r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11203
Expires: Sat, 04 Feb 2023 16:30:28 GMT
Date: Sat, 04 Feb 2023 13:23:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14421
Expires: Sat, 04 Feb 2023 17:24:06 GMT
Date: Sat, 04 Feb 2023 13:23:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2630
Expires: Sat, 04 Feb 2023 14:07:35 GMT
Date: Sat, 04 Feb 2023 13:23:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 12:43:38 GMT
content-type: application/json
age: 2407
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: QXX/WcX/aEsaI193Z8dkjZ0aVvlxSGDcobgjrs0toKOFv/ch4nyhJOf7/TTR83eDKHEP5xQfU6U=
x-amz-request-id: G7MQW7TFZ8QRZNA0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 12:52:50 GMT
age: 1855
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 13:23:45 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
hartsece.tk/ru/lukoil-bonus/
104.21.25.182200 OK 3.7 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/
IP 104.21.25.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (302)
Hash 98a823e7d88b061026dc19832bf65f78
634670f91d92cf9f17574fb2a3869f0313b1306e
62ca7f6eaef7a52449f5cc31d9e267ac897eb238c5723d5fde892ab00b1eaec5
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/ HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cbAV0K1gc6KtFNpaA6obbbJJWkMtoYnXXh1xNEjQp7hnmK95PLp4sXV4SCbbfngDAlqKuOQbceDaHv66EP69DzYxdufaiRr%2FANB%2FaZ7dAVGP7BTMzkDN3dwEbkCpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7943b8fd0e2fb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/js/jquery.mask.min.js
104.21.25.182200 OK 3.1 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/js/jquery.mask.min.js
IP 104.21.25.182:0
File type ASCII text, with very long lines (526)
Hash 445f55b06dc35829f9b61ea8202e4e83
69c7f7f2e7dbd910cd90ed4b24586845c5d900f4
b1cc691b4b01170a047f39ae8a8aa51ece690592266a4c51aba755f47a78806d
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/js/jquery.mask.min.js HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-1cfc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V8Qf0PzqiPEcIn%2FO0vy4YswmxDs6kYJw4MHF3aG13P3Ka6e2raOhpjmShn3j1flKPu3YnBKYlunO9mh5EGB%2FfqhHr2gifZOmImnclqBc3uhDkGKPe9cNsi7GOXm01w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b900398e1c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 12:49:07 GMT
age: 2078
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
hartsece.tk/ru/lukoil-bonus/static/js/main.js
104.21.25.182200 OK 3.2 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/js/main.js
IP 104.21.25.182:0
File type Unicode text, UTF-8 text, with very long lines (310)
Hash 7ba9a41872393c61dde9f67902c81827
e0bae6707a6a87376d29ee0aa873148ea01cf816
02b173a5ba8f9ebe13a9cab9a34f549451d37b22dd5a882b7210ca7e5f36f710
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/js/main.js HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:46 GMT
ETag: W/"5ee2444e-2923"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SCgCEcyAcSR2NsZ9VDKwBQUVTp%2B1LXdizNRIao08C5oQcYBdeVjaGM5DFHV9LClQUjCTXzj7%2F4IUHVg%2BVddUBAjqOXv6sm11O1D6u2A6nZiCsCFr4mhnSmL3WcDZw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9003cd2b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/css/main.css
104.21.25.182200 OK 5.1 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/css/main.css
IP 104.21.25.182:0
Hash fa7bc4728d98ea486e50af2f36e8452d
01b7ff46af6632e88c5c1fc698cf0dbdfcaf4257
de99e085b7779bde912ac1a5eef0d70d6488a9973c45291d40ce7f8d212895e0
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/css/main.css HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:42 GMT
ETag: W/"5ee2444a-741c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SnqweYCN9yA7V1k0rLH7gmhvOFTZ9aSYPfr3qPVEXGOf%2BoebRkUdeObQ4kVIw1vosxMDkMLzCuZo6ZCoz2psQLCAqAHmVvkmambSEbs4etbrlZE%2FmZZJRr%2BJpg5Usw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b8fff9e9b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/js/comments.js
104.21.25.182200 OK 5.0 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/js/comments.js
IP 104.21.25.182:0
Hash eaacac81ff90cd124dd9c534942095a2
7f1ec6acd99ff35dc1d34c35fbd5c0e214789168
29a42f5b14c30bbc85b5ad2fbef0710464cdae60f2ce26cc256b22a0a0bad3e5
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/js/comments.js HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-46eb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFPaBLQBjkBY%2FAhro%2BhLybEAzIZRROcUsywwJFAN4xp27KXYg3Lo%2F71CE8fvdj0tr5yHNFVfKYQjMxj8vDru8We8Iz0k7N6lot4KXfGb3u%2Fxu9xjjZJHvwkQPQgxxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90039d8b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/js/jquery.js
104.21.25.182200 OK 31 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/js/jquery.js
IP 104.21.25.182:0
File type ASCII text, with very long lines (65451)
Hash 176e4a2e6e7128bda339fb357f1ff5a9
bfccc14b2f09fd6e743ad7342f075969d284d665
ff9ca68f99f59799e93c455b61602f7e977f260dca389bc1c9b03740872504b2
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/js/jquery.js HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:45 GMT
ETag: W/"5ee2444d-15d83"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzO6of4EGyRBMjmqyWFO6TpVObRQ3sdmBbt9kfnUGiQT%2Bz0YMnWAo8zJrG3qjJp0zKFeShQhumcqyOo90C6fPta4uqUWUbdW0wa7Ib0IHfQ9oNbWnIXh%2BKnRoafDRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9003e51b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4867
Expires: Sat, 04 Feb 2023 14:44:52 GMT
Date: Sat, 04 Feb 2023 13:23:45 GMT
Connection: keep-alive
push.services.mozilla.com/
52.41.91.37101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.91.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3SXO2OAD66btPw3FE8R+lw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Rf06und71E8OZV4u2hgZlRrcypY=
hartsece.tk/ru/lukoil-bonus/static/css/vkcomments.css
104.21.25.182200 OK 131 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/css/vkcomments.css
IP 104.21.25.182:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 131 kB (131183 bytes)
Hash f90f4295b85e74b8bb46406fb52a1f2b
58bab65e276dfb8a309e30a5a35bc85676fd42b1
f6683b9cf0b2d0b8ddabb5e18a14a75d32403088448cda067022984decbfc105
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/css/vkcomments.css HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: W/"5ee2444b-a38bf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Waa3ZW%2Fnd%2FiV0pc7N8MC8ALS1PB7Gkj0FRO9ZXdQJgycc%2FMvq%2FJFpbbVDcj1M7yKKsEyul1GuHqd7Kesszm1oUBvBU1v%2FbgZHvNVzIosqag6ANfSXwCxQT0DvRyyTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b8fffdd2b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/logo.svg
104.21.25.182200 OK 2.3 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/logo.svg
IP 104.21.25.182:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6426), with no line terminators
Hash 1bc699cfcd53aed6ab74f6a398cd9e38
5e137f1726c57a5290eeab7bfee8b854fe0ad081
ba814b16fba33cf64b7e484c5ef714577d6c9f8d7b3e0d2dc4299695ff1df8b7
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/logo.svg HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:46 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:52 GMT
ETag: W/"5ee24454-191a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bG%2BbsstZELajtjYPUEOPPhltLHxwk9VSoz26khilrS5UYFYVJXH2QriRUxQWU%2BBDbBU0bn%2Fnn%2BV%2BaVR%2FfN1uy05J6QCIEGQ9Hc5smUv4ELCw6OJLRUvJwJgx%2BMkJFA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b907397f1c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/painting.png
104.21.25.182200 OK 4.3 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/painting.png
IP 104.21.25.182:0
File type PNG image data, 320 x 155, 8-bit/color RGBA, non-interlaced\012- data
Hash 3fd97535c5002e4dc934ae57d2115f39
53a4558cbcad8b2520c5451a0d323f02b5d84d89
ef37e292af47e1fbc9552b9761b0d6ea25e24ba845b85a85233bde6cc78e04fc
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/painting.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:46 GMT
Content-Type: image/png
Content-Length: 4316
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:52 GMT
ETag: "5ee24454-10dc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PnJzg5SzcbpxPnuLVJIelcstZdG0jHsCsPsirsK4m3sfRTJP1QwZlp9PJ6JP50aakaMm4Ftj%2FsEP5llJmzJY8nzZvnxNAi9DrLD9KsRTf7NNJyhi4MDJbMjSRqJlcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9072da0b4ff-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/director.jpg
104.21.25.182200 OK 37 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/director.jpg
IP 104.21.25.182:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x800, components 3\012- data
Hash 4f7f99d99dffc1c823c97c47299bbb93
aabeb799c4cd5f150339334f8a342299531527fd
66980b944e9be03a6bb2c0eb855884ec6bf5be715b2197dd175f3bd0466918f6
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/director.jpg HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:46 GMT
Content-Type: image/jpeg
Content-Length: 37424
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:51 GMT
ETag: "5ee24453-9230"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fIBZF76s7b4j5yVA8M24xXxI5NSHhaIHro4rTnDNs7%2BUpQ5rGQ02%2FyCu%2F%2B6RJDm8cSDTVkE6Sik4QheAJaCZaTihO4B8l%2BBNe9nVDsHF0fD%2FMmP8b%2FrJ3zaHjTgFvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9072aafb4fa-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/2%D0%BA.png
104.21.25.182200 OK 64 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/2%D0%BA.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e5af04ae4966933dd88c34cecfaf38b
3b5196a7d1e3505b855fdd45dfc2d3374330ff19
229ba5846487869aff656213d1c19f1113cd8852232e11f21e50934e84b03f5d
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/2%D0%BA.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 63827
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:50 GMT
ETag: "5ee24452-f953"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcpL8ty5POkEjACzk3W3c5uRk8HwVhxMVJgZsA7sq5pqwUFKaJROVgcZYCAhxbTva0oMaBzD%2BYw2ATWnINhfBQuxpC7mRfj9%2B6x%2F33nyNWP21NY9Sf9Ri7BeuXi8%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9073a76b523-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/100k.png
104.21.25.182200 OK 57 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/100k.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 0344c5b5151db350f46132bfb9bc89e2
f3f9207dae4f58ff146a163cdd891372799f6c70
41b3f25b8f480198fee4e3e7bd665a42388fbb54097082466bd64a5a7f71ef0a
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/100k.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 57122
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:47:25 GMT
ETag: "61e5817d-df22"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P29I9Bg6IloxIQsnQpNFsCtMn67zy6Kj4OiMUxcI2GkGmV7PV%2F2OV3fyr029PvIXKVq2HCKRKBFYeAy8y4yj6QLwNLQQe8Z%2FouO2QAdWqe8NiRnPWlU90Bclx6MP9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9073cafb50f-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/5%D0%BA.png
104.21.25.182200 OK 50 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/5%D0%BA.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash c24c7f669d72f5c83ee0141dfa8a2988
ae691dd4a522b34a3e70a2465cf8c8022c76bf12
d58da59f15f047e0f2fceab0a440fb2a336e5bfe56d9aadc6df37eba0eda65b9
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/5%D0%BA.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 49766
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:51 GMT
ETag: "5ee24453-c266"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4lq%2FIYkGohe5wAVmkCSVWhmfdax16np82lTmLXt%2FCTmdAbZ6VW%2FOf04UFMOP27SB1XTa4qQKAtMwZzPhLY8ryjpXq6NMoCHUcVL89RJCkUoiRaLfdUbp1T2nE8i1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b9073f73b505-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/fonts/Geometria.woff
104.21.25.182200 OK 47 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/fonts/Geometria.woff
IP 104.21.25.182:0
File type Web Open Font Format, TrueType, length 46804, version 0.0\012- data
Hash 5b3095d4d47c44c339c00087e66242d8
4ca09b9930baa2c347992995887d06fe2971efa0
c7714c82617471d1fd838299c9a428b77a1be6189dea1d0fcd5e9c09e4989e05
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/fonts/Geometria.woff HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: application/font-woff
Content-Length: 46804
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-b6d4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIblpnwKwjE9qBChvybiD7cYh828nkXgQogKiahQu%2F8ZxyR4tFzibvmAzl6nq4a7vqFwX1XK27A%2BHQfkWlOb5P%2Bl%2FtV0TNaDAYcarr7ysQc6z3%2FfeHF%2BYomnNwATWw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b908caf01c12-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5658
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 13:23:47 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5658
Expires: Sat, 04 Feb 2023 14:58:05 GMT
Date: Sat, 04 Feb 2023 13:23:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aKr85ooofBPeKkeJIDO5W_X5Rn6xnJlRHmVrs8tgBMYe3HQhobsm3w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:56:07 GMT
age: 55660
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 06:20:04 GMT
age: 25423
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:44 GMT
age: 55083
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:59:51 GMT
age: 55436
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28099f5ad8a27e5a49a0d1c842486329
d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd
1d798d35ceae594d86fa43aa0ef47b962c52bb1557e17dda9b294bd01f374b3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8352
x-amzn-requestid: 80032cef-14cd-4f56-9830-8c74891ed00f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEqQFDJIAMFspQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8174-6d3310287fc74bb27e9b038a;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: byr2TaC2xnnUl56r2iGKZI0o8Ctsv0iy42h_F7-ezKpEijaH9rr5EQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:53 GMT
etag: "d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd"
content-type: image/jpeg
age: 54654
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:00:26 GMT
age: 55401
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hartsece.tk/ru/lukoil-bonus/static/img/icons/comments_widget.png
104.21.25.182404 Not Found 116 B URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/icons/comments_widget.png
IP 104.21.25.182:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/icons/comments_widget.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/static/css/vkcomments.css
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 404 Not Found
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2%2B8bCp6vCf7XeGEuQgbO2Doj%2FGRfw7Zz5LfLxGWQhpMTKWaoKqfMw16g7Dkv4msxYDocJEB7iKMAZx8PrU0WTwTy%2BpIwD38TeA%2FS%2FwGUfTcIhcQKijOpKQIpLWlMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90b69cdb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/fonts/Geometria-Medium.woff
104.21.25.182200 OK 47 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/fonts/Geometria-Medium.woff
IP 104.21.25.182:0
File type Web Open Font Format, TrueType, length 46808, version 0.0\012- data
Hash 31d95d36b9e3eb840c57f2f6caf058e6
a4555b76265cbbeb508aa6077279ad9b8b1d52c5
10a12049c7884bc104e4897672142d76d49a77ab7dc753ede70a4a013caf06ce
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/fonts/Geometria-Medium.woff HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: application/font-woff
Content-Length: 46808
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:42 GMT
ETag: "5ee2444a-b6d8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYuNXEloYBP9n7ScT4BTmuftQZV0L8I4rCwleVtAmpL4Kly1N2hFba3pb10wkbZw%2FwbdWIlDsEc48m3RRM7yluF30CG7bAvF76evS%2B8GJQIzZ97jiCi2zm4scUEDWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90998acb4ff-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/15%D0%BA.png
104.21.25.182200 OK 50 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/15%D0%BA.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 8773951656256870922a613db1449769
9e51802ef85316fe7bd1e409ff9e45bd62210abe
649f8f1bb97bba3d2d53f3d7abb5d4efecbaba2ea2ae5a4e5afa73650dc4ff1a
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/15%D0%BA.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 50080
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c3a0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qZRnlDRRi84G0nF%2B7%2BAB5QuC5bOb%2BXDlqkAKas7d8kuddYCkgQMXbdTK%2FzxIzI18VeCGotN4BeSPm9kVchFfZJ2Kcg3KWM4ieLVvgkGNim1R01I7IG4Ci6w7zfjpHA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90b8d4bb505-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/fonts/Roboto-Light.woff
104.21.25.182200 OK 281 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/fonts/Roboto-Light.woff
IP 104.21.25.182:0
File type Web Open Font Format, TrueType, length 280972, version 0.0\012- data
Size 281 kB (280972 bytes)
Hash a79ff836df2a73abf2dacb1f1af2d225
2fa057b66d36d990a9e913af36af44f0f78dec04
527e57c2b8c55a00804198df15551bea4ce6a54773c70ce1071cbfdbbf38ce9c
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/fonts/Roboto-Light.woff HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: application/font-woff
Content-Length: 280972
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-4498c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wImHYouj3P0w2eNNIu%2BSD3TrljmCkReVYzUx0wy5o3xlu7l0a%2FcnsB%2FK13f%2F9EISYGjIueUDB1%2FmL6N3T9Dk1zv9OW7FRY7rxzEnxHpzWYF3IW1p6%2BPxUNwGhhFlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b909addab4fa-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/10%D0%BA.png
104.21.25.182200 OK 50 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/10%D0%BA.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash 133cf4c0a3d0e95deb167063be5ee6bd
9fd501826e0d13afc31fba12d4d95c37ce6f5394
3e58a1861befc775173f37d7992600af3cff7b0446b446617d11fa55a02da02e
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/10%D0%BA.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 50171
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c3fb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=icLWnosOsqEBgI%2BQk9lCV%2BDQNbtE7ZJYWRrqMEUonTpuAMgUCZEAgHzRaveuFgp3S3fBaoRglzN0l4pbN%2FHADcCdCPMZdvfm5NniXFfJDW2ZyRpRvHj1PoxgkjRdYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90c1e461c12-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/20%D0%BA.png
104.21.25.182200 OK 50 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/20%D0%BA.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash ce44b4c4e1f44c417eec386d5f666832
7e89ae9c967ddb8dcce2156a1a13f03417e41039
7e17068d45622b294f8d5347d45fec203de5600b1bf193e55e374309ae2c224c
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/20%D0%BA.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: image/png
Content-Length: 50374
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:49 GMT
ETag: "5ee24451-c4c6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zT6D7PnHduTq4Hym2g2c3it4D%2FxSiC9b%2BBnWmybrM92EFZNtWJsetCppw4EDB%2FqqKkivjcJirl%2B1fLnLcKNolV8iYNUxu14aYYoQkQt2O%2FVBikcO3Ix6ONvE3yPXXA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90d0bffb50f-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/fonts/Roboto-Regular.woff
104.21.25.182200 OK 280 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/fonts/Roboto-Regular.woff
IP 104.21.25.182:0
File type Web Open Font Format, TrueType, length 280060, version 0.0\012- data
Size 280 kB (280060 bytes)
Hash 8c9e2179f46b280d31ee9422ce0e41e2
3a04db5ed2137206c5868cf94ccbe0cba4ae280f
4e88cc5d3ac1f10bfe52ba2325b1c1645e11406e17707931723d3ecdba2770d0
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/fonts/Roboto-Regular.woff HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/static/css/main.css
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:47 GMT
Content-Type: application/font-woff
Content-Length: 280060
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:43 GMT
ETag: "5ee2444b-445fc"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0v8ojNbChGjgZEYwrYEjr%2B%2B8RKeW%2FHfIHWX7G7Jdjhs7uSatosev%2BPAO0Cdk1N7dyuyARYh3lzEJMy53FeiCLVjkhkZtIgkh7nXXCdTqcLuIV4dcLdvvdv%2FJx8Uqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90b5fd0b523-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/50k.png
104.21.25.182200 OK 56 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/50k.png
IP 104.21.25.182:0
File type PNG image data, 660 x 494, 8-bit/color RGBA, non-interlaced\012- data
Hash dcc9115751c361774789ffed79f976ea
7b9d51e86866828416514305bcb3ef5ea3bd4807
c0857d340d04f5680fd194f219ef1e884e18e19e4088576859f63aad7685c2b8
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/50k.png HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: image/png
Content-Length: 56309
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:47:25 GMT
ETag: "61e5817d-dbf5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6geSjcOJi6IC0jQ%2F7smqb2h%2BG3wLT%2FRl6sTip6s3Z97OvdxjrvoclPuPegF6B6eRPFhVfTmMs%2FY8mQfY%2FfT%2BsjhioccAN5lSvaQdX%2FazGwk1TUhZWeBraEfMOVs4mw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90dfd9eb4ff-OSL
alt-svc: h2=":443"; ma=60
hartsece.tk/ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg
104.21.25.182200 OK 86 kB URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg
IP 104.21.25.182:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x600, components 3\012- data
Hash b5c86abfa9b5af374c33da0dcf54f48b
9df1cef8a70ef4ec3460c5e045656ef906a3230d
487cc4a122e61dabf22febb1b3dee18d2ef24bd566c0804e7831ca5ee7411a60
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/static/img/general/photo_2019-07-31_19-27-54.jpg HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: image/jpeg
Content-Length: 86365
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:53 GMT
ETag: "5ee24455-1515d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SssUfyCeeVxTxvW8VOjA1LWmQ9nJVKTI8NGaC1y6AHf8ouLsHfsWrS0ayYtFqMmWDDZszclmQkUbevmtsIoCEqerbIiYRZJknDSnook%2BK%2BZTmlTw7xEKOFMGlO0FCA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b90eea2fb505-OSL
alt-svc: h2=":443"; ma=60
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 24598f690677a4aa7ac890b3a6faccbd
1d62b448cc922b7a19499ecb0eaeb65ad035a4ba
69e7a8646294360fa2c998d32f4f5602c55ca5c3815bf8ef79830c1a1f4dbcbc
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:40:39 GMT
ETag: "1d62b448cc922b7a19499ecb0eaeb65ad035a4ba"
Last-Modified: Sat, 04 Feb 2023 10:40:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1245
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912c9ceb4e8-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash f1a9c2888a01391311a82b965819e1bf
f8f08d143ac563e1b4e914f65f3a36ecfd184f45
c410c1d1cb78753c8138b9e7d7c2a64cd485e4cdc29d537c876dbcf346f5a7c8
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:17:34 GMT
ETag: "f8f08d143ac563e1b4e914f65f3a36ecfd184f45"
Last-Modified: Sat, 04 Feb 2023 11:17:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 405
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912ce0eb4f1-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash f1a9c2888a01391311a82b965819e1bf
f8f08d143ac563e1b4e914f65f3a36ecfd184f45
c410c1d1cb78753c8138b9e7d7c2a64cd485e4cdc29d537c876dbcf346f5a7c8
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:17:34 GMT
ETag: "f8f08d143ac563e1b4e914f65f3a36ecfd184f45"
Last-Modified: Sat, 04 Feb 2023 11:17:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 405
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912e9fab4e8-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash f1a9c2888a01391311a82b965819e1bf
f8f08d143ac563e1b4e914f65f3a36ecfd184f45
c410c1d1cb78753c8138b9e7d7c2a64cd485e4cdc29d537c876dbcf346f5a7c8
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:17:34 GMT
ETag: "f8f08d143ac563e1b4e914f65f3a36ecfd184f45"
Last-Modified: Sat, 04 Feb 2023 11:17:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 405
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912ee3eb4f1-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 8e868304b05ca1b51006a110fd67f3e4
0d12086cc44e7e3c7d7455db968f5e9285a227f4
297609313860e3608054b27e8b3ef44b10f271e6b083cd4a8cff0fd6bdeefd01
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:43:38 GMT
ETag: "0d12086cc44e7e3c7d7455db968f5e9285a227f4"
Last-Modified: Sat, 04 Feb 2023 10:43:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 954
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912fb090b3d-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash f1a9c2888a01391311a82b965819e1bf
f8f08d143ac563e1b4e914f65f3a36ecfd184f45
c410c1d1cb78753c8138b9e7d7c2a64cd485e4cdc29d537c876dbcf346f5a7c8
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:17:34 GMT
ETag: "f8f08d143ac563e1b4e914f65f3a36ecfd184f45"
Last-Modified: Sat, 04 Feb 2023 11:17:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 405
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912fa06b4e8-OSL
pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
93.186.225.200200 OK 15 kB URL HTTP/2 pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash a1b59f5e54d60317ea93b3de097f8ce8
33f46ab01057d234394f596c2b4d36ac3a87fff2
3349224fa7553bb09ea418bd74e6b18818745a0368fe8329f8c0f7cff12a546f
GET /c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 14808
last-modified: Wed, 29 May 2019 14:46:14 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
vk.com/images/camera_200.png?ava=1
87.240.132.78200 OK 23 kB URL HTTP/2 vk.com/images/camera_200.png?ava=1
IP 87.240.132.78:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 668f92e936e6c426400802fee4c711b9
83633a67b6758108d80a6f5ba67e49f8b12612bc
8efa03b9ff85c5e4e945f9bb66a8e576e9f57c66c5b404db35faab279a831d3b
GET /images/camera_200.png?ava=1 HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/png
content-length: 22867
last-modified: Tue, 22 Sep 2020 20:29:55 GMT
etag: "5f6a5ec3-5953"
expires: Sat, 11 Feb 2023 13:23:48 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
87.240.185.133200 OK 14 kB URL HTTP/2 sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
IP 87.240.185.133:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 3b7fa24f279e0a47c943a7aca5c41cc4
0e6f4707aba4ba42fd8a68f149c0441f27b3bfaa
72bfc9e56b1e290b558f541396eeda03815631f82253f90f383e5a7236934354
GET /c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1 HTTP/1.1
Host: sun9-6.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 14329
last-modified: Sat, 11 May 2019 06:25:15 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front221105
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
93.186.225.200200 OK 14 kB URL HTTP/2 pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1bbad063352babac3c093caef46d0acb
ed979e7de80945168a2d6dee7a5b0a492a072cc3
f1b5015d82543eb44542f5aae5548ae2c7518327a54a512a63c0d59e81795c60
GET /c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 13522
last-modified: Thu, 27 Jul 2017 16:47:28 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
93.186.225.200200 OK 15 kB URL HTTP/2 pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 949417782b02a00b5990df62f1c322ac
2c2ac16826ff6d2519c00f6b2920d2e042350b71
417db116bed44730a91bbe80021e53a3401c5cc340747a95a2c86669613e09c1
GET /c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 14611
last-modified: Wed, 27 Dec 2017 19:17:47 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
sun1-22.userapi.com/c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1
95.142.204.158200 OK 7.4 kB URL HTTP/2 sun1-22.userapi.com/c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1
IP 95.142.204.158:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x203, components 3\012- data
Hash 53b0bc3cbe86d132813f4861aeff4250
3294f07bc5a0b61e8ade26570beb04d8b0373def
f18eac8de3f61e1e0e98ab552b102700e9d3c54702af482f3744e5878f9beb8f
GET /c837430/v837430190/67343/PpkX3-pMqI8.jpg?ava=1 HTTP/1.1
Host: sun1-22.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 7421
last-modified: Fri, 20 Oct 2017 09:39:54 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front1-22
access-control-expose-headers: X-Frontend
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
strict-transport-security: max-age=15768000
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 113ed1e12d267373bc7165dd43d2874d
7dc6259b31d87844e981a833079107d445b04b4f
4d215980822d00eac540b144287d4963223a2201c46008c66a96e3ab0b44d057
GET /c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 12349
last-modified: Sat, 01 Jun 2019 19:40:37 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 1815c13ed392857117402e56e70f1d97
9d11a2402e7926f56990ea4f6558b9ae1428f340
0a5cb0fad7b61743ef8b711e895200b595cf1b41238496fdf9546353ceef5e9f
GET /c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 11715
last-modified: Sun, 02 Oct 2016 20:26:26 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 976b15da33325e29e007d9996038da7c
61bce622bcb57879e004de2fa343f7fff845975f
89ec193043e9035a98baeabb6dd61afa33d873de137d21999ac8eee17f1c70a3
GET /c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 11743
last-modified: Fri, 12 Jan 2018 22:35:08 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
93.186.225.200200 OK 8.5 kB URL HTTP/2 pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1217e77273c853b49988d5364b8a7a84
5ddc05ded07117b9d909d97880fdeecf9cdbd9f2
767da781fe013e58e40389c1e0c9f970af5c672fb545a82d77d0c2683a551032
GET /c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 8490
last-modified: Thu, 18 Aug 2016 08:08:53 GMT
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x186, components 3\012- data
Hash 5450f9f80f22a7352976aad7c436f583
26660fd9bc123e7e2d3561f3e8d119b18bee2714
280013fdd7d8d8b4a95505d558b625722e40c6fad6558dd2dbd7916bd43637b9
GET /c5120/u98913860/a_3c510fcd.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 11494
last-modified: Thu, 26 May 2011 18:37:59 GMT
etag: "4dde9e07-2ce6"
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
93.186.225.200200 OK 18 kB URL HTTP/2 pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x219, components 3\012- data
Hash a063df385c6d1177dab1657d104f2411
0b8222b5f44e8c3c253b801b55b180f74267e941
2145ae275b07f71a0b53223d057a11d136ca6eab0b96183060f1e95b559791a6
GET /c10506/u144023376/a_2502ec1c.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 17760
last-modified: Wed, 17 Aug 2011 04:15:08 GMT
etag: "4e4b404c-4560"
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
93.186.225.200200 OK 34 kB URL HTTP/2 pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x204, components 3\012- data
Hash 7c478721c3954aea3f2e7768e531cdb8
33bf54954988dadefb78dfbc0babcf2cfea5823a
e77075f0caef49dde7dd910e0da41c91ef912c77cd81d320afd65646993a29d2
GET /1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 33498
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: eb3451e4-1fad-4096-abb6-8005b18447be
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
93.186.225.200200 OK 1.9 kB URL HTTP/2 pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 862fc22714936eb5dea3faa36eaa9d88
c413a006ea2e569b2d4b1a05c7d00ff2b5083697
43943e557e935a8f6dfa1cb1c9f4607e49311f0a024846eefa8864269e58d38c
GET /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hartsece.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 1914
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 1c951e9d-1820-481c-971b-209b57ac6f00
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
93.186.225.200200 OK 22 kB URL HTTP/2 pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 4e46f637447bd6219dc602f1db24255a
b194602511439b2facc826f29971d2e42d5bcf4f
928f88a8a11b1fec7b2dd29727263e8ca4ac00b5bb0ccf5fe6b2d3be881caab9
GET /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hartsece.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 21798
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 8f006739-ab53-4d91-9366-2721da937c5a
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
93.186.225.200200 OK 16 kB URL HTTP/2 pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 4915x4915, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 55727fdc3464d4b2d6affa98f542aaae
d5ff2a848113ebd076545c277f66bea3b074ba9b
70a04afd372efe1e12a90b48befa2d7dacca831ae49d6f9f10c33e05a38a4f0b
GET /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hartsece.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
content-length: 16149
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 5bc81301-940a-4ec2-8750-fd74388065af
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
hartsece.tk/ru/lukoil-bonus/favicon.ico
104.21.25.182200 OK 636 B URL HTTP/1.1 hartsece.tk/ru/lukoil-bonus/favicon.ico
IP 104.21.25.182:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ecb1161d0f9a6c9e6982b9ecc08b62d8
502c72d3d74f3e612be51dd80bf3229dde0d62a1
e6cfbe2530dbab14115350dbcc4965e66603fd9f2fb69c88ba9634fb466fcb2a
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /ru/lukoil-bonus/favicon.ico HTTP/1.1
Host: hartsece.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hartsece.tk/ru/lukoil-bonus/
Cookie: timer=161341; PHPSESSID=ag4854u22q5g949h5gducapdm9
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 13:23:48 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:40 GMT
ETag: W/"5ee24448-47e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEM%2FfZO%2BaTF7WmrOKlUfGNjsqZn%2FY68ihmazZS0UQjPmv2lyGukq9j8pZmsTvDvhFegOQ%2FZ3ctWulNjabVvr%2F4Xycd9riwqLL6JUViIkT7WazWLp5CT%2BSVkIrxpaiA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943b912e9c1b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
93.186.225.200301 Moved Permanently 20 kB URL HTTP/2 pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 90618bc3c059d98bf468367dd5548878
9ada5e3becdcd7d50bbf91fea7c9995b4397b342
a811c857bd6932762e2d7c4c1dabb148aced0eea9887769b0c31ef648535210d
GET /c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 04 Feb 2023 13:23:51 GMT
content-type: image/jpeg
location: /dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg
expires: Mon, 06 Mar 2023 13:23:51 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
IP 93.186.225.200:0
GET /c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
location: /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
IP 93.186.225.200:0
GET /c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
location: /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
IP 93.186.225.200:0
GET /c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hartsece.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 04 Feb 2023 13:23:48 GMT
content-type: image/jpeg
location: /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
expires: Mon, 06 Mar 2023 13:23:48 GMT
cache-control: max-age=2592000
x-frontend: front613325
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2