{"report_id":"a659b398-1a8d-4dc0-bc80-e2b7f8a7a60c","version":6,"status":"done","tags":[],"date":"2024-07-12T19:46:55Z","url":{"schema":"http","addr":"rule34video.arielfuuk.ru/","fqdn":"rule34video.arielfuuk.ru","domain":"arielfuuk.ru","tld":"ru"},"ip":{"addr":"87.236.146.83","port":0,"asn":62212,"as":"SmartApe OU","country":"Estonia","country_code":"EE"},"final":{"url":{"schema":"https","addr":"href.li/?runative-syndicate.com/api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid}","fqdn":"href.li","domain":"href.li","tld":"li"},"title":"href.li"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T09:57:25Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"href.li","ip":{"addr":"192.0.78.27","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":36866,"first_seen":"2012-05-22 14:39:06","last_seen":"2024-07-12 12:04:26","alert_count":0,"request_count":1,"received_data":976,"sent_data":555,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-11 18:12:19","alert_count":0,"request_count":3,"received_data":2664,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rule34video.arielfuuk.ru","ip":{"addr":"87.236.146.83","port":80,"asn":62212,"as":"SmartApe OU","country":"Estonia","country_code":"EE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":328,"sent_data":395,"comment":"","tags":null,"fingerprints":null},{"fqdn":"runative-syndicate.com","ip":{"addr":"195.201.244.188","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2019-01-25","domain_rank":31587,"first_seen":"2019-03-19 13:21:36","last_seen":"2024-06-26 12:29:22","alert_count":0,"request_count":2,"received_data":1355,"sent_data":810,"comment":"","tags":null,"fingerprints":null},{"fqdn":"u-9125.topduppy.info","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1230,"sent_data":660,"comment":"","tags":null,"fingerprints":null},{"fqdn":"gstguj.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-10-06","domain_rank":0,"first_seen":"2023-10-06 15:34:21","last_seen":"2024-06-19 14:10:44","alert_count":0,"request_count":1,"received_data":505,"sent_data":604,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-12T19:46:21Z","timestamp":1720813581,"ip_dst":{"addr":"192.0.78.27","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":53820,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)","source":"{\"timestamp\":\"2024-07-12T19:46:21.506626+0000\",\"flow_id\":1508721214452711,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":53820,\"dest_ip\":\"192.0.78.27\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2855174,\"rev\":1,\"signature\":\"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_24\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_24\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_24\"]}},\"tls\":{\"sni\":\"href.li\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":753,\"bytes_toclient\":4195,\"start\":\"2024-07-12T19:46:21.488423+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-12T19:46:21.138852129Z","timestamp":1720813581138,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4CD1772D378248E886EE96F55D956FF0856BA3F2EAE9F15A10136E68F450CA70\"\r\nLast-Modified: Fri, 12 Jul 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11153\r\nExpires: Fri, 12 Jul 2024 22:52:14 GMT\r\nDate: Fri, 12 Jul 2024 19:46:21 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4a4d81b1c193182fe2b1122877e94203","sha1":"fd1f4427cb5867a8f63ae15825279827bbf768e6","sha256":"4cd1772d378248e886ee96f55d956ff0856ba3f2eae9f15a10136e68f450ca70","sha512":"61f4bb9acbba2561d6955e226c265da8580e55737249254d345d70033c9bf375f8ab0b16e5064f7881b57a9f1785e0f800c583a762503f3cac58e8c9c74e67cb","ssdeep":"","tlshash":"aff0c0d32fb6bd116632613e99a4c56a6e14eded3801326424a002e76c017658746598","first_seen":"2024-07-12T16:58:11Z","last_seen":"2024-08-19T17:09:42.492325Z","times_seen":38979,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"rule34video.arielfuuk.ru/","fqdn":"rule34video.arielfuuk.ru","domain":"arielfuuk.ru","tld":"ru"},"ip":{"addr":"87.236.146.83","port":80,"asn":62212,"as":"SmartApe OU","country":"Estonia","country_code":"EE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-12T19:46:21.407Z","timestamp":1720813581407,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rule34video.arielfuuk.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Fri, 12 Jul 2024 19:46:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nReferrer-Policy: no-referrer\r\nLocation: http://href.li/?http://runative-syndicate.com/api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid}\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T15:57:26.609448Z","times_seen":14794715,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":27,"dns":1,"connect":29,"send":0,"wait":30,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"runative-syndicate.com/api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid}","fqdn":"runative-syndicate.com","domain":"runative-syndicate.com","tld":"com"},"ip":{"addr":"195.201.244.188","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-12T19:46:22.146Z","timestamp":1720813582146,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"runative-syndicate.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 30 Jun 2024 23:06:38 GMT","end":"Sat, 28 Sep 2024 23:06:37 GMT"},"fingerprint":{"sha1":"AB:C7:2F:3D:BA:CB:F2:17:FA:0A:67:B5:5F:8B:F1:67:EF:AD:43:B5","sha256":"21:76:08:99:6B:61:E4:E4:61:5C:4C:FA:12:95:11:F9:1F:3F:03:7B:0C:FB:21:BF:78:E7:A9:04:A0:03:7C:4B"}}},"request":{"raw":"GET /api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid} HTTP/1.1\r\nHost: runative-syndicate.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 12 Jul 2024 19:46:22 GMT\r\ncontent-length: 0\r\npragma: no-cache\r\nexpires: 0\r\nvary: *\r\nx-api-version: 2\r\nlocation: https://u-9125.topduppy.info/api/rtb-pops/go?id=3061558223756713\u0026sig=e343ae8c839c3d348ed562a8159c03\u0026u=aHR0cHM6Ly9nc3RndWouY29tL2N1aGRsP3doPVhyQXZmV1VkY1Q2ZlVKRHNERXNxU2wtcSZjbGlja2lkPXtjbGlja19pZH0mc2kxPXtzdWJfaWR9\r\nx-request-id: a9ea3cc9c65b37c2\r\nset-cookie: ts_uid=64b476e0-3ce5-4b5b-a550-6200ca9f9a9e; expires=Sun, 12 Jan 2025 19:46:22 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None\nts_last_click_id=ZUIED56PPE3yTNce_-s0VhKCRcDrApAvyPDMsFLl4EDZcAA4IAb_oK2v811zbeyCxgUkpQNzBNUy1ZR7XQqBrRM8DYfWcnxu_ACgiw_gUIDRUi; expires=Fri, 19 Jul 2024 19:46:22 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, no-transform\r\nx-robots-tag: none, noindex, nofollow\r\nreport-to: { \"url\": \"https://pxl.runative-syndicate.com/api/v1/heavy-ad/report\", \"max_age\": 86401 }\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T15:57:26.609448Z","times_seen":14794715,"resource_available":true,"data":null}},"time_used":392,"timings":{"blocked":105,"dns":18,"connect":38,"send":0,"wait":182,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u-9125.topduppy.info/api/rtb-pops/go?id=3061558223756713\u0026sig=e343ae8c839c3d348ed562a8159c03\u0026u=aHR0cHM6Ly9nc3RndWouY29tL2N1aGRsP3doPVhyQXZmV1VkY1Q2ZlVKRHNERXNxU2wtcSZjbGlja2lkPXtjbGlja19pZH0mc2kxPXtzdWJfaWR9","fqdn":"u-9125.topduppy.info","domain":"topduppy.info","tld":"info"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-12T19:46:22.439Z","timestamp":1720813582439,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"topduppy.info","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 19 May 2024 12:44:23 GMT","end":"Sat, 17 Aug 2024 12:44:22 GMT"},"fingerprint":{"sha1":"22:39:87:A0:B7:0E:D5:BB:69:DF:ED:85:37:DD:6A:6C:C7:25:E2:FF","sha256":"A6:10:6E:86:D1:AF:29:AA:80:0D:71:26:7F:97:1F:B0:09:7F:92:66:46:19:16:37:B8:E4:FC:73:2A:53:81:5A"}}},"request":{"raw":"GET /api/rtb-pops/go?id=3061558223756713\u0026sig=e343ae8c839c3d348ed562a8159c03\u0026u=aHR0cHM6Ly9nc3RndWouY29tL2N1aGRsP3doPVhyQXZmV1VkY1Q2ZlVKRHNERXNxU2wtcSZjbGlja2lkPXtjbGlja19pZH0mc2kxPXtzdWJfaWR9 HTTP/1.1\r\nHost: u-9125.topduppy.info\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 12 Jul 2024 19:46:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://gstguj.com/cuhdl?wh=XrAvfWUdcT6fUJDsDEsqSl-q\u0026clickid=NnF6N3xkYXp8OWhjbXFufFcxb3FtZz09fDMwNjE1NTgyMjM3NTY3MTN8MA==\u0026si1=3537333333383339395f3137323433\r\nreferrer-policy: no-referrer\r\nset-cookie: pop-u-id=a5ed0a6e450ab6228bdda831b9f31632a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22pop-u-id%22%3Bi%3A1%3Bs%3A33%3A%22dc26782a937912f526d0857215db6ed83%22%3B%7D; expires=Wed, 11-Jul-2029 19:46:22 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None\npop-u-uni-dc2678=d868806d8b779204f967f45534c862b0a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22pop-u-uni-dc2678%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Sat, 13-Jul-2024 19:46:22 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=zpa03oLq6AFJ9XahQEnUPZY3%2B6HDlIMAOB3bTR1rBReUypjFL9kSH235pwT1%2FBrvpW0YkmNtNs%2By9bodMnESAOpwxXgmuo5NSMNbifIvkIqcchqKOFCrwCc%2BjfbeoCOiR%2BeCmzuAgQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8a2389fa9a85b4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T15:57:26.609448Z","times_seen":14794715,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":54,"dns":43,"connect":1,"send":0,"wait":81,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-12T19:46:23.301763065Z","timestamp":1720813583301,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40\"\r\nLast-Modified: Wed, 10 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16674\r\nExpires: Sat, 13 Jul 2024 00:24:17 GMT\r\nDate: Fri, 12 Jul 2024 19:46:23 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50e4489707989517510128817aedd2ea","sha1":"36a54d7b34a9ac621715b569e5a870f62671c574","sha256":"3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40","sha512":"ed92692072bbfb8601b1412479f5eda9a2a39f91902dcfd261b22bd27435a591dcee983015bab15f63c3e2af60ced24f6dc0e1f02620ba660eb0c51fb02ac980","ssdeep":"","tlshash":"3ff0c90025e6f80252a6670abcabdb1f2c383e1636199280a0a012a2ed00bdbc3c51cc","first_seen":"2024-07-10T20:38:58Z","last_seen":"2024-08-19T17:21:03.235Z","times_seen":38767,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-12T19:46:23.302864987Z","timestamp":1720813583302,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40\"\r\nLast-Modified: Wed, 10 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16674\r\nExpires: Sat, 13 Jul 2024 00:24:17 GMT\r\nDate: Fri, 12 Jul 2024 19:46:23 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50e4489707989517510128817aedd2ea","sha1":"36a54d7b34a9ac621715b569e5a870f62671c574","sha256":"3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40","sha512":"ed92692072bbfb8601b1412479f5eda9a2a39f91902dcfd261b22bd27435a591dcee983015bab15f63c3e2af60ced24f6dc0e1f02620ba660eb0c51fb02ac980","ssdeep":"","tlshash":"3ff0c90025e6f80252a6670abcabdb1f2c383e1636199280a0a012a2ed00bdbc3c51cc","first_seen":"2024-07-10T20:38:58Z","last_seen":"2024-08-19T17:21:03.235Z","times_seen":38767,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"runative-syndicate.com/","fqdn":"runative-syndicate.com","domain":"runative-syndicate.com","tld":"com"},"ip":{"addr":"195.201.244.188","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-12T19:46:25.199372228Z","timestamp":1720813585199,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"runative-syndicate.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 30 Jun 2024 23:06:38 GMT","end":"Sat, 28 Sep 2024 23:06:37 GMT"},"fingerprint":{"sha1":"AB:C7:2F:3D:BA:CB:F2:17:FA:0A:67:B5:5F:8B:F1:67:EF:AD:43:B5","sha256":"21:76:08:99:6B:61:E4:E4:61:5C:4C:FA:12:95:11:F9:1F:3F:03:7B:0C:FB:21:BF:78:E7:A9:04:A0:03:7C:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: runative-syndicate.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Fri, 12 Jul 2024 19:46:25 GMT\r\nConnection: keep-alive\r\nX-Request-Id: 6ee041dcfb70fe7d\r\nCache-Control: no-transform\r\nX-Robots-Tag: none, noindex, nofollow\r\nReport-To: { \"url\": \"https://pxl.runative-syndicate.com/api/v1/heavy-ad/report\", \"max_age\": 86401 }\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T15:57:26.609448Z","times_seen":14794715,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gstguj.com/cuhdl?wh=XrAvfWUdcT6fUJDsDEsqSl-q\u0026clickid=NnF6N3xkYXp8OWhjbXFufFcxb3FtZz09fDMwNjE1NTgyMjM3NTY3MTN8MA==\u0026si1=3537333333383339395f3137323433","fqdn":"gstguj.com","domain":"gstguj.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-12T19:46:22.580Z","timestamp":1720813582580,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gstguj.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 29 May 2024 20:38:56 GMT","end":"Tue, 27 Aug 2024 20:38:55 GMT"},"fingerprint":{"sha1":"02:C4:E1:C6:38:AE:04:30:8B:40:70:06:E4:CB:2C:4C:DE:1E:05:53","sha256":"DD:76:46:80:EE:A2:F5:0A:D3:C2:E2:BD:96:1A:29:28:7D:C5:63:8D:93:0E:71:85:4E:D5:51:87:50:2A:4E:96"}}},"request":{"raw":"GET /cuhdl?wh=XrAvfWUdcT6fUJDsDEsqSl-q\u0026clickid=NnF6N3xkYXp8OWhjbXFufFcxb3FtZz09fDMwNjE1NTgyMjM3NTY3MTN8MA==\u0026si1=3537333333383339395f3137323433 HTTP/1.1\r\nHost: gstguj.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Fri, 12 Jul 2024 19:46:22 GMT\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=1tF0n7lYr8gCXMsuupxmYpiz15yuAULCle0%2BYGZJBBgjo4oxIAD2Y%2FWs%2BtWbEs5Bc45r1vE1W%2BNghZvMb7CYeRdMD1cufHQVXwLyE738rSIfVINZVCKdSx2mFEOo\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8a2389fb795756bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T15:57:26.609448Z","times_seen":14794715,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":54,"dns":44,"connect":1,"send":0,"wait":30,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"href.li/?http://runative-syndicate.com/api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid}","fqdn":"href.li","domain":"href.li","tld":"li"},"ip":{"addr":"192.0.78.27","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-12T19:46:21.490Z","timestamp":1720813581490,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tls.automattic.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jul 2024 00:30:51 GMT","end":"Sat, 05 Oct 2024 00:30:50 GMT"},"fingerprint":{"sha1":"0E:CF:31:C9:F4:E9:37:33:F9:7D:3E:1F:0B:E7:17:48:2B:0A:F4:80","sha256":"FA:50:7D:36:3F:26:59:4F:CA:35:ED:40:0A:30:E0:DF:45:DB:21:51:B3:8C:F4:55:4C:28:AF:0E:F9:A2:3E:CB"}}},"request":{"raw":"GET /?http://runative-syndicate.com/api/v1/direct/0c83054d59f7412da4bd091bc04cb177?extid={extid} HTTP/1.1\r\nHost: href.li\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 12 Jul 2024 19:46:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nx-ac: 3.arn _dca MISS\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":704,"size_decoded":704,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (735), with no line terminators","md5":"b5b1694142aa9b18a9f328a279e60bb7","sha1":"c998cc1e9f48d6b706f5e16458f3ef5261046784","sha256":"32ebbd19f7e819f86b1c1181bfb6a81023ff81e0ec0775455bea1c08c570012f","sha512":"347e2d3be179b90ac31cfdaa7db8ab1d5f5979b16c1d2160b4d5c911c602bc50a4ccb1dfc343009f7215cc56df325ea9975776552c847c31398ec688cb211586","ssdeep":"","tlshash":"c80168fbb88242050c51594026f23a2c62178073adcee9fa0a800fcb37453aec57578f","first_seen":"2024-07-12T21:47:01Z","last_seen":"2024-08-29T17:48:37.746298Z","times_seen":5,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":51,"dns":0,"connect":7,"send":0,"wait":336,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}