLiDQotCfIHwgTWlsYSBMdW5hIiwicmVjZWl2ZXIiOiLQl9Cw0LwuINCX0LDQsi4g0JDQkSB8IFRvcmkgRWRlbHdlaXNzIiwib3JnYW5pemVyIjoiS29uc3RhbnRpbiBLdWpvIiwiZ3JvdXBOYW1lIjoi0KLQsNC50L3Ri9C5INCh0LDQvdGC0LAgfCBFTVMiLCJkYXRlIjoiMjAyNS0xMi0yNyIsImJ1ZGdldCI6ItCc0LjQvTogMTAwLjAwMCAkIiwibWVzc2FnZSI6IiIsInRpbWVzdGFtcCI6ItGC0L7Qu9GM0LrQviDRh9GC0L4ifQ","date":"2025-12-24T22:30:22.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 23:34:47 GMT","end":"Mon, 16 Feb 2026 23:34:46 GMT"},"fingerprint":{"sha1":"AC:F1:F0:AE:B9:73:CD:E9:4C:12:65:4C:8E:28:C1:DF:FC:44:BE:51","sha256":"58:33:3D:E8:B5:E5:84:B5:BD:3A:18:88:C0:D8:05:F1:BD:35:00:09:84:06:D0:DC:F9:0E:03:74:B3:96:2E:11"}}},"request":{"raw":"GET /rmatch?r=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdsp%2Fsape-banner%3Fuid%3D$%7BUSER_ID%7D\u0026dp=126\u0026tc=1\u0026euid=674478e7-5a1c-4482-50cd-212e92c15434 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://randpad.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cSyncDp14v6=1766615422; aid=fwAACWlMaX5QmiGE4zL5AtLH4NRM4YUmnlVM10vInxZNwhom; test_cookie=CheckForPermission\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Wed, 24 Dec 2025 22:30:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fexchange.buzzoola.com%252Fcookiesync%252Fdsp%252Fsape-banner%253Fuid%253D$%257BUSER_ID%257D\u0026dp=14\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nset-cookie: cSyncDp14v4=1766615422; expires=Fri, 23-Jan-26 22:30:22 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}