Overview

URLm-ora-zzia.ru/
IP 23.147.229.205 (United States)
ASN#35913 DEDIPATH-LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-05 21:52:22 UTC
StatusLoading report..
IDS alerts0
Blocklist alert12
urlquery alerts No alerts detected
Tags None

Domain Summary (28)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
js.wpadmngr.com (1) 25762 No data No data 45.133.44.25
ocsp.pki.goog (2) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
0d9b072dfd.69c28fb7f4.com (4) 0 No data No data 157.90.84.246 Unknown ranking
rtbrennab.com (1) 0 2022-04-20 15:49:10 UTC 2022-12-05 18:07:33 UTC 162.55.139.130 Unknown ranking
pornfoto.me (1) 0 2020-01-01 02:00:15 UTC 2022-12-04 01:55:56 UTC 104.21.10.240 Unknown ranking
encrypted-tbn0.gstatic.com (1) 0 2016-10-13 06:07:35 UTC 2022-12-05 13:51:23 UTC 142.250.74.78 Domain (gstatic.com) ranked at: 540
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.148.84.125
76ca6cb984.394a0b8c7d.com (1) 0 No data No data 94.130.197.134 Unknown ranking
ads.trackingtraffo.com (2) 0 No data No data 142.132.194.196 Unknown ranking
8bffb102cc.2fcac3300c.com (2) 0 No data No data 159.69.163.6 Unknown ranking
js.cabnnr.com (1) 37463 No data No data 45.133.44.24
m-ora-zzia.ru (4) 0 2022-11-24 17:29:07 UTC 2022-11-24 17:29:07 UTC 23.147.229.205 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
fp.metricswpsh.com (2) 0 2022-04-22 11:20:32 UTC 2022-12-05 18:07:25 UTC 157.90.84.242 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
ec5363b16e.69c28fb7f4.com (1) 0 No data No data 45.133.44.25 Unknown ranking
track.trackingtraffo.com (2) 0 No data No data 88.214.206.175 Unknown ranking
static.bookmsg.com (1) 47495 2020-11-24 14:56:32 UTC 2022-12-05 14:58:32 UTC 116.202.204.12
cdn.1vag.com (1) 48829 No data No data 45.133.44.24
r3.o.lencr.org (17) 344 No data No data 23.33.119.27
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
notification.tubecup.net (1) 8210 2019-08-30 09:36:01 UTC 2022-12-05 18:16:01 UTC 168.119.25.64
eropho.org (1) 0 2021-03-31 15:01:53 UTC 2022-11-03 04:19:39 UTC 5.45.69.241 Unknown ranking
0fc7a1648c.a533857c63.com (4) 0 No data No data 45.133.44.25 Unknown ranking
ocsp.sectigo.com (2) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (5) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
btds.zog.link (1) 38469 2019-10-07 21:35:03 UTC 2022-12-05 14:33:56 UTC 109.206.176.75

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-05 2 a533857c63.com Sinkholed
2022-12-05 2 69c28fb7f4.com Sinkholed
2022-12-05 2 a533857c63.com Sinkholed
2022-12-05 2 69c28fb7f4.com Sinkholed
2022-12-05 2 394a0b8c7d.com Sinkholed
2022-12-05 2 a533857c63.com Sinkholed
2022-12-05 2 69c28fb7f4.com Sinkholed
2022-12-05 2 69c28fb7f4.com Sinkholed
2022-12-05 2 69c28fb7f4.com Sinkholed
2022-12-05 2 2fcac3300c.com Sinkholed
2022-12-05 2 2fcac3300c.com Sinkholed
2022-12-05 2 a533857c63.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 23.147.229.205
Date UQ / IDS / BL URL IP
2022-12-05 21:52:22 +0000 0 - 0 - 12 m-ora-zzia.ru/ 23.147.229.205


Last 5 reports on ASN: DEDIPATH-LLC
Date UQ / IDS / BL URL IP
2023-01-28 10:51:13 +0000 2 - 5 - 1 ifilgglvbp.duckdns.org/JNDIExploit.v1.4.zip 63.251.217.14
2023-01-28 10:51:05 +0000 2 - 5 - 1 ifilgglvbp.duckdns.org/a.zip 63.251.217.14
2023-01-28 10:11:48 +0000 0 - 4 - 0 vgpyomqsng.duckdns.org/ 45.88.168.229
2023-01-28 10:02:45 +0000 2 - 5 - 1 odvifzhoml.duckdns.org/JNDIExploit.v1.4.zip 63.251.217.14
2023-01-28 10:02:38 +0000 2 - 5 - 1 odvifzhoml.duckdns.org/a.zip 63.251.217.14


Last 1 reports on domain: m-ora-zzia.ru
Date UQ / IDS / BL URL IP
2022-12-05 21:52:22 +0000 0 - 0 - 12 m-ora-zzia.ru/ 23.147.229.205


No other reports with similar screenshot

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (67)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: m-ora-zzia.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         23.147.229.205
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 05 Dec 2022 21:52:11 GMT
Content-Length: 3495
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (6443), with CRLF line terminators
Size:   3495
Md5:    9ed7b43e640fac32ea03e75b432325e0
Sha1:   b0cfc79698091bf5ef576f0d96447bf02ebcd8e1
Sha256: 2228106f48ab511a109d8c5d03034ae099a4691f1908793761834f162086774b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Mon, 05 Dec 2022 22:38:40 GMT
Date: Mon, 05 Dec 2022 21:52:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 7
Cache-Control: max-age=131955
Date: Mon, 05 Dec 2022 21:52:11 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:31:26 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 21:18:31 GMT
cache-control: public,max-age=3600
age: 2020
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18617
Expires: Tue, 06 Dec 2022 03:02:28 GMT
Date: Mon, 05 Dec 2022 21:52:11 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: aCJzhANc9X8W/cKSuKlo6ioDGzTbNj3Qz3lDdohtLq9gnJ9hH2rG1gcQ0QQui02BIWdjIs23AjQ=
x-amz-request-id: 0X1YMKMMDTP5HNWV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 21:48:40 GMT
age: 211
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 05 Dec 2022 21:52:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /site/style.css HTTP/1.1 
Host: m-ora-zzia.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Cookie: ftt2=eyJpcCI6MTUzMjYzNTgwMiwiZiI6MCwicyI6Im5vcmVmIiwidiI6W10sImNjIjowLCJpbiI6MX0=

search
                                         23.147.229.205
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Mon, 05 Dec 2022 21:52:11 GMT
Last-Modified: Mon, 05 Dec 2022 13:15:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638deef6-5b6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  assembler source, ASCII text, with CRLF line terminators
Size:   500
Md5:    bfead7fdb1147e055308c7a09b99cd7a
Sha1:   88a90f349af6e2299f685c2b4d6410b0dabd49cc
Sha256: 76ce4fc47359d6697002dbf49c9da7967df4be7d3902c9f5a06cfb8df1fb66e2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 21:52:11 GMT
Server: ECS (amb/6BB2)
Content-Length: 279

                                        
                                            GET /ftt2/check.php?t=1670277131&check=13c0c67141735da8322adb5b46e9a1e7&rand=39967 HTTP/1.1 
Host: m-ora-zzia.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Cookie: ftt2=eyJpcCI6MTUzMjYzNTgwMiwiZiI6MCwicyI6Im5vcmVmIiwidiI6W10sImNjIjowLCJpbiI6MX0=

search
                                         23.147.229.205
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Mon, 05 Dec 2022 21:52:11 GMT
Content-Length: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
X-Robots-Tag: noindex


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    a87ff679a2f3e71d9181a67b7542122c
Sha1:   1b6453892473a467d07372d45eb05abc2031647a
Sha256: 4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a
                                        
                                            GET /images/miniscreen/54aS58zih9bHHGe_1618343852.jpg HTTP/1.1 
Host: pornfoto.me
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.10.240
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 05 Dec 2022 21:52:11 GMT
content-length: 21168
last-modified: Tue, 13 Apr 2021 19:57:33 GMT
etag: "6075f7ad-52b0"
expires: Wed, 04 Jan 2023 00:06:00 GMT
cache-control: max-age=2678400
strict-transport-security: max-age=31536000;
cf-cache-status: HIT
age: 164771
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xm%2F2%2B%2FpupPZOBpnxXW3OwlMC4LwxlTFqikcuNOdecZv2Twj%2BokThtdeJOTHjouFBjer7iMsC6ncpe%2FO%2B1dO5mFtDQvpGerIcAkj%2B3J6xQqWkJ0%2F9Iz%2BpaBXYM14Vnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775001e88e1db521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", progressive, precision 8, 300x435, components 3\012- data
Size:   21168
Md5:    7a35b92cf4cc1d8a1f31090a7895a521
Sha1:   aa3dd063c18cbd14cff1417943b0c7770b8c682c
Sha256: f5f2a718038c99157156671c894976586b630cffb5f088b778ee9647434daf1f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 21:52:11 GMT
Last-Modified: Mon, 05 Dec 2022 21:52:11 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4F24639A96F5DD53819FF191534C8BCCB1C774B1A602EC8FA6C570101F5A29BD"
Last-Modified: Sun, 04 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8542
Expires: Tue, 06 Dec 2022 00:14:33 GMT
Date: Mon, 05 Dec 2022 21:52:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0F88A6598CA8813DAAB0BC950FDCB439DC464536BBCB79FE038D413B77491916"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 06 Dec 2022 03:52:11 GMT
Date: Mon, 05 Dec 2022 21:52:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "26C86C66E3854454B5E0A34A0FA0B7D4605D0B7CA459053C2B0A5879DD8CF550"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8638
Expires: Tue, 06 Dec 2022 00:16:09 GMT
Date: Mon, 05 Dec 2022 21:52:11 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 21:08:58 GMT
cache-control: public,max-age=3600
age: 2593
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /npc/sdk/wp-banners.js HTTP/1.1 
Host: js.wpadmngr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:11 GMT
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Mon, 05 Dec 2022 21:57:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

                                        
                                            GET /uploads/posts/2022-02/thumbs/1645625233_03.jpg HTTP/1.1 
Host: eropho.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         5.45.69.241
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.14.1
Date: Mon, 05 Dec 2022 21:52:11 GMT
Content-Length: 46060
Last-Modified: Wed, 23 Feb 2022 14:07:13 GMT
Connection: keep-alive
ETag: "62163f91-b3ec"
Expires: Mon, 12 Dec 2022 21:52:11 GMT
Cache-Control: max-age=604800
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 400x600, components 3\012- data
Size:   46060
Md5:    268b94a64cabf8c630d0b9a7b9b6cb80
Sha1:   aa1be9ff7f74739fee734962a9d5db1a8b8ba352
Sha256: 80dd8d3a9b96b933a7cb9ea5956d6e844b9412a2ea9c009541e4ed8d19688fea
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 21:52:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6598
Cache-Control: max-age=133478
Date: Mon, 05 Dec 2022 21:52:12 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:56:50 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /images?q=tbn:ANd9GcRra6Y5rfPArJ8tU136CAtcfUQ_lS_ucwIurO0iXryUa22PVq1kTNcS8oTJonPeQYjNEsY&usqp=CAU HTTP/1.1 
Host: encrypted-tbn0.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.78
HTTP/2 200 OK
content-type: image/jpeg
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 6612
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 15:06:58 GMT
expires: Tue, 05 Dec 2023 15:06:58 GMT
cache-control: public, max-age=31536000
age: 24314
last-modified: Sun, 01 Nov 2020 06:36:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 183x275, components 3\012- data
Size:   6612
Md5:    bdfda3065422384b4ce297eee4eb4671
Sha1:   e0521bc1b507f136676718dd4f5589cd47076562
Sha256: d456837e71d1027230e2c71ff548675dc77390800b4f0a6f1d398d89989a2d6e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: m-ora-zzia.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Cookie: ftt2=eyJpcCI6MTUzMjYzNTgwMiwiZiI6MCwicyI6Im5vcmVmIiwidiI6W10sImNjIjowLCJpbiI6MX0=

search
                                         23.147.229.205
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 05 Dec 2022 21:52:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 24 Nov 2022 15:30:03 GMT
ETag: W/"586-5ee39143a674c"
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   721
Md5:    f49a8d7adf88ea8c7969907bb03e542b
Sha1:   d6bbb6fde5c7df1306da3fb8f5f67979cdbc8941
Sha256: e411d42c08761c41769e0ac75f885c99adb37878ad3c50a33cfe6852192ec7fa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 21:52:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0EF9C269D2CD40F3D1A599ED4E95EFDAAA9521E8E4E821A34656E17D663B216D"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8440
Expires: Tue, 06 Dec 2022 00:12:52 GMT
Date: Mon, 05 Dec 2022 21:52:12 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W4SAJXUa9nHPJRqmVT4N+Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.84.125
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +nukcvV+aK2DjzBQa+fMOjfiwhM=

                                        
                                            OPTIONS /fp?tag_id=25760 HTTP/1.1 
Host: fp.metricswpsh.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://m-ora-zzia.ru/
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         157.90.84.242
HTTP/1.1 204 No Content
                                        
Server: nginx/1.20.1
Date: Mon, 05 Dec 2022 21:52:12 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://m-ora-zzia.ru
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

                                        
                                            GET /tags?tag_id=25760&timezone_olson=UTC&version_name=d HTTP/1.1 
Host: notification.tubecup.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         168.119.25.64
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.18.0
date: Mon, 05 Dec 2022 21:52:12 GMT
content-length: 3950
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (3950), with no line terminators
Size:   3950
Md5:    bb577fdfab96f04a01f979db891eb251
Sha1:   36b3996bfa32e06b0e1af138cde5ac8218409627
Sha256: 50cf04eb9e596677874fc49ce794e378757e3dabf17fc4ed957ff9eaffe3212e
                                        
                                            GET /42632260c1bf4ea3c58ef4edadc96eda.js HTTP/1.1 
Host: 0fc7a1648c.a533857c63.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:12 GMT
server: nginx/1.18.0
last-modified: Thu, 01 Dec 2022 09:44:36 GMT
etag: W/"63887784-add7"
content-encoding: gzip
expires: Mon, 05 Dec 2022 21:57:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   16832
Md5:    7d67952d1981d672f78f632eb0241f9d
Sha1:   9ba9ccf15059123a003edda2ca600dcac1ca9883
Sha256: a7673332c7650a460abfa26518697509ad72642f8704b0c3912e3ea24d24ff19

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /fp?tag_id=25760 HTTP/1.1 
Host: fp.metricswpsh.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22286
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         157.90.84.242
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx/1.20.1
Date: Mon, 05 Dec 2022 21:52:12 GMT
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://m-ora-zzia.ru
Set-Cookie: id=9822760893492424485; Expires=Tue, 05 Dec 2023 21:52:12 GMT; Secure; SameSite=None
Vary: Origin


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   28
Md5:    e3af49472d683a217237a6ebaf79bcb7
Sha1:   378db4d7e6171a2676ee15c80b4475d7f5ec9742
Sha256: 7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2AC046913D19416605F7F784E79E0D0081D427927BE04DEA01820B19EB7FE459"
Last-Modified: Sun, 04 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17441
Expires: Tue, 06 Dec 2022 02:42:53 GMT
Date: Mon, 05 Dec 2022 21:52:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "243C4B12BD9CD28374FFE1069CAA9A4F69569EABA0168D90C871862B01F67499"
Last-Modified: Sun, 04 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18978
Expires: Tue, 06 Dec 2022 03:08:30 GMT
Date: Mon, 05 Dec 2022 21:52:12 GMT
Connection: keep-alive

                                        
                                            GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxODA1Njk0NTAwMDgwNzk3NzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE3LjMiLCJ0YWdfaWQiOjI1NzYwLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjcsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6Im0tb3JhLXp6aWElMjAifQ== HTTP/1.1 
Host: ec5363b16e.69c28fb7f4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.25
HTTP/2 200 OK
                                        
date: Mon, 05 Dec 2022 21:52:12 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2AFE17DA774008ACDFB795F382BEE37345160A330962486E7F48CE0AECB1BCCA"
Last-Modified: Sun, 04 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2974
Expires: Mon, 05 Dec 2022 22:41:46 GMT
Date: Mon, 05 Dec 2022 21:52:12 GMT
Connection: keep-alive

                                        
                                            GET /f1f3a1dec56f33ecc34684d563bcd32c.js HTTP/1.1 
Host: 0fc7a1648c.a533857c63.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:12 GMT
server: nginx/1.18.0
last-modified: Fri, 02 Dec 2022 07:29:13 GMT
etag: W/"6389a949-48230"
content-encoding: gzip
expires: Mon, 05 Dec 2022 21:57:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   72787
Md5:    b60bcd59d1f6ca4c6aec127fbe4b69bb
Sha1:   c7ecd298144268a964306c3c3798af0a851bd309
Sha256: 8e78b1b73538d1dde2f69f246263d21d506b0a7631c931be47d3228f8f5da681

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /in/multy HTTP/1.1 
Host: 0d9b072dfd.69c28fb7f4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://m-ora-zzia.ru/
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         157.90.84.246
HTTP/2 204 No Content
                                        
server: nginx/1.20.1
date: Mon, 05 Dec 2022 21:52:13 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /get/ HTTP/1.1 
Host: 76ca6cb984.394a0b8c7d.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://m-ora-zzia.ru/
Content-Type: text/plain;charset=UTF-8
Origin: http://m-ora-zzia.ru
Content-Length: 546
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         94.130.197.134
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.16.0
date: Mon, 05 Dec 2022 21:52:13 GMT
content-length: 1753
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1753), with no line terminators
Size:   1753
Md5:    4364dd634440c0ba7b0b0757207db7ba
Sha1:   67128450f5aa79d29d4f47ca4af53e9d237063f3
Sha256: 79e34165ae8d276e9e5e2440a047b36676074fbfdbff0c172af4129deb4e5853

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 21:52:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 21:52:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 21:52:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 21:52:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:49:47 GMT
age: 146
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /12c1ba185c2e9670527e945cd2bb8445.js HTTP/1.1 
Host: 0fc7a1648c.a533857c63.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:12 GMT
server: nginx/1.18.0
last-modified: Thu, 13 Oct 2022 09:19:10 GMT
etag: W/"6347d80e-16007"
content-encoding: gzip
expires: Mon, 05 Dec 2022 21:57:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   35110
Md5:    25b1f651de7f4f6d365fb44b465a19fc
Sha1:   b29452355cec8c97a9c5f1339e618f306ddb3505
Sha256: 96a226595cb42b81f526150adb9b2531e759c966b8cce0e2ea37e8469e58a726

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xXZKQokvEn01KKCxpvmljAhSNK1Ya-FYSqvkuKjqVTOlO3o3cjbw9w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:44:06 GMT
age: 487
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TKSlCefkyQ7VDufJJOh1D7zhioft93jfOsoXxTD4ncAK5ktxlPvIoA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:07 GMT
age: 6
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8469
Md5:    2f60a6490f38a772dcd50a1132e98e1b
Sha1:   ff254a1df087d2c157d88a6ef04e395dc49efe5e
Sha256: 653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 11:06:22 GMT
age: 38751
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10396
Md5:    24c69d7ef356b352956d6dcbc9f5df1d
Sha1:   2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
Sha256: 94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:09:54 GMT
age: 85339
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7728
Md5:    027480c06cd67621f373c6765dafee4d
Sha1:   9f80bb7ca6f699d88eaec2248dec508c589fe994
Sha256: f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
                                        
                                            POST /in/multy HTTP/1.1 
Host: 0d9b072dfd.69c28fb7f4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 697
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         157.90.84.246
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.20.1
date: Mon, 05 Dec 2022 21:52:14 GMT
content-length: 18821
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (18818), with no line terminators
Size:   18821
Md5:    8ce3c1b749ebef4f8537c3d7d3085816
Sha1:   36e7285890387b0052c706a1841da4502ce7efb2
Sha256: 4b84576c3de731a71b2fab886e7d1c6ef7552b2e8c84d121915b36d90c761b1f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /in/show/?mid=2552467414181834307&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=155935005&sid=2163130531&cid=13433&price=0.0031&is_cpm=0&cpm=0&ecpm=0.04044727859192922&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.5.2&ver_c=&refdom=m-ora-zzia.ru&hostname=auc-inpage-hz-1-b&site_id=3118016&spot_id=18016&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-12-05&is_native=2&auction_queue=0&burl=QSGIyQwdyGdbCTqUwLrHYWEmBYJmC8G1B3ucPB-bcs4KyEKGT3SQmg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5318016&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.006812555911012548&placement_type_id=&skin_test=0&verify_hash=cc943eab3380672479c0aa5195e75a9d&score=86.34880370078758&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D155935005%26spot_id%3D18016%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fm-ora-zzia.ru%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0031&user_fp=0&v2_track=0&url=WVMsj22ieZzWhEzbuZHWsRbUID7bh-jEqAwJW1a2bZBayAZ58E3uCM4gKlV-cBxJ_oCxhYyTvkcQ_CpmdWKDZPGC-TwCLLrDFd1OkGhoJVOLuLTQgSLSOZcR3CLY7dTUxoWnN78qrj4h0tt5zBLc5kWQy6PWO6omA_v8od1lN8JsdWjtWQ&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&skin_id=30&vertical_id=0&real_bid=0.00244559&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=&label_ids=4,83,89,0&mlc=1&format=gambling-slide-b_r-body&mlf=1&cpa=7d3362c2-a460-4884-82bc-7c06b4209768 HTTP/1.1 
Host: 0d9b072dfd.69c28fb7f4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         157.90.84.246
HTTP/2 302 Found
                                        
server: nginx/1.20.1
date: Mon, 05 Dec 2022 21:52:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /in/show/?mid=2552467414181834307&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=155935005&sid=2163130531&cid=13803&price=0.0838&is_cpm=0&cpm=0&ecpm=0.19421521794998517&crid=&crtid=797b6e15210af5b5ac8adb7c40138032&tcid=0&out_id=0&ver=8.5.2&ver_c=&refdom=m-ora-zzia.ru&hostname=auc-inpage-hz-1-b&site_id=3118016&spot_id=18016&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-12-05&is_native=1&auction_queue=0&burl=AN4sy_v_5W8jjWz5rfnTqiaZ0fHlSV09m9nqo42c28yEo_Di7Krt8A&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7318016&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0011400153642384106&placement_type_id=&skin_test=0&verify_hash=d587632136b55ece8892551516b91885&score=86.34880370078758&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D155935005%26spot_id%3D18016%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fm-ora-zzia.ru%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.0838&user_fp=0&v2_track=0&url=ubltBuVWIDuK87QERpKtOrWR-CE843mqhewnvUpjzsmeQJac2bLJwleONMV8D74tKU5eK1epYP9sEoUxFVRrmNQA7WSGgXJj7JflBbbC7Go47I1uauqXNaAwpjqmPqEeGVevFFXjjQ2MEA-jZmwceoTujldE9xsbFn6aTJ7wpEOd44H3I5ql7yM96EepDDfi9-P_NDpLrM3l4tDQnxg2FZG_pUTc29hpnmBKRR6tH0AInAPxcV65q8t5egbGywxIUN3TZJj0z-6oMjGVI_a-hdceG6dy3A2dh3N8aNm4SYSTalOye9gJSbZA9NeMxEC34QQUknxbu3D7anmP2Ppqbq6LYZo9xQLFi7EcpSHD72cM7EJ64Pd8PrIMhNYvfgW6epXJe8DC_ikpfN6iHytAC-2HZMQtKf8ygP5EZ5R9t1K-NOQNtuij-ULOT1QFe7bwdy_-dNZNHJp-yMiWwshCJah5_ZjPhzjLvfPUu_Xo8q7Zyfgcjb-GDxXdLqDbDe8rHTd24h0nWmt113JtYVZksGe9v4LAZ54dngEP1CaCd84PawdAuv8RDvYe7AU_up7kNhjLDG-DUOeZSUuISsqC6fI66MsgLWt_mggyVMwfR2gtryNcNfWAHm6OPqX_G_hL1m8sa_macNqvwNaKwNNs4glxU9Xnt2r1BzjpXg5oL9I5WNxZtaQslNpBiO06dO8qWW2GCaSG5kqujKhJiliOwlgOcDgcaLO5JEYIME5d_eFmDL0j3F3VxG4N-o_ESAdWGayDQ9ik_Iir4PS5-vf5KBz6U8TTEHLOTq6-n5MsEZ_AUWPFg6REF7_ENIoCi3oe_ZtX7NBH_6J0CqHStiAsypADfEOz&image_url=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fim%3Fauth%3Dkj7u89%26c%3D9rIK4VY2R1Dr8JyNSLz1UNyAr8n8nMr42-Ydm9yCRA_quecdiXfcnm7rPawq8Z7Pa8xFPDLQaoFXKqDeF-JWoPCeArecBl7vLDRSjV6OPuQFrD6XTcFkSSK4JvRfda_F1w5bWJaU86HdFZB5sPWipQz6frDqUQx1Xr-UtIhyttLfc0nPrv4VJfp01yBmHpjw_f7_gd_WnQX2xiLMhG7h-c0fteVy2034qC9MvodEebMQCIK07-G6s_fZuhONfefwU8hmar2TgA_hOUeQuCeLiKWSWhmUCdPY9U8xRtEx15KxKWt-WuUYS8YJdrt5gZb0IMKo8Or4m03V1U9om3awWVdK_E6qJ9ABdUdTfZKCkV9z3-bi_azCM-GjAChnOLl1TrFzByOsCptZzG-TQVGftwcJzTDRGFvlFTpOzOYY9hmbCfnvhh0PwN33GMGyPRMP3wuT-6vbN-mCnvnzV7b5yjNLBjGnFPcaS29qiP5MDFoBFr67eqLa6TILCREJ2UsmzmcdJuofCxPrOzMtCPo4tb0tHMk&skin_id=30&vertical_id=15&real_bid=0.07017412&pr=&user_keywords=&auc_type=1&aid=3335&ext_cid=0&device_theme=light&keywords=&label_ids=83,90,15,4&format=gambling-slide-b_r-body&cpa=f342b062-6d03-4c5f-abba-51940d845fcd HTTP/1.1 
Host: 0d9b072dfd.69c28fb7f4.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         157.90.84.246
HTTP/2 302 Found
                                        
server: nginx/1.20.1
date: Mon, 05 Dec 2022 21:52:14 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://track.trackingtraffo.com/push/ic?auth=kj7u89&c=m8GfYGFdRKi_t3VLSbXrpwxhY42VKBiPMR9whPdzxJC9Z4vf8tL5bKb7E-L6HrQnLF_6B6BzYwh0fRHcDv6wOGLP0TKrympuA_bPzErMplt6apyrmVwb5i6eFyRv3IRXgt8o_oCvslbAOk2YEDDl2MUJwwT-ulydt1KUPWX5vpQP5UtU_cAQMcB6arB1dDQWPeymQymnrTfFs33mszn_-q-zfbnqr4EC2YHJqNqV8BsUaXu2r2XJwxTNThdcHt0PmoGpKfVn44-PYBEu6ZSaHd7jUCc9bbgd_eAW67eqIENo1HPVXQz4NHeFbF6zHdAuJtwG-FnvUJIKAYceJuMAR5wWs6G7haUNmhOP1wy4f5js-ArH5HH58Ubt785ya3YUXMC8l2oEQtd-6khoxdvB77UbVT8gaafhYZTOveHb9hXsRjKqCMM2m6kuJAQWtq007hiRJY7XLx0DsCO33cqdbB4YaUMuMiwIP_-pPD-z2SHseDGwfUIul-smTOoBtrhVc-9uc8AXvfsco5lpC8lYqNfYcirEP0FTTKqsCw
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1 
Host: static.bookmsg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         116.202.204.12
HTTP/2 200 OK
content-type: image/webp
                                        
server: nginx/1.18.0
date: Mon, 05 Dec 2022 21:52:14 GMT
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   790
Md5:    65156a660e465299370ebd90d84aa461
Sha1:   12ff60b17f579a77e42a8be7b6b1892fc71be33d
Sha256: e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 21:52:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=482543,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775001fb5b92b4f4-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 05 Dec 2022 21:52:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:39 GMT
Expires: Sun, 11 Dec 2022 12:04:38 GMT
Etag: "cdcf062ccd27731f447c794459fb283d185dd2da"
Cache-Control: max-age=482543,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775001fb5b89b524-OSL

                                        
                                            GET /push/ic?auth=kj7u89&c=m8GfYGFdRKi_t3VLSbXrpwxhY42VKBiPMR9whPdzxJC9Z4vf8tL5bKb7E-L6HrQnLF_6B6BzYwh0fRHcDv6wOGLP0TKrympuA_bPzErMplt6apyrmVwb5i6eFyRv3IRXgt8o_oCvslbAOk2YEDDl2MUJwwT-ulydt1KUPWX5vpQP5UtU_cAQMcB6arB1dDQWPeymQymnrTfFs33mszn_-q-zfbnqr4EC2YHJqNqV8BsUaXu2r2XJwxTNThdcHt0PmoGpKfVn44-PYBEu6ZSaHd7jUCc9bbgd_eAW67eqIENo1HPVXQz4NHeFbF6zHdAuJtwG-FnvUJIKAYceJuMAR5wWs6G7haUNmhOP1wy4f5js-ArH5HH58Ubt785ya3YUXMC8l2oEQtd-6khoxdvB77UbVT8gaafhYZTOveHb9hXsRjKqCMM2m6kuJAQWtq007hiRJY7XLx0DsCO33cqdbB4YaUMuMiwIP_-pPD-z2SHseDGwfUIul-smTOoBtrhVc-9uc8AXvfsco5lpC8lYqNfYcirEP0FTTKqsCw HTTP/1.1 
Host: track.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         88.214.206.175
HTTP/1.1 302 Found
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 21:52:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National Casino black.png

                                        
                                            GET /push/im?auth=kj7u89&c=9rIK4VY2R1Dr8JyNSLz1UNyAr8n8nMr42-Ydm9yCRA_quecdiXfcnm7rPawq8Z7Pa8xFPDLQaoFXKqDeF-JWoPCeArecBl7vLDRSjV6OPuQFrD6XTcFkSSK4JvRfda_F1w5bWJaU86HdFZB5sPWipQz6frDqUQx1Xr-UtIhyttLfc0nPrv4VJfp01yBmHpjw_f7_gd_WnQX2xiLMhG7h-c0fteVy2034qC9MvodEebMQCIK07-G6s_fZuhONfefwU8hmar2TgA_hOUeQuCeLiKWSWhmUCdPY9U8xRtEx15KxKWt-WuUYS8YJdrt5gZb0IMKo8Or4m03V1U9om3awWVdK_E6qJ9ABdUdTfZKCkV9z3-bi_azCM-GjAChnOLl1TrFzByOsCptZzG-TQVGftwcJzTDRGFvlFTpOzOYY9hmbCfnvhh0PwN33GMGyPRMP3wuT-6vbN-mCnvnzV7b5yjNLBjGnFPcaS29qiP5MDFoBFr67eqLa6TILCREJ2UsmzmcdJuofCxPrOzMtCPo4tb0tHMk HTTP/1.1 
Host: track.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         88.214.206.175
HTTP/1.1 302 Found
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 21:52:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659515047166-national-casino.png

                                        
                                            GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047166-national-casino.png HTTP/1.1 
Host: ads.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.132.194.196
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 21:52:15 GMT
Content-Length: 4596
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-11f4"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 433 x 176, 8-bit colormap, non-interlaced\012- data
Size:   4596
Md5:    edffdc6a4138205965ac7c1440fbfb50
Sha1:   9cff09cdfdc1e054c431e6cbf4c12e4ec681e601
Sha256: 83ff002a01d8c1668fc4a851cc3eb1c24b929c4aced7ff7eb32b9ae3711c7498
                                        
                                            GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659515047164-National%20Casino%20black.png HTTP/1.1 
Host: ads.trackingtraffo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.132.194.196
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 05 Dec 2022 21:52:15 GMT
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:24:07 GMT
Connection: keep-alive
ETag: "62ea30a7-1168"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   4456
Md5:    58be17b22d6e1178a54c92cf862c817e
Sha1:   b821bc2f016751647df49e49863077e927a70322
Sha256: 9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7E09CFE31383FE25E0C800CE1A87AE63067E6CBBC77D2B8C07C0144D657B22"
Last-Modified: Sun, 04 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13620
Expires: Tue, 06 Dec 2022 01:39:16 GMT
Date: Mon, 05 Dec 2022 21:52:16 GMT
Connection: keep-alive

                                        
                                            GET /health/ HTTP/1.1 
Host: 8bffb102cc.2fcac3300c.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         159.69.163.6
HTTP/2 200 OK
                                        
server: nginx/1.18.0
date: Mon, 05 Dec 2022 21:52:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MCwiZXh0Ijp7InRhZ19hYiI6ImQiLCJtdWx0aSI6ZmFsc2UsInVzZXJfa2V5d29yZHMiOiIiLCJpZCI6MTY5NSwic3BhY2VpZCI6MTY5NSwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6Im0tb3JhLXp6aWElMjAiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIxOTExMTk4NDA0IiwicmVmcmVzaCI6MSwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6NDMzNjgsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjAsInN0cmF0YWdlbSI6Im5sYWJlbC1iIiwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozOTcyLCJidHlwZSI6MH0sImJhbm5lciI6eyJ3IjoxLCJoIjoxfX1dLCJzaXRlIjp7ImlkIjoiNDMzNjgiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHA6Ly9tLW9yYS16emlhLnJ1LyJ9LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiI5ZTQ5NDdmMzU3NTE0NjU0MTFmZDFhNGY1YzM1OGM3OCIsImZwIjpudWxsfSwiZXh0Ijp7ImR0IjoxNjcwMjc3MTMzMzc0fX0= HTTP/1.1 
Host: 8bffb102cc.2fcac3300c.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         159.69.163.6
HTTP/2 302 Found
                                        
server: nginx/1.18.0
date: Mon, 05 Dec 2022 21:52:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://rtbrennab.com/banner/in/show/?mid=5034290414824889506&pid=0&site=43368&sc=NO&usage_type=DCH&subid=1911198404&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=m-ora-zzia.ru&hostname=auc-banner-hz-9&site_id=0&spot_id=43368&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=17&ml=&tag_ab=d&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D43368%26source%3D1911198404%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D43368%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3Dm-ora-zzia%2520%26spot_id%3D43368%26p%3Dhttp%253A%252F%252Fm-ora-zzia.ru%252F%26katds_labels%3D%26btype%3D0%26score%3D17%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=m-ora-zzia%20&stratagem=nlabel-b&ssp=3972
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08489377FF120C7A6F7C7F904262DD0E628A470E4501801BD534E2F6C778521C"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11262
Expires: Tue, 06 Dec 2022 00:59:58 GMT
Date: Mon, 05 Dec 2022 21:52:16 GMT
Connection: keep-alive

                                        
                                            GET /banner/in/show/?mid=5034290414824889506&pid=0&site=43368&sc=NO&usage_type=DCH&subid=1911198404&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=m-ora-zzia.ru&hostname=auc-banner-hz-9&site_id=0&spot_id=43368&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB25&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=17&ml=&tag_ab=d&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D43368%26source%3D1911198404%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D43368%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3Dm-ora-zzia%2520%26spot_id%3D43368%26p%3Dhttp%253A%252F%252Fm-ora-zzia.ru%252F%26katds_labels%3D%26btype%3D0%26score%3D17%26bf%3D0.0001&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=m-ora-zzia%20&stratagem=nlabel-b&ssp=3972 HTTP/1.1 
Host: rtbrennab.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://m-ora-zzia.ru/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.55.139.130
HTTP/2 302 Found
                                        
server: nginx/1.16.0
date: Mon, 05 Dec 2022 21:52:16 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=43368&source=1911198404&idzone=0&w=1&h=1&mo=&ve=&site_id=43368&utm1=&utm2=&utm3=&utm4=&ad_tags=m-ora-zzia%20&spot_id=43368&p=http%3A%2F%2Fm-ora-zzia.ru%2F&katds_labels=&btype=0&score=17&bf=0.0001
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0C2DB4DB221FF45D4D7FDD2A192EB762C1232F78F13C9F88F548C452EA9CD105"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3283
Expires: Mon, 05 Dec 2022 22:46:59 GMT
Date: Mon, 05 Dec 2022 21:52:16 GMT
Connection: keep-alive

                                        
                                            GET /in/912/?sid=43368&source=1911198404&idzone=0&w=1&h=1&mo=&ve=&site_id=43368&utm1=&utm2=&utm3=&utm4=&ad_tags=m-ora-zzia%20&spot_id=43368&p=http%3A%2F%2Fm-ora-zzia.ru%2F&katds_labels=&btype=0&score=17&bf=0.0001 HTTP/1.1 
Host: btds.zog.link
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://m-ora-zzia.ru/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         109.206.176.75
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.20.1
date: Mon, 05 Dec 2022 21:52:17 GMT
content-length: 0
location: https://cdn.1vag.com/1x1.png
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: *
set-cookie: 912.0=1; expires=Tue, 06 Dec 2022 21:52:17 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1E14235861231DDC6A99D6EAE254DFB94C5B936F8978BE38C53A3DB0C608B8A4"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11061
Expires: Tue, 06 Dec 2022 00:56:37 GMT
Date: Mon, 05 Dec 2022 21:52:16 GMT
Connection: keep-alive

                                        
                                            GET /1x1.png HTTP/1.1 
Host: cdn.1vag.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://m-ora-zzia.ru/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         45.133.44.24
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 05 Dec 2022 21:52:16 GMT
content-length: 68
server: nginx/1.20.1
last-modified: Wed, 15 Apr 2020 13:30:15 GMT
etag: "5e970c67-44"
cache-control: max-age=3600
x-request-id: 28eea0836f6cd5562d41ccabe8fa4a5b
expires: Mon, 05 Dec 2022 22:52:16 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    91e42db1c66c0b276abf6234dc50b2eb
Sha1:   c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
Sha256: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
                                        
                                            GET /064e23e06c2654488b2a97447608c965.js HTTP/1.1 
Host: 0fc7a1648c.a533857c63.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://m-ora-zzia.ru
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:11 GMT
server: nginx/1.18.0
last-modified: Wed, 30 Nov 2022 13:10:49 GMT
etag: W/"63875659-17718"
content-encoding: gzip
expires: Mon, 05 Dec 2022 21:57:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /banner-admanager/build.m.js HTTP/1.1 
Host: js.cabnnr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://m-ora-zzia.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.24
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 05 Dec 2022 21:52:12 GMT
server: nginx/1.18.0
last-modified: Wed, 30 Nov 2022 14:18:35 GMT
etag: W/"6387663b-d063"
content-encoding: gzip
expires: Mon, 05 Dec 2022 21:57:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---