urlscan.io logo urlscan.io
SecurityTrails logo

1275.ru Open in urlscan Pro
172.67.140.84  Public Scan

Go To Rescan Add Verdict Report
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Submission: On August 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 7 domains to perform 52 HTTP transactions. The main IP is 172.67.140.84, located in United States and belongs to CLOUDFLARENET, US. The main domain is 1275.ru.
TLS certificate: Issued by WE1 on July 15th 2024. Valid for: 3 months.
This is the only time 1275.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 22 172.67.140.84 13335 (CLOUDFLAR...)
4 2a02:6b8:a::a 13238 (YANDEX)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
10 2a02:6b8:20::215 13238 (YANDEX)
4 11 2a02:6b8::1:119 13238 (YANDEX)
2 2a02:6b8::90 13238 (YANDEX)
1 2a02:6b8::184 13238 (YANDEX)
1 2a02:6b8::36 13238 (YANDEX)
1 2a02:6b8::28d 13238 (YANDEX)
1 1 2a02:6b8::487 13238 (YANDEX)
1 2a02:6b8:0:18... 13238 (YANDEX)
52 12
22    172.67.140.84 (United States)

ASN13335 (CLOUDFLARENET, US)
1275.ru
4    2a02:6b8:a::a (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
yandex.ru
1    2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2606:4700:3032::6815:2455 (United States)

ASN13335 (CLOUDFLARENET, US)
waos-soft.ru
10    2a02:6b8:20::215 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
yastatic.net
11    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
mc.yandex.com
2    2a02:6b8::90 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
an.yandex.ru
1    2a02:6b8::184 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
avatars.mds.yandex.net
1    2a02:6b8::36 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
favicon.yandex.net
1    2a02:6b8::28d (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
log.strm.yandex.ru
1    2a02:6b8::487 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
strm.yandex.ru
1    2a02:6b8:0:1807::8 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
strm-ams27.strm.yandex.net
Apex Domain
Subdomains		 Transfer
22 1275.ru
1275.ru
464 KB
12 yandex.ru
yandex.ru — Cisco Umbrella Rank: 1074
mc.yandex.ru — Cisco Umbrella Rank: 2503
an.yandex.ru — Cisco Umbrella Rank: 5379
log.strm.yandex.ru — Cisco Umbrella Rank: 14156
strm.yandex.ru — Cisco Umbrella Rank: 12520
189 KB
10 yastatic.net
yastatic.net — Cisco Umbrella Rank: 4613
409 KB
7 yandex.com
mc.yandex.com — Cisco Umbrella Rank: 6787
4 KB
3 yandex.net
avatars.mds.yandex.net — Cisco Umbrella Rank: 5396
favicon.yandex.net — Cisco Umbrella Rank: 6790
strm-ams27.strm.yandex.net
104 KB
2 waos-soft.ru
waos-soft.ru
23 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1223
7 KB
52 7
Domain Requested by
22 1275.ru 1 redirects 1275.ru
static.cloudflareinsights.com
10 yastatic.net yandex.ru
yastatic.net
7 mc.yandex.com 2 redirects 1275.ru
mc.yandex.ru
4 mc.yandex.ru 2 redirects yandex.ru
1275.ru
4 yandex.ru 1275.ru
yandex.ru
2 an.yandex.ru yandex.ru
2 waos-soft.ru 1275.ru
waos-soft.ru
1 strm-ams27.strm.yandex.net 1275.ru
1 strm.yandex.ru 1 redirects
1 log.strm.yandex.ru yastatic.net
1 favicon.yandex.net 1275.ru
1 avatars.mds.yandex.net 1275.ru
1 static.cloudflareinsights.com 1275.ru
52 13

This site contains links to these domains. Also see Links.

Domain
g-soft.info
Subject Issuer Validity Valid
1275.ru
WE1		 2024-07-15 -
2024-10-13		 3 months crt.sh
*.xn--d1acpjx3f.xn--p1ai
GlobalSign ECC OV SSL CA 2018		 2024-07-12 -
2025-01-09		 6 months crt.sh
cloudflareinsights.com
WE1		 2024-07-06 -
2024-10-04		 3 months crt.sh
waos-soft.ru
WE1		 2024-07-04 -
2024-10-02		 3 months crt.sh
*.yastatic-net.ru
GlobalSign ECC OV SSL CA 2018		 2024-07-09 -
2025-02-08		 7 months crt.sh
mc.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2024-05-23 -
2024-11-02		 5 months crt.sh
bs.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2024-03-11 -
2024-09-09		 6 months crt.sh
*.avatars.mds.yandex.net
GlobalSign RSA OV SSL CA 2018		 2024-03-20 -
2024-10-20		 7 months crt.sh
favicon.yandex.net
GlobalSign ECC OV SSL CA 2018		 2024-07-23 -
2024-12-22		 5 months crt.sh
log.strm.yandex.ru
GlobalSign RSA OV SSL CA 2018		 2024-06-16 -
2024-11-13		 5 months crt.sh

This page contains 4 frames:

Primary Page: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Frame ID: E2027E2BCEA7D2C9C4DDDBCF0000B69B
Requests: 56 HTTP requests in this frame

Frame: https://1275.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js
Frame ID: B807AA5539DF833E580E2C7E4DD1D2B8
Requests: 2 HTTP requests in this frame

Frame: https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
Frame ID: 00836FD7260B8D5F4C7023F95CE3C35A
Requests: 1 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: 98D8C017A62940923CE62515A42300C9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

RedTail Cryptominer IOCs - Part 2 - SEC-1275-1

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • https?://an\.yandex\.ru/
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

52
Requests

88 %
HTTPS

92 %
IPv6

7
Domains

13
Subdomains

12
IPs

2
Countries

1196 kB
Transfer

3645 kB
Size

56
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27
  • https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://1275.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js
Request Chain 49
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10465.ntCc_Gcq8Y15iZN2JOCOXsC_s_1C2tt7IvO5UlOa0xig_AeZmR4xbt8K3JP1MPH4.pWMx7gIP8NILojPWsBF-U_wwBmo%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=10465.eMlZ9z9741djiY-kvwBRVvClONBKtlU_QlKW_SLcnugUeL2FDcUtmRWsrHxAYx7fC6i0jTvmfPj8OTAmJibYEWAkrJ5dhCqleeX3IrLoViHGMIk1u_hJygQibT0m3_lsaI25gyHorcfmgtodDhP76lYvIxmlyGCd_SbbYKz8__u4hrH7cuxjNak8188o36BnSLErzhCYgj2hLagv8uddoYxa3RBxXUKuewCnmrstdB4%2C.ya8iadb4Ed79I9Anyh5iwtYmKxY%2C
Request Chain 51
  • https://mc.yandex.ru/watch/39370120?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715 HTTP 302
  • https://mc.yandex.ru/watch/39370120/1?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715
Request Chain 53
  • https://strm.yandex.ru/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715 HTTP 302
  • https://strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715&noredir=1&lid=289
Request Chain 54
  • https://mc.yandex.com/watch/1788970?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A0%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193837%3Aet%3A1724002717%3Ac%3A1%3Arn%3A63960659%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002719%3At%3ARedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&t=clc(0-0-0)aw(1)rcm(1)cdl(na)eco(565312)ti(1) HTTP 302
  • https://mc.yandex.com/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A0%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193837%3Aet%3A1724002717%3Ac%3A1%3Arn%3A63960659%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002719%3At%3ARedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/ 		46 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb09089e95f20a6c4aff1a36e32c8f741467a101c08d496170f82c649cda4d38
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-edge-cache
cache,platform=wordpress
cf-ray
8b53ad90ec355b3e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 18 Aug 2024 17:38:31 GMT
last-modified
Sun, 18 Aug 2024 20:38:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2z5dCNR4cYwDZOBqQ1OYN%2ByPff0L0b7o9%2BYgMJZwYjWqboHtU6qluPoCbCn324OuUfiGvQFuDorXhMvkQSxqsOyowRYCtJdyWuTx5pFndaLW3bd3tLAjLSlk"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
wpo-cache-status
saving to cache
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1
cleantalk-public.min.css
1275.ru/wp-content/plugins/cleantalk-spam-protect/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49681cf629185b67be2aa28ab7a821f4fbd9dad0d38e19928401818aa2914f0d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Thu, 08 Aug 2024 05:55:46 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZGHYUya8oWX0cxEdJndP1theySSjgOAanjBWXJ2gPo8dCdsEaSHLu21xPdLerc7NoSRgUrAyx2EqjRZv6TCDQ%2BaAhV4UYE8S%2FR4sG%2BYHRFegmtKIQR4%2FeeQ%2F"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b055b3e-FRA
priority
u=0,i=?0
screen.min.css
1275.ru/wp-content/plugins/easy-table-of-contents/assets/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6ae8dbff96469621efbc79f5d44c1f6d6c13460ed12e34e826af9b0308424aa
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Sun, 21 Jul 2024 07:33:21 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7y1ydnRnP9jbzXhUtqGXKogXfw5rivKHCqIiRyUmMPWclUKEWm7Yn%2BcBtdgVnLoqWMoO0eaHyTHQr2ke5FRQ0QsXuTnHThQh3fQCXbl241hbaxIDRqdEKRd"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b065b3e-FRA
priority
u=0,i=?0
a3_lazy_load.min.css
1275.ru/wp-content/uploads/sass/ 		127 B
574 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/uploads/sass/a3_lazy_load.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIrLrqPC19TuLElAA2WEusYhXvMeQE2b%2By0wlLeFAcviMXJjC9FTDEhxiSfELJSQJh5aOC67ys0YluNjaOpMy5xRI9DiLCs%2FxgqhuNMyrjiPjyL6yiQmnhE4"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b075b3e-FRA
priority
u=0,i=?0
wpo-minify-header-df171ca3.min.css
1275.ru/wp-content/cache/wpo-minify/1723525318/assets/ 		260 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-header-df171ca3.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d73c2f35cf104b9eec6c97b351fd1bb05bc19c11a253d8f9cd191671d45460af
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:03:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yhjXP7PsMwoM1gUShYygRYFJJuv3qj58KloOW5%2BEK6K8zKI4iXj1xbSK1sWckNhVp7e69ZPmw4NxByj2q4c3bQfxan0trXJhK%2FQ1zo4qEZZheCW279NBIKUS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b085b3e-FRA
priority
u=0,i=?0
wpo-minify-header-14b4240f.min.js
1275.ru/wp-content/cache/wpo-minify/1723525318/assets/ 		182 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-header-14b4240f.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00685798a2be74d85eb048b2ad280413434fe055a0d61cc0673cd06b5a414f32
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:03:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oh5owZ%2BANVAHVLLOcphJnaCSdjHkOAARX7NF8imQuZrOVR0k3AgdxRDgRCRZvS3ZK0uroKxm6vBvOGwQkmwQDQneeVZDjyBpPPmxbBDPtPnnOVc1uqUBN3L8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b095b3e-FRA
priority
u=1,i=?0
context.js
yandex.ru/ads/system/ 		367 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/system/context.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
ceea63fb5c025884af4b141f4c55b4a52a678db0432d319fd4a909b6171f78e2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding
br
x-content-type-options
nosniff
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
etag
"2d27c8c5567e0bf2b29657b072c28c7b-1089095"
x-yandex-req-id
1724002714984664-6858818388275385040-balancer-l7leveler-kubr-yp-sas-40-BAL
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Sun, 18 Aug 2024 18:38:34 GMT
wpshop-core.ttf
1275.ru/wp-content/themes/reboot/assets/fonts/ 		57 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:01:08 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S6IrC449yscwh9571cXxT3FfHbU6EkTDB6bhoSH%2BwbnOT1uJiDiIq9aDvFR0B29dLGH2tYnnDKruV3jxotWih3cDxSQqsG16Zi7miA6e%2FXKeo90q6EHn5IvL"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada42b0a5b3e-FRA
priority
u=1,i=?0
cropped-54925859_transparent.png.webp
1275.ru/wp-content/uploads/2024/06/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2024/06/cropped-54925859_transparent.png.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6898945c1cd627102a395524e84b7b9a80cdce29286005498fd9710c69764df
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
alt-svc
h3=":443"; ma=86400
content-length
16060
x-xss-protection
1
last-modified
Thu, 06 Jun 2024 09:30:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BAbLc3oUpnnLIJaLJpLCRLUuxmWLD1gLdi0ojSw9ozIw6BR4j4e1xqV90cFYvL98LiDbKbSzl2N9d%2B22xBAGgq%2F3Pysmbq4JP%2F5FTaADQZHUhsOoDKW6W0e"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8b53ada42b0b5b3e-FRA
priority
u=2,i
security-g0f3e5e56c_1920-870x400.jpg.webp
1275.ru/wp-content/uploads/2022/07/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2022/07/security-g0f3e5e56c_1920-870x400.jpg.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6c6e0c2cc095a480d6369d7514443c10ca91d8356372050d2bb30011a778981
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
11996
x-xss-protection
1
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whMcqzZMupXysLIakfnxp4wZrbZKgCgkrhI6QkjNLZOzA6%2FKfoOokcLbfcnPQ3wbEx3qR5nq1DnAIcvbzqaMlgq%2BpV6zvFQEILso1kFbBRyjA24q7Hu4odn%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8b53ada42b0d5b3e-FRA
priority
u=1,i
lazy_placeholder.gif
1275.ru/wp-content/plugins/a3-lazy-load/assets/images/ 		42 B
527 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
alt-svc
h3=":443"; ma=86400
content-length
42
x-xss-protection
1
last-modified
Mon, 15 Jul 2024 15:29:45 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAsLidugSaJZZp%2FjWqLivbKaNuloeSNewR5Mh1QJbxCFYlXOE1WzMFRFNiV1dqDv8e4h3STarG11QU90YCe0JcoZfBPX05Q6TIPhHtW2tFJGQJNq496Mao3t"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8b53ada42b0e5b3e-FRA
priority
u=2,i
wpo-minify-footer-9ad13251.min.js
1275.ru/wp-content/cache/wpo-minify/1723525318/assets/ 		64 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-footer-9ad13251.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd057d7db4c5263a87501a7d8a59729dcaa1496e669def1f418cae4c817a1a8f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:03:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdhK6wsqQXh9POWcNNC%2BCmgSJNOvyAXNlJ3Y6QXSCxA8BkwZA6nwP8Vi7G4zzrf6xODorYFg4fNyxPfuZJQrlawQ%2FrbJSX02a6m4HduNIPJCUdW4Wc4r5uRl"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada47b435b3e-FRA
priority
u=2,i=?0
wpo-minify-footer-65360760.min.js
1275.ru/wp-content/cache/wpo-minify/1723525318/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-footer-65360760.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c420f32b3ac8ca4dad29c471fd2149bf221ac03740c7816154c9703b38f6907c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:03:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1aq6G%2B3ABHFOOKOFotvl8xDw30JiGqSnO5NJXpbHTGiQipLTE7lSge3lx73%2FvyLLfuEY7EruPFFFOagVJmpQ6A4%2BCtQAIz7vBYgMLDzGpA4Wd3lQSwoCIZY5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada75dc15b3e-FRA
priority
u=3,i=?0
wpo-minify-footer-3c86297b.min.js
1275.ru/wp-content/cache/wpo-minify/1723525318/assets/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-footer-3c86297b.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9387807e98875575d1c4f5c12d5b0088c30f9f16cd72d63306db0d841e3a8609
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Tue, 13 Aug 2024 05:03:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VsXVtCd7i51AYw0pQOtybnyBTWqDWzuIF036fcXM1jJufeytkkgMdLDjSJIAGKKHK%2B9hIwadHf35DOTjqzDFetxmlJqcFEg9arg6Le5zVLIiApvXyGso07%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53ada75dc05b3e-FRA
priority
u=2,i=?0
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
server
cloudflare
etag
W/"2024.6.1"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
8b53ada81b478fce-FRA
security-g0f3e5e56c_1920.jpg
1275.ru/wp-content/uploads/2022/07/ 		0
254 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/uploads/2022/07/security-g0f3e5e56c_1920.jpg
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:34 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
259903
x-xss-protection
1
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVzsm714y3UarRXcsfxRjkmq0ngEC4adERS4km9jot%2FNf6OWt7uY3apBEC2M0nZ4t5CRAKiwF7xw8djUCrMw6mZAjPhRXpfb%2BHHQDaA80Nf7%2BeRce0EDDCke"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8b53ada76dc35b3e-FRA
link
<https://1275.ru/wp-content/uploads/2022/07/security-g0f3e5e56c_1920.jpg>; rel="canonical"
priority
u=4,i
matomo.js
waos-soft.ru/ 		67 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waos-soft.ru/matomo.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:2455 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a77ab6376bf1e6fa1182199bec8be63db1cd7cd0fdf0ec8dfcd3ba28f9845c5

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 16 Aug 2024 05:35:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3446
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uE96r%2FNW0xPrkgU95kClE9mMsoKzZe9dlhyuB9JujzEUhLdQfQVr74Row%2BqXTruiS30HfrZw72ii5M7r24EKIPUtTbG4WWeLuO%2BcwtQPU6JYcoEr23DIGcDCUx2A7%2FGAtjgSIRqNVh9srHE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8b53ada90e054d74-FRA
alt-svc
h3=":443"; ma=86400
truncated
/ 		969 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		290 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		626 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		544 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		624 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
admin-ajax.php
1275.ru/wp-admin/ 		1 B
619 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-admin/admin-ajax.php
Requested by
Host: 1275.ru
URL: https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-header-14b4240f.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarygHDIiAuBsVlEf4Dj

Response headers

cf-edge-cache
cache,platform=wordpress
date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UBWC3ef%2FO2tQya4tSjv5xz0obh%2FDL8ysqciP2k8DZtLZYoXr04HEtWleoEUoyRbow6L1cWmj6miMrX79F9OECHYdGz53j7nH%2BtMXO7O3wRGqYdz5ErqZQBdP"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://1275.ru
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
cf-ray
8b53ada94f065b3e-FRA
priority
u=1,i
expires
Wed, 11 Jan 1984 05:00:00 GMT
/
1275.ru/ 		0
473 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://1275.ru/
Requested by
Host: 1275.ru
URL: https://1275.ru/wp-content/cache/wpo-minify/1723525318/assets/wpo-minify-footer-9ad13251.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Cache-Control
no-cache
Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

cf-edge-cache
cache,platform=wordpress
date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z98EtS6x3eGntU2VAMGMe6RQPpPxE1yi7RWdtfB%2FKIogTHzJR78ggLBq5rRtRssVoZvCjg%2F9aZxKm24xGfm6IOAZkWvIHepeelxnplxbogUjmiv452vFyDVN"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=15, s-maxage=0
cf-ray
8b53ada94f0a5b3e-FRA
alt-svc
h3=":443"; ma=86400
priority
u=1,i
x-xss-protection
1
main.js
1275.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/ Frame B807
Redirect Chain
  • https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://1275.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js?
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ef3b3169d726701ae448082d6e822b09d40f3087ab8cb88bad1b65981458ab2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVJ6phOEWfX8X3FtxhPJy7w%2B1EpEzooGar9P8mGz6VRdO9bWmzID5jwFeVfMcwVFtPOYTGLaTlGWjiS5QZlhWKj3GjIk6UPuNO7qV3vUTVcBt4Vmb94X%2BcCv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b53adaab8345b3e-FRA
alt-svc
h3=":443"; ma=86400
priority
u=3,i=?0

Redirect headers

date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LGhb0BX%2B1d2ouppRsXgAgpzISvpjMO985v8S%2FqT4GOMOmbFwwobIVdXr%2F6X%2BDJa55rgEgfUNQc8y8oxc9YbB4xGk7VfLHyEuvyGKGZr8qagPPrAmQAtObcu"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js?
access-control-allow-origin
*
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b53ada94f0b5b3e-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i=?0
rss.png.webp
1275.ru/wp-content/uploads/2024/07/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2024/07/rss.png.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57b706ad8e6cf27d0734cf87efeef7e4151e6ceb6eb92c854e719e1baf7c5e8e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5457
alt-svc
h3=":443"; ma=86400
content-length
3248
x-xss-protection
1
last-modified
Tue, 23 Jul 2024 07:42:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHhO4Jg9G3TEV9KK08OMl2kC%2BcEmqhoouzk4YwRaAeeVL25VQ94xPWoaC%2Fs8rgYVPh%2BKzKMhKGDpt21X5Cxfa0L5B5GOlchszKOzuEgOkA0KC%2BaIFSlhhwll"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8b53ada96f1a5b3e-FRA
priority
u=3,i
matomo.php
waos-soft.ru/ 		0
267 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://waos-soft.ru/matomo.php?action_name=RedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&idsite=97eED41Ee1b3d80&rec=1&r=843495&h=19&m=38&s=35&url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&_id=0aafca42784ea57b&_idn=1&send_image=0&_refts=0&pv_id=ibVNTV&pf_net=104&pf_srv=3037&pf_tfr=86&pf_dm1=754&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by
Host: waos-soft.ru
URL: https://waos-soft.ru/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:2455 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
content-encoding
none
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hSifOyf%2B1MeP5RGMV7PkkckzBlFfCVhifEXiWNFFglzzTUsAvuymbkSr3HI5RN8jERAuFoFFuJN7PiJwQusciYKBX3oycVxq5JO5JSjttRNwq3CJZPbtb3vgypuwcmLSqA%2BRdxJbWv9Ztcs%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8b53ada9df134d74-FRA
alt-svc
h3=":443"; ma=86400
8b53ad90ec355b3e
1275.ru/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame B807 		0
943 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/cdn-cgi/challenge-platform/h/g/jsd/r/8b53ad90ec355b3e
Requested by
Host: 1275.ru
URL: https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tMR2fm2swyepNSad6D0pbwKcHkB2nepGwT%2FsSBZUVjeoUKlphWXghjXKNFXH%2BZbKb5H4Nh12c8tph3acFKXNsF38wD%2Fr%2BUaEWDw02bqaaOgk0MaoSrzmZIdP"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8b53adabb8f15b3e-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=1,i
text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:03:32 GMT
strict-transport-security
max-age=43200000; includeSubDomains;
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
26004
x-amz-meta-owner
{"role":"admin","login":"4eb0da"}
last-modified
Mon, 25 Apr 2022 14:02:39 GMT
etag
"7f0cdaf91230f9789ca4162aedff612e"
x-nginx-request-id
24b81eee41f2fcbc
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31556952
vary
Accept-Encoding
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 18 Aug 2025 23:27:47 GMT
b0df7beb1774362cd6e6.js
yastatic.net/partner-code-bundles/1089095/ 		43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/b0df7beb1774362cd6e6.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
dbe5b0d8de6688b7a05d14b699840c570d25314c0d73a08854719a684182cd2b
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 16:43:32 GMT
content-encoding
br
strict-transport-security
max-age=43200000; includeSubDomains;
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
12536
last-modified
Thu, 15 Aug 2024 13:32:52 GMT
etag
"1cca5aa1afa6be0e6caca8ecf4420bab"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Wed, 19 Aug 2054 00:14:35 GMT
ba82a8cec7f900b60991.js
yastatic.net/partner-code-bundles/1089095/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/ba82a8cec7f900b60991.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
9f4add628ef0aa1be1b751dac0021d045842d43a6faa4b2f87794a1839a7eb9f
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:03:33 GMT
strict-transport-security
max-age=43200000; includeSubDomains;
content-encoding
br
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
7946
last-modified
Thu, 15 Aug 2024 13:32:52 GMT
etag
"1ec5973ade30bf23d025abf82c46d9c8"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Wed, 19 Aug 2054 00:14:35 GMT
ce973818770f8b7a877d.js
yastatic.net/partner-code-bundles/1089095/ 		617 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/ce973818770f8b7a877d.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
71f88d9dc56863616641a0f979c8980f6ba80a430db1455fb60bb316bc7483ac
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=43200000; includeSubDomains;
content-encoding
br
date
Sun, 18 Aug 2024 17:33:32 GMT
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
114454
last-modified
Thu, 15 Aug 2024 13:32:53 GMT
etag
"8c07679ae2b1cf7e97a498ef358fc614"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Wed, 19 Aug 2054 00:14:35 GMT
host.js
yastatic.net/safeframe-bundles/0.83/ 		33 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.83/host.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:33:32 GMT
content-encoding
br
strict-transport-security
max-age=43200000; includeSubDomains;
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
8878
last-modified
Wed, 03 Nov 2021 13:42:58 GMT
etag
"f80882bf67cf261aa08d636da095149a"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
timing-allow-origin
*
expires
Wed, 19 Aug 2054 00:14:35 GMT
b5e479bce20a44381b1b.js
yastatic.net/partner-code-bundles/1089095/ 		122 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/b5e479bce20a44381b1b.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
ca12ebfe4dfbefaa7e7c647bfc59d5cb6530a4fc98c3840bff756fe94978116b
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:23:32 GMT
strict-transport-security
max-age=43200000; includeSubDomains;
content-encoding
br
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
24486
last-modified
Thu, 15 Aug 2024 13:32:52 GMT
etag
"837ceb83f205d0a45745f4dcfe4af21a"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Wed, 19 Aug 2054 00:14:35 GMT
1788970
yandex.ru/ads/meta/ 		438 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/meta/1788970?target-ref=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&pcode-version=1089095&pcodever=1089095&comboblock-unencoded-vast=1&ad-session-id=7088881724002715667&target-id=66967677&pcode-test-ids=1066209%2C0%2C94%3B918197%2C0%2C6%3B1078671%2C0%2C20%3B1034857%2C0%2C40%3B1076847%2C0%2C12%3B1076432%2C0%2C32%3B1089383%2C0%2C3%3B1077081%2C0%2C80%3B1065396%2C0%2C98%3B1035458%2C0%2C41%3B1083219%2C0%2C47%3B1083172%2C0%2C1%3B1082178%2C0%2C46%3B1059498%2C0%2C60%3B1037227%2C0%2C90%3B1082207%2C0%2C85%3B1078044%2C0%2C76%3B1051946%2C0%2C90%3B1085920%2C0%2C45%3B1082191%2C0%2C13&pcode-flags-map=eJy1WNty2zgS%2FRc9R17ewEveIBKUUCIJDgBK9kylUMpYSbxlx1Oxk8kmlX%2FfBghKImWTzlz8IvPSB41G9%2BnT%2FD7LqMCLgqiUNZVUnGSUk1QqWuG6nr3%2B7fvsy%2B728372eiZ5Q2avZo%2F7h0d6DdeR5wSBN%2Fvx5tVsg4VqBFFlU0jKWVEAWiX1P4SrLZbpimRK0pIolueCyHFc33Oi6IDLieRXilWqInLL%2BFoRzhkfR0BhECUGQS%2FKGqlqToxfRw83NCNM2ec9ONeBvx5e4ieRM4G3aPIcdkvKWl6pgpZ0CPrTiJsa0%2Byf9zBv4P%2B%2FilrBQfzTnj6D%2BbfO52nMfy8Cf%2FX0dYYvOV6oglRLueoZQX3Fp2axEztRcDQjUqWNkKxUmxLX3YbUBhdQDqdA4WBXcYj88Fi5YsWaItM%2FW4VTSWGDi0ZK%2BKGwVZyu4Ul%2FO%2Fuvf5ziuY4fxOjoGUnBp1RisE85wUAMFk%2FQX%2Fue3b7v4yAUxUfHSGWYqWAQGnI54UIYhGFoTDUTXWHFG5WxEsMecsYVzoBJfmmIkGKUOwAoDp24R2sZFitVavqSVzUZuPH77efrvdpdv7v%2F2seJAs870ph1hVXFlQ4rRGd8O1Hsxq21jQKXC7XAVQVZVuBq2eDl0JMBQhzEyfFMhDQoG8IFHPAgOePADdDAGsVuckLCJdvAMdIlnMYSAqIPV5JSTLgQeskxz2sshC4dKBTjCxyJTgglmUngCag49trjNUVnI9FUNKfQW2glCc9xOhoSlMSebSz6VBdrs7ww6dGyjT4YVi7YGEoYJYHTonAOTWmrO1TDK4Vz8EGlBU3XSq44a5ar8S7luk7QhliUmEsF2dkQRS5rtSig6oBGRC%2Fnf5vd7W5uLz59BpT%2F7T5e77%2FC%2F%2F%2B5udu93z%2F0br3f3Zk719%2F2H9vXd19uHu%2Fbf%2B8uTi6uP97Yuxr5gAA3Pu2%2B3d5%2F%2B2Aff%2FvU%2Fn7%2BtLv4uP%2Fz4eyF%2F%2B7u726M6ZveFlFsawC6vspIjuHwIBGWRFVNuSB8LNIRcn1Lk1cY8lfSVOUETntRMAgPdJztCpLwiTjxOZ17QeICg85dgDy99gbX%2FuA6MNd47iHoBpFn7fEcxXEQunPXPdwIYXuRXuBNj6ST0G0TNRdQLKxWOb0c22aMfN%2F1jUUFe4QyAxJucKHzssRSSx%2BtpoAAVUmqZhwqSLw2Yjoxl7VUIuW0HqXOGASXJQrwOCNiLcHpThZChJVhrnqCcOIEijTpYDjZYp5p1XfOmD2zxPOcE7qFhWxpC8F1LYzb%2BgFqbQ8q1pQfxCunOnhDqjsDQH7sHxihA%2Bk6qSaGjKUNhB0CKTmWZAlSdCEI34ynbuIFyO7qGarJITV0V5pwz%2B1IuMdPRsHAyRJSmQYFxcFNomyooAtaUHlwcxTfd1Dc5mr2awe1JgWRU2FzY6%2F1qytpCBcEiODSgOACqNAm84lLhxCSy7RoMpgXOOjGcQ%2FDwEW9ZrzCVaZFAa3W9rTb9i6bamKzkWeTReBSK4QqI5e2L48aRk4UJr0sYzWpdD%2BGZlZDUUIzXDTFehQkQYHtPfD6Uq0IzsZTCNgnRqFrTLC4qtK2P5yafJ897B813508NzrB9OeCQXa96j8jsGeTdf379sHgrtalzwE8uwStgDDaGzjL2eXgMQSL0zVup82zFVPG1hRe0hMjrZbPvFVzVlJBzhY2bUVv33ppambw1qCOjMYFrQ4x%2FnD%2F8Pigg7m7vZ29%2BdE7CZBiie3UogaBLTQVZxSrLZUrzRSHsdnoO%2F3C%2BNF6EWj5livlgXZg4C7YBnyjTGvfLAUGnYABtj9WxwFHQLM95Rotwk0twm%2B6Mk7rl9MCA9FNJKEHs8px69DK1CXFEP%2Bn1fT5YOChCB3M7biiJSTNcb9nB2i%2F2711w3my372bB9HOn7%2BNwuv57t3bMIB76Bp5vU6rp44kjp8CrwlPgbNPF3AuHAe9zDrNl%2F0qS1zQalHizV67r2a%2B44CODBwXrn48A6jropPabTGMRykAgmmjlELXg7jyK7WkZTmh8KHZ25HnaNb2prmAgx83Ro5ndYrevpYLRlgrWk4oceSGgdMvBqPKnhNjoZ%2FABn00ODzkB1675y2H6bXUEh4Yp1C4EtuprEQJcr1TyURLXfwTSgtmOz%2BKhnMqBqkuSAHdCcgcmiqM8xMgoe%2B156xr1SwM9U8EXUIDxpzifubN%2Frx5%2FDD%2FcnO9vz8bNH30NM6EA%2BeGtaZMVUzkWRh3nezAg3KJT9WElX89mD%2B%2BUpgLPj4%2BDMCSbubXecDZ9oXeR15k25q2ax0HYZCuoV76meM7rgcZjvRoCv%2BHAWTMMI1gyrVprEvuqDWgkJfQA55gAndg3xUtL0GU4eXUSJtEcTfRVJhslDva9l2YoqNBwkHjxFnWfREQxbBUf3%2B8Pf%2B6cgSBnekxmi2w3aqp27qgg6JxLtxB4MM4OMKIBojiyhQ%2BgC05geF8gSfqLgoD37PRFtl6qIJ1eLSgHkSs09i2VlcN3hKqvFhJUtYFSMKJRaFZuk%2BpYPPFCmbnooBG1G0InuIM12alkkGI%2BugwEg%2FSGPlJeILeV7Kc5BCZ1WCf5yeEukFkCHIAOEwV7XcC25kZBID0A4Acx%2Flp8BJfHjpyK5ueT%2FkhnqYAmJgAs0kliAaxprWlFThgmtN0cpCCU%2FY9O6ocuJCXtekMU4Zu5PXUNc25Fug5nOsCW33%2F8u8zgOi50XH2qvGVmd%2FMCMsHeuXsIFECfGATvP2izdXCzBqSGeHJJhIh6j76He1%2F1hIqkVSp%2FtoGAWAgAu1IPLVrz%2Bnbi18azMlTxmeLR7ETBAe3jbcpy6yUNKFjwmStN6UNkiA8UMxJX7FTWwq%2FkFaMUziSl2QV6r5ndJuCjJSQkMULY%2BImmjl%2B%2FB9GfM56&pcode-icookie=Qt5wXi3VFAsdW6tX3q88pfaIMKMXKoQA38RzAE6ES3EAv1C4jaWL5yMld5uvY1v%2FFHE7%2FHxN%2Bt%2F4iWAZKB%2FhA0zsz0w%3D&imp-id=1&charset=utf-8&test-tag=320507639496706&tga-with-creatives=1&top-ancestor=https%3A%2F%2F1275.ru&top-ancestor-undetermined=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1050%2C%22top%22%3A303%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D&grab-orig-len=3748&grab=eyJncmFiX3ZlcnNpb24iOjJ9CkqmoJAkN-4A1fTCIv5Zsq7t2uLr_lFsGXMJ5SiJLHhdz2kbNZ28bsVtTbCCjR0ZbbwRbf3Sj7p-yUIJRn8Tp3ZdJw2oX0GumJm2Zl3XxH4u-DQtEY2JAQMJyMw0ucQTxzK5pI9UJvcSL-4ykp4SjSSe5IFA5IXiJOrBJINP7s96ko7Am-WDJkZIXutKlbrWySkbrHJx98aMhrgj1qfdz4JE5CVhpJ9ZGHk98hDrwbKRnlImp2yV5mEqmFk8fB-xXhT6Xu11sSgeXq_TLh3C2Jt-EhHE3QFYH-V54ElaawtNaXNIw0A8vNr3RpSOIJ14orqL857WQfdFYeQn-Nc97fkI6iAhkHh6mTxN8G1S_MTrzz2YQOAmojpOIrjzU-o9-s4j7cGXCPLD5kJxeSxcl-dCYMF2udPlTBYcl-1iLhckl--iu1wWNDnlaDH4oFtJrh1eaQJyT-lKd1jqJLrgSYVxbEw5Dz6zz6OxOuBDZnHjE0K5PBawBRfGdlNxj4TfPU4Wnp4Jg8QTNLiOs3G850y8-ML4axx5EhtT8BOCaHjCD4SJGdQR442gm3gQIaAw8boA2ahhuFwXnQUdlYlSGFuztjN3wun3EWQSvTmRxkYXPedFtDzvMDTHMzDYrJ_0eGbxSCJGuJb_r5Bk_7PsL3c3bcBsijYT8zHtMwvME4gc9r-MJ_RrkTCPE18yTeeQDL9umFkiFOfRYcDssTFBGAjqJMymNwjqAXd8xR_k5qPD8RvZZcvwe11WpabWqFWq5Q566n1j-6i-aEQ22Lsa0C74_wjWP4TPgvpnYMF-37ZLgOTym2cZ4GZ-uPHbALeHRGeH_GP21ewo65FZ13eWjtHhDY5EPAh6C9oFAxUkISEzwHoaZZq-2nrdDjrwMrCnY_ecjj0eeX-CXYC5aCwcF_vDyXU5v_FYG1e2TaCXiLtMV1JVKqpz_83S8yNfsvPDJ0gkcwHu8qckjLpAFHr-_N1ls2A-sXwWrElMRkI0Xazj4z0f79zr8uYD5P2uXsngWSA8AO5T-ilFv9mcLtq3h_MF8ea56uixcFnQbx7PJzgsqC7ET537WI19XvgdJIeH0HpgF5sF_f49vwH2nhv3ww9pSVg-tMUr_D_1tbsO3xLtyvhmfBfCVobuQn4qzvep5JQihsADrvbCrMYvCSvCQkn49w2FH-ygliS_t38UwXRoO-w2MIKgW1mj_8YftU6ToGdrNQ2J3r-hUrlIGFKfehnRyB9AKJ3kzb3-FtJcF40dI2clzf3XOjsgblZ_LN7Cych-Ih7XhIHfeolFwWN7v60YWDctvykpvsY8UOAOn1YvIwaNolQXpg1CBbl5tuT-ccC9F9jvEIx_M4y77rvtHMaZ7xI499H9IkQH14Pfy_0H22n5e_2nhPHPhLzvguyy51orwG5__g_y1FMgSvXUkwVzafwh_6kPCm2X90_2ewvCfML5y_tdqNtTYD0VSF8zhNlOh7YmBPMPhfk_AbFhccZ__UWc8333tw5YT2mT30k0kTzxCLp3JYG_nxw75P0AxMOb05f0OK4bfnXuwKeaLoAWM8GeFvZNZ6cJ_IFiWwg79g_f27tL3ELE5kpGWj8v5qV5vFjTBejGCM7lzBDM5nOcX3kna6wW8OdB3-1HfzZoLbLsy_r7YLyXcZjZgTMmmi6wljxv69n7bZgbamtkIW1C75fr-3nY7dbl8-ZzC4ToRIZ7WzXfXq6TH5C3Q8qdLOCv3r3pmdirBHv_zT-CqFG63UXZAv9diP2NichJ61URL8DcpbWT9RkCt0_iuRiXI3prwWntOMu6JH2wuXci5rUuaNzmzPW104_acdZ1Pmebv8ikavGb5ZaO14xO9XVifaLQHC9c0GznoFs-de7Bap2wNmPLJOyndipgOY_jfA-cs-1HPndp8m7_P8iAMaRJ3WJ_1HCe8yhgXek29sM6V4LU7Pn-mEv_ZOrmotb4a2yRxriYc862NmWb_WrGtriYTCAlURri-XYUn-Z6FuJH9ujzLtN1Oez7tkP3Y097L69Uxt9u9u0eTtp0mXOdQh57LT46U4Vrw7eGhzOXtR0RgoE9uvDCPCPzQNFtrmbbJCXKpvzZ5BKtY_UftG28dUo1lU5VUulKJZVCa92Ip2wvgJVGlaqqUWk0Km05VCqFWtXHkJbK9EFqUpU6HWrN6BptlSpHWnZNpVHkqU5Zdp1WUahGIWVaX51iVEXaFUOZF4VOUUhHkWWKriyUpSbt_VX2rinKLO9Dqi1SlU6dKaV9qPMsr5S5WpMy-5ZZUZU6jSpTlaqi1GXqrlCqS7WmKHJlHyql8svKe5lp066rpFWu1WZPlOal_VFW6p4z-ypUam0q1fahyRUKjTJTltqHv9BIpbpKWyjVUpVySJXqru1ffq6WVmmVaj49VVZoM61Ozew7cqXi61FJX4DS6fKyUH21Rf_IFtKHfRQKRdc--NCoP47Vk9mrsrrYf_1lllp9b9L9xBJCVPXPLCnalAUjEInmgr3OcHJLygC0xuv5idYOF1MiefH8OuUnI6HaM551a10u6HLKXCYPbQVchkBSvWhNQkFk0i8YREagi_0UmKE3HzD6ATlK9PIglMVKnF1jzNXlOM1egz5fLbpZOZEERjMeaG3qH9ej2jzrhqzefnBgrx1Ha9butvdhQ7cVDlP1NAVxE0VGXehLbGVg7ra-3dzJfAn3yXtVBvjNFu1MUjP3jDrQTj9Mpq5BGy-QgkZq1T3D2CwfOVKbsUT_8qJvQStncullFCvpTVsYeGPSJL0l1xB-xlRoUXWCZ0WCp6_VD7NkxHpjhiwUi0-JsQUVOlYHzTilySaKmaKbC6g9t1XV46xWveZ8_Y67p3UqPynF1PA4LcqAhaMeQk8SnrS_AiFTAjBE0wXk6UqTUaoLOijCl8Ivb1sc3MayXQ0D4rq4yU_IkYfw6CGBQAc4uGYHCMMgGRC-TXxhLk52Ok-yPV7zVw712gY-DiHRhgMvSV_5M363_1gf7j-0IQ5OwPs1A7eebrCuhtbwdTb_MUN96Fl146WxTldkfaiY04GnASR8qe0DSnjPSLrPUKJTSUNz_XgCu3tJN08OkUzpUAZEBMS1utQBYYKaBI-fUF4vIrwe4_dJQUpkME8AdpD8OSv_OtpK019_ul79XnVmRd02Tze8px5Dbeote1VJENtqPeuzO_h0VTi0VaQxVseGsUoQ9k4MrylcGKv38G3ReefQSBQ9BYy9CNn8NhDWMg-N3JQovBHHXXDG10Ghs40uGRl9eIU-3Ek-xKKREERGsYWfxCQJwQTzY6cpwaAVNCATIaiBUle6ihZ1cvhAQ0RCBg8hCZP6lwuPtik0MOKrXGF8iBv6JNRFnNnY8pvgt-Z8bVtDnOZZtBn0NWZMHyKrCdAXMII8jCaxKDlUFTCBQQZUFRiMWVtCxIDUhNIRoJxDnqz7MK59cAb13IKu0iq2URMZ19ITeRGhvQkA2JMwN82KsGcHF7laUcRGSO9E611Ib2aIz5Hc0TS7SG9qiCuR3hGlSUd6I5oYAslVJekbTmKvjxgV-QMeGdIy8AUIgg4XuZhZcYsBPgFrI2brVWd2aJmqhYwtDcNDM2KiRk39aZnHaUxzWuB-kyCIe00QDAFNaJkONQc6JR2UYIchD73P2Ig1iaShXjZf8SlX55kn_PaD6hlP4lDqMSGRjkMAWATblSsaJO03fK8j3FQbQWSkbGSb-Q4C10E6PchGAPw%3D&uniformat=true&callback=Ya%5B8227499379342%5D
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
86abd377f7f68f7ee1d2f0254c51b5b33e4a868f672da114020aa04c37ee6eb1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 18 Aug 2024 17:38:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id
1724002715710759-6722553150386188291-balancer-l7leveler-kubr-yp-sas-40-BAL
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 18 Aug 2024 17:38:35 GMT
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sun, 18 Aug 2024 17:38:35 GMT
1788970
yandex.ru/ads/meta/ 		97 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/meta/1788970?target-ref=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&pcode-version=1089095&pcodever=1089095&comboblock-unencoded-vast=1&ad-session-id=7088881724002715667&target-id=60455468&pcode-test-ids=1066209%2C0%2C94%3B918197%2C0%2C6%3B1078671%2C0%2C20%3B1034857%2C0%2C40%3B1076847%2C0%2C12%3B1076432%2C0%2C32%3B1089383%2C0%2C3%3B1077081%2C0%2C80%3B1065396%2C0%2C98%3B1035458%2C0%2C41%3B1083219%2C0%2C47%3B1083172%2C0%2C1%3B1082178%2C0%2C46%3B1059498%2C0%2C60%3B1037227%2C0%2C90%3B1082207%2C0%2C85%3B1078044%2C0%2C76%3B1051946%2C0%2C90%3B1085920%2C0%2C45%3B1082191%2C0%2C13&pcode-flags-map=eJy1WNty2zgS%2FRc9R17ewEveIBKUUCIJDgBK9kylUMpYSbxlx1Oxk8kmlX%2FfBghKImWTzlz8IvPSB41G9%2BnT%2FD7LqMCLgqiUNZVUnGSUk1QqWuG6nr3%2B7fvsy%2B728372eiZ5Q2avZo%2F7h0d6DdeR5wSBN%2Fvx5tVsg4VqBFFlU0jKWVEAWiX1P4SrLZbpimRK0pIolueCyHFc33Oi6IDLieRXilWqInLL%2BFoRzhkfR0BhECUGQS%2FKGqlqToxfRw83NCNM2ec9ONeBvx5e4ieRM4G3aPIcdkvKWl6pgpZ0CPrTiJsa0%2Byf9zBv4P%2B%2FilrBQfzTnj6D%2BbfO52nMfy8Cf%2FX0dYYvOV6oglRLueoZQX3Fp2axEztRcDQjUqWNkKxUmxLX3YbUBhdQDqdA4WBXcYj88Fi5YsWaItM%2FW4VTSWGDi0ZK%2BKGwVZyu4Ul%2FO%2Fuvf5ziuY4fxOjoGUnBp1RisE85wUAMFk%2FQX%2Fue3b7v4yAUxUfHSGWYqWAQGnI54UIYhGFoTDUTXWHFG5WxEsMecsYVzoBJfmmIkGKUOwAoDp24R2sZFitVavqSVzUZuPH77efrvdpdv7v%2F2seJAs870ph1hVXFlQ4rRGd8O1Hsxq21jQKXC7XAVQVZVuBq2eDl0JMBQhzEyfFMhDQoG8IFHPAgOePADdDAGsVuckLCJdvAMdIlnMYSAqIPV5JSTLgQeskxz2sshC4dKBTjCxyJTgglmUngCag49trjNUVnI9FUNKfQW2glCc9xOhoSlMSebSz6VBdrs7ww6dGyjT4YVi7YGEoYJYHTonAOTWmrO1TDK4Vz8EGlBU3XSq44a5ar8S7luk7QhliUmEsF2dkQRS5rtSig6oBGRC%2Fnf5vd7W5uLz59BpT%2F7T5e77%2FC%2F%2F%2B5udu93z%2F0br3f3Zk719%2F2H9vXd19uHu%2Fbf%2B8uTi6uP97Yuxr5gAA3Pu2%2B3d5%2F%2B2Aff%2FvU%2Fn7%2BtLv4uP%2Fz4eyF%2F%2B7u726M6ZveFlFsawC6vspIjuHwIBGWRFVNuSB8LNIRcn1Lk1cY8lfSVOUETntRMAgPdJztCpLwiTjxOZ17QeICg85dgDy99gbX%2FuA6MNd47iHoBpFn7fEcxXEQunPXPdwIYXuRXuBNj6ST0G0TNRdQLKxWOb0c22aMfN%2F1jUUFe4QyAxJucKHzssRSSx%2BtpoAAVUmqZhwqSLw2Yjoxl7VUIuW0HqXOGASXJQrwOCNiLcHpThZChJVhrnqCcOIEijTpYDjZYp5p1XfOmD2zxPOcE7qFhWxpC8F1LYzb%2BgFqbQ8q1pQfxCunOnhDqjsDQH7sHxihA%2Bk6qSaGjKUNhB0CKTmWZAlSdCEI34ynbuIFyO7qGarJITV0V5pwz%2B1IuMdPRsHAyRJSmQYFxcFNomyooAtaUHlwcxTfd1Dc5mr2awe1JgWRU2FzY6%2F1qytpCBcEiODSgOACqNAm84lLhxCSy7RoMpgXOOjGcQ%2FDwEW9ZrzCVaZFAa3W9rTb9i6bamKzkWeTReBSK4QqI5e2L48aRk4UJr0sYzWpdD%2BGZlZDUUIzXDTFehQkQYHtPfD6Uq0IzsZTCNgnRqFrTLC4qtK2P5yafJ897B813508NzrB9OeCQXa96j8jsGeTdf379sHgrtalzwE8uwStgDDaGzjL2eXgMQSL0zVup82zFVPG1hRe0hMjrZbPvFVzVlJBzhY2bUVv33ppambw1qCOjMYFrQ4x%2FnD%2F8Pigg7m7vZ29%2BdE7CZBiie3UogaBLTQVZxSrLZUrzRSHsdnoO%2F3C%2BNF6EWj5livlgXZg4C7YBnyjTGvfLAUGnYABtj9WxwFHQLM95Rotwk0twm%2B6Mk7rl9MCA9FNJKEHs8px69DK1CXFEP%2Bn1fT5YOChCB3M7biiJSTNcb9nB2i%2F2711w3my372bB9HOn7%2BNwuv57t3bMIB76Bp5vU6rp44kjp8CrwlPgbNPF3AuHAe9zDrNl%2F0qS1zQalHizV67r2a%2B44CODBwXrn48A6jropPabTGMRykAgmmjlELXg7jyK7WkZTmh8KHZ25HnaNb2prmAgx83Ro5ndYrevpYLRlgrWk4oceSGgdMvBqPKnhNjoZ%2FABn00ODzkB1675y2H6bXUEh4Yp1C4EtuprEQJcr1TyURLXfwTSgtmOz%2BKhnMqBqkuSAHdCcgcmiqM8xMgoe%2B156xr1SwM9U8EXUIDxpzifubN%2Frx5%2FDD%2FcnO9vz8bNH30NM6EA%2BeGtaZMVUzkWRh3nezAg3KJT9WElX89mD%2B%2BUpgLPj4%2BDMCSbubXecDZ9oXeR15k25q2ax0HYZCuoV76meM7rgcZjvRoCv%2BHAWTMMI1gyrVprEvuqDWgkJfQA55gAndg3xUtL0GU4eXUSJtEcTfRVJhslDva9l2YoqNBwkHjxFnWfREQxbBUf3%2B8Pf%2B6cgSBnekxmi2w3aqp27qgg6JxLtxB4MM4OMKIBojiyhQ%2BgC05geF8gSfqLgoD37PRFtl6qIJ1eLSgHkSs09i2VlcN3hKqvFhJUtYFSMKJRaFZuk%2BpYPPFCmbnooBG1G0InuIM12alkkGI%2BugwEg%2FSGPlJeILeV7Kc5BCZ1WCf5yeEukFkCHIAOEwV7XcC25kZBID0A4Acx%2Flp8BJfHjpyK5ueT%2FkhnqYAmJgAs0kliAaxprWlFThgmtN0cpCCU%2FY9O6ocuJCXtekMU4Zu5PXUNc25Fug5nOsCW33%2F8u8zgOi50XH2qvGVmd%2FMCMsHeuXsIFECfGATvP2izdXCzBqSGeHJJhIh6j76He1%2F1hIqkVSp%2FtoGAWAgAu1IPLVrz%2Bnbi18azMlTxmeLR7ETBAe3jbcpy6yUNKFjwmStN6UNkiA8UMxJX7FTWwq%2FkFaMUziSl2QV6r5ndJuCjJSQkMULY%2BImmjl%2B%2FB9GfM56&pcode-icookie=Qt5wXi3VFAsdW6tX3q88pfaIMKMXKoQA38RzAE6ES3EAv1C4jaWL5yMld5uvY1v%2FFHE7%2FHxN%2Bt%2F4iWAZKB%2FhA0zsz0w%3D&imp-id=2&charset=utf-8&test-tag=320507639496706&tga-with-creatives=1&top-ancestor=https%3A%2F%2F1275.ru&top-ancestor-undetermined=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A730%2C%22h%22%3A300%2C%22width%22%3A730%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A250%2C%22top%22%3A1899%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A1%7D&grab-orig-len=3748&grab=eyJncmFiX3ZlcnNpb24iOjJ9CkqmoJAkN-4A1fTCIv5Zsq7t2uLr_lFsGXMJ5SiJLHhdz2kbNZ28bsVtTbCCjR0ZbbwRbf3Sj7p-yUIJRn8Tp3ZdJw2oX0GumJm2Zl3XxH4u-DQtEY2JAQMJyMw0ucQTxzK5pI9UJvcSL-4ykp4SjSSe5IFA5IXiJOrBJINP7s96ko7Am-WDJkZIXutKlbrWySkbrHJx98aMhrgj1qfdz4JE5CVhpJ9ZGHk98hDrwbKRnlImp2yV5mEqmFk8fB-xXhT6Xu11sSgeXq_TLh3C2Jt-EhHE3QFYH-V54ElaawtNaXNIw0A8vNr3RpSOIJ14orqL857WQfdFYeQn-Nc97fkI6iAhkHh6mTxN8G1S_MTrzz2YQOAmojpOIrjzU-o9-s4j7cGXCPLD5kJxeSxcl-dCYMF2udPlTBYcl-1iLhckl--iu1wWNDnlaDH4oFtJrh1eaQJyT-lKd1jqJLrgSYVxbEw5Dz6zz6OxOuBDZnHjE0K5PBawBRfGdlNxj4TfPU4Wnp4Jg8QTNLiOs3G850y8-ML4axx5EhtT8BOCaHjCD4SJGdQR442gm3gQIaAw8boA2ahhuFwXnQUdlYlSGFuztjN3wun3EWQSvTmRxkYXPedFtDzvMDTHMzDYrJ_0eGbxSCJGuJb_r5Bk_7PsL3c3bcBsijYT8zHtMwvME4gc9r-MJ_RrkTCPE18yTeeQDL9umFkiFOfRYcDssTFBGAjqJMymNwjqAXd8xR_k5qPD8RvZZcvwe11WpabWqFWq5Q566n1j-6i-aEQ22Lsa0C74_wjWP4TPgvpnYMF-37ZLgOTym2cZ4GZ-uPHbALeHRGeH_GP21ewo65FZ13eWjtHhDY5EPAh6C9oFAxUkISEzwHoaZZq-2nrdDjrwMrCnY_ecjj0eeX-CXYC5aCwcF_vDyXU5v_FYG1e2TaCXiLtMV1JVKqpz_83S8yNfsvPDJ0gkcwHu8qckjLpAFHr-_N1ls2A-sXwWrElMRkI0Xazj4z0f79zr8uYD5P2uXsngWSA8AO5T-ilFv9mcLtq3h_MF8ea56uixcFnQbx7PJzgsqC7ET537WI19XvgdJIeH0HpgF5sF_f49vwH2nhv3ww9pSVg-tMUr_D_1tbsO3xLtyvhmfBfCVobuQn4qzvep5JQihsADrvbCrMYvCSvCQkn49w2FH-ygliS_t38UwXRoO-w2MIKgW1mj_8YftU6ToGdrNQ2J3r-hUrlIGFKfehnRyB9AKJ3kzb3-FtJcF40dI2clzf3XOjsgblZ_LN7Cych-Ih7XhIHfeolFwWN7v60YWDctvykpvsY8UOAOn1YvIwaNolQXpg1CBbl5tuT-ccC9F9jvEIx_M4y77rvtHMaZ7xI499H9IkQH14Pfy_0H22n5e_2nhPHPhLzvguyy51orwG5__g_y1FMgSvXUkwVzafwh_6kPCm2X90_2ewvCfML5y_tdqNtTYD0VSF8zhNlOh7YmBPMPhfk_AbFhccZ__UWc8333tw5YT2mT30k0kTzxCLp3JYG_nxw75P0AxMOb05f0OK4bfnXuwKeaLoAWM8GeFvZNZ6cJ_IFiWwg79g_f27tL3ELE5kpGWj8v5qV5vFjTBejGCM7lzBDM5nOcX3kna6wW8OdB3-1HfzZoLbLsy_r7YLyXcZjZgTMmmi6wljxv69n7bZgbamtkIW1C75fr-3nY7dbl8-ZzC4ToRIZ7WzXfXq6TH5C3Q8qdLOCv3r3pmdirBHv_zT-CqFG63UXZAv9diP2NichJ61URL8DcpbWT9RkCt0_iuRiXI3prwWntOMu6JH2wuXci5rUuaNzmzPW104_acdZ1Pmebv8ikavGb5ZaO14xO9XVifaLQHC9c0GznoFs-de7Bap2wNmPLJOyndipgOY_jfA-cs-1HPndp8m7_P8iAMaRJ3WJ_1HCe8yhgXek29sM6V4LU7Pn-mEv_ZOrmotb4a2yRxriYc862NmWb_WrGtriYTCAlURri-XYUn-Z6FuJH9ujzLtN1Oez7tkP3Y097L69Uxt9u9u0eTtp0mXOdQh57LT46U4Vrw7eGhzOXtR0RgoE9uvDCPCPzQNFtrmbbJCXKpvzZ5BKtY_UftG28dUo1lU5VUulKJZVCa92Ip2wvgJVGlaqqUWk0Km05VCqFWtXHkJbK9EFqUpU6HWrN6BptlSpHWnZNpVHkqU5Zdp1WUahGIWVaX51iVEXaFUOZF4VOUUhHkWWKriyUpSbt_VX2rinKLO9Dqi1SlU6dKaV9qPMsr5S5WpMy-5ZZUZU6jSpTlaqi1GXqrlCqS7WmKHJlHyql8svKe5lp066rpFWu1WZPlOal_VFW6p4z-ypUam0q1fahyRUKjTJTltqHv9BIpbpKWyjVUpVySJXqru1ffq6WVmmVaj49VVZoM61Ozew7cqXi61FJX4DS6fKyUH21Rf_IFtKHfRQKRdc--NCoP47Vk9mrsrrYf_1lllp9b9L9xBJCVPXPLCnalAUjEInmgr3OcHJLygC0xuv5idYOF1MiefH8OuUnI6HaM551a10u6HLKXCYPbQVchkBSvWhNQkFk0i8YREagi_0UmKE3HzD6ATlK9PIglMVKnF1jzNXlOM1egz5fLbpZOZEERjMeaG3qH9ej2jzrhqzefnBgrx1Ha9butvdhQ7cVDlP1NAVxE0VGXehLbGVg7ra-3dzJfAn3yXtVBvjNFu1MUjP3jDrQTj9Mpq5BGy-QgkZq1T3D2CwfOVKbsUT_8qJvQStncullFCvpTVsYeGPSJL0l1xB-xlRoUXWCZ0WCp6_VD7NkxHpjhiwUi0-JsQUVOlYHzTilySaKmaKbC6g9t1XV46xWveZ8_Y67p3UqPynF1PA4LcqAhaMeQk8SnrS_AiFTAjBE0wXk6UqTUaoLOijCl8Ivb1sc3MayXQ0D4rq4yU_IkYfw6CGBQAc4uGYHCMMgGRC-TXxhLk52Ok-yPV7zVw712gY-DiHRhgMvSV_5M363_1gf7j-0IQ5OwPs1A7eebrCuhtbwdTb_MUN96Fl146WxTldkfaiY04GnASR8qe0DSnjPSLrPUKJTSUNz_XgCu3tJN08OkUzpUAZEBMS1utQBYYKaBI-fUF4vIrwe4_dJQUpkME8AdpD8OSv_OtpK019_ul79XnVmRd02Tze8px5Dbeote1VJENtqPeuzO_h0VTi0VaQxVseGsUoQ9k4MrylcGKv38G3ReefQSBQ9BYy9CNn8NhDWMg-N3JQovBHHXXDG10Ghs40uGRl9eIU-3Ek-xKKREERGsYWfxCQJwQTzY6cpwaAVNCATIaiBUle6ihZ1cvhAQ0RCBg8hCZP6lwuPtik0MOKrXGF8iBv6JNRFnNnY8pvgt-Z8bVtDnOZZtBn0NWZMHyKrCdAXMII8jCaxKDlUFTCBQQZUFRiMWVtCxIDUhNIRoJxDnqz7MK59cAb13IKu0iq2URMZ19ITeRGhvQkA2JMwN82KsGcHF7laUcRGSO9E611Ib2aIz5Hc0TS7SG9qiCuR3hGlSUd6I5oYAslVJekbTmKvjxgV-QMeGdIy8AUIgg4XuZhZcYsBPgFrI2brVWd2aJmqhYwtDcNDM2KiRk39aZnHaUxzWuB-kyCIe00QDAFNaJkONQc6JR2UYIchD73P2Ig1iaShXjZf8SlX55kn_PaD6hlP4lDqMSGRjkMAWATblSsaJO03fK8j3FQbQWSkbGSb-Q4C10E6PchGAPw%3D&uniformat=true&callback=Ya%5B3602596323094%5D
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
2bb6714466d236d6182301286ac159b482056c473e5293ffe6494315d8529481
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 18 Aug 2024 17:38:36 GMT
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
x-content-type-options
nosniff
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
content-encoding
gzip
x-yandex-req-id
1724002716572969-3936456376784597679-balancer-l7leveler-kubr-yp-sas-40-BAL
uniformat-product-type
Direct
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 18 Aug 2024 17:38:36 GMT
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat
true
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type
application/json
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sun, 18 Aug 2024 17:38:36 GMT
watch.js
mc.yandex.ru/metrika/ 		157 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
b57bea2adfc7b0808a369e963ee65d0f71c797309ef9d896886d3811ab8818ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 18 Aug 2024 17:38:36 GMT
content-encoding
br
last-modified
Tue, 06 Aug 2024 09:26:33 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag
"66b1ec49-ddff"
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
timing-allow-origin
*
content-length
56831
expires
Sun, 18 Aug 2024 18:38:36 GMT
event_confirmation
an.yandex.ru/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://1275.ru
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://1275.ru
access-control-max-age
1728000
content-encoding
gzip
date
Sun, 18 Aug 2024 17:38:37 GMT
strict-transport-security
max-age=31536000
timing-allow-origin
*
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ 		0
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sun, 18 Aug 2024 17:38:37 GMT
last-modified
Sun, 18 Aug 2024 17:38:37 GMT
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Sun, 18 Aug 2024 17:38:37 GMT
orig
avatars.mds.yandex.net/get-vh/4909156/2a000001900cbcc1c4f658d35e5741e14e64/ 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.mds.yandex.net/get-vh/4909156/2a000001900cbcc1c4f658d35e5741e14e64/orig
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::184 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
f32da45434196ec4223a8704890201a1c92eb975f0e9b47ea73eeb7245c01bf6

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:37 GMT
last-modified
Wed, 12 Jun 2024 13:56:55 GMT
server
nginx
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to
{"group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/s3_nel?datacenter=KLG"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=86400,immutable
access-control-allow-credentials
true
timing-allow-origin
*
content-length
104802
x-request-id
750086e0f8c96c3d
composites.alabuga.ru
favicon.yandex.net/favicon/ 		991 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://favicon.yandex.net/favicon/composites.alabuga.ru?size=32&stub=2
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::36 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
bcbf8d917d2f45c39329dd47453eb02831800e52bc305efe58d2f7c347e5c192
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
Cache-Control
max-age=691200
X-Content-Type-Options
nosniff
X-Yandex-Req-Id
1724002717154089-1832735503455864466900267-production-app-host-sas-favicon-12
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
Content-Type
image/png
fee31f9fa3e4f5640ad9.js
yastatic.net/partner-code-bundles/1089095/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/fee31f9fa3e4f5640ad9.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
bea864f0b1cdc4c54757c699527cb3efff5233a6d6095bd2e97fb8828f61091a
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:03:32 GMT
content-encoding
br
strict-transport-security
max-age=43200000; includeSubDomains;
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
2851
last-modified
Thu, 15 Aug 2024 13:32:53 GMT
etag
"82c2cb4f9297ed50397fdd28621fd994"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
timing-allow-origin
*
expires
Wed, 19 Aug 2054 00:14:36 GMT
101232317b7ae6a3cfd0.js
yastatic.net/partner-code-bundles/1089095/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1089095/101232317b7ae6a3cfd0.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
ca78c8772144786ce0ee316088200440e6186d283898cc36ebf18fbbe1eb79ab
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=43200000; includeSubDomains;
content-encoding
br
date
Sun, 18 Aug 2024 16:53:33 GMT
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
8435
last-modified
Thu, 15 Aug 2024 13:32:50 GMT
etag
"9f12ef5b2901243c39e019a384e2a564"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=946708560
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex, noarchive, nofollow
expires
Wed, 19 Aug 2054 00:14:36 GMT
1788970
yandex.ru/ads/meta/ 		467 B
402 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/meta/1788970?target-ref=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&pcode-version=1089095&pcodever=1089095&comboblock-unencoded-vast=1&ad-session-id=7088881724002715667&target-id=79087347&pcode-test-ids=1066209%2C0%2C94%3B918197%2C0%2C6%3B1078671%2C0%2C20%3B1034857%2C0%2C40%3B1076847%2C0%2C12%3B1076432%2C0%2C32%3B1089383%2C0%2C3%3B1077081%2C0%2C80%3B1065396%2C0%2C98%3B1035458%2C0%2C41%3B1083219%2C0%2C47%3B1083172%2C0%2C1%3B1082178%2C0%2C46%3B1059498%2C0%2C60%3B1037227%2C0%2C90%3B1082207%2C0%2C85%3B1078044%2C0%2C76%3B1051946%2C0%2C90%3B1085920%2C0%2C45%3B1082191%2C0%2C13&pcode-flags-map=eJy1WNty2zgS%2FRc9R17ewEveIBKUUCIJDgBK9kylUMpYSbxlx1Oxk8kmlX%2FfBghKImWTzlz8IvPSB41G9%2BnT%2FD7LqMCLgqiUNZVUnGSUk1QqWuG6nr3%2B7fvsy%2B728372eiZ5Q2avZo%2F7h0d6DdeR5wSBN%2Fvx5tVsg4VqBFFlU0jKWVEAWiX1P4SrLZbpimRK0pIolueCyHFc33Oi6IDLieRXilWqInLL%2BFoRzhkfR0BhECUGQS%2FKGqlqToxfRw83NCNM2ec9ONeBvx5e4ieRM4G3aPIcdkvKWl6pgpZ0CPrTiJsa0%2Byf9zBv4P%2B%2FilrBQfzTnj6D%2BbfO52nMfy8Cf%2FX0dYYvOV6oglRLueoZQX3Fp2axEztRcDQjUqWNkKxUmxLX3YbUBhdQDqdA4WBXcYj88Fi5YsWaItM%2FW4VTSWGDi0ZK%2BKGwVZyu4Ul%2FO%2Fuvf5ziuY4fxOjoGUnBp1RisE85wUAMFk%2FQX%2Fue3b7v4yAUxUfHSGWYqWAQGnI54UIYhGFoTDUTXWHFG5WxEsMecsYVzoBJfmmIkGKUOwAoDp24R2sZFitVavqSVzUZuPH77efrvdpdv7v%2F2seJAs870ph1hVXFlQ4rRGd8O1Hsxq21jQKXC7XAVQVZVuBq2eDl0JMBQhzEyfFMhDQoG8IFHPAgOePADdDAGsVuckLCJdvAMdIlnMYSAqIPV5JSTLgQeskxz2sshC4dKBTjCxyJTgglmUngCag49trjNUVnI9FUNKfQW2glCc9xOhoSlMSebSz6VBdrs7ww6dGyjT4YVi7YGEoYJYHTonAOTWmrO1TDK4Vz8EGlBU3XSq44a5ar8S7luk7QhliUmEsF2dkQRS5rtSig6oBGRC%2Fnf5vd7W5uLz59BpT%2F7T5e77%2FC%2F%2F%2B5udu93z%2F0br3f3Zk719%2F2H9vXd19uHu%2Fbf%2B8uTi6uP97Yuxr5gAA3Pu2%2B3d5%2F%2B2Aff%2FvU%2Fn7%2BtLv4uP%2Fz4eyF%2F%2B7u726M6ZveFlFsawC6vspIjuHwIBGWRFVNuSB8LNIRcn1Lk1cY8lfSVOUETntRMAgPdJztCpLwiTjxOZ17QeICg85dgDy99gbX%2FuA6MNd47iHoBpFn7fEcxXEQunPXPdwIYXuRXuBNj6ST0G0TNRdQLKxWOb0c22aMfN%2F1jUUFe4QyAxJucKHzssRSSx%2BtpoAAVUmqZhwqSLw2Yjoxl7VUIuW0HqXOGASXJQrwOCNiLcHpThZChJVhrnqCcOIEijTpYDjZYp5p1XfOmD2zxPOcE7qFhWxpC8F1LYzb%2BgFqbQ8q1pQfxCunOnhDqjsDQH7sHxihA%2Bk6qSaGjKUNhB0CKTmWZAlSdCEI34ynbuIFyO7qGarJITV0V5pwz%2B1IuMdPRsHAyRJSmQYFxcFNomyooAtaUHlwcxTfd1Dc5mr2awe1JgWRU2FzY6%2F1qytpCBcEiODSgOACqNAm84lLhxCSy7RoMpgXOOjGcQ%2FDwEW9ZrzCVaZFAa3W9rTb9i6bamKzkWeTReBSK4QqI5e2L48aRk4UJr0sYzWpdD%2BGZlZDUUIzXDTFehQkQYHtPfD6Uq0IzsZTCNgnRqFrTLC4qtK2P5yafJ897B813508NzrB9OeCQXa96j8jsGeTdf379sHgrtalzwE8uwStgDDaGzjL2eXgMQSL0zVup82zFVPG1hRe0hMjrZbPvFVzVlJBzhY2bUVv33ppambw1qCOjMYFrQ4x%2FnD%2F8Pigg7m7vZ29%2BdE7CZBiie3UogaBLTQVZxSrLZUrzRSHsdnoO%2F3C%2BNF6EWj5livlgXZg4C7YBnyjTGvfLAUGnYABtj9WxwFHQLM95Rotwk0twm%2B6Mk7rl9MCA9FNJKEHs8px69DK1CXFEP%2Bn1fT5YOChCB3M7biiJSTNcb9nB2i%2F2711w3my372bB9HOn7%2BNwuv57t3bMIB76Bp5vU6rp44kjp8CrwlPgbNPF3AuHAe9zDrNl%2F0qS1zQalHizV67r2a%2B44CODBwXrn48A6jropPabTGMRykAgmmjlELXg7jyK7WkZTmh8KHZ25HnaNb2prmAgx83Ro5ndYrevpYLRlgrWk4oceSGgdMvBqPKnhNjoZ%2FABn00ODzkB1675y2H6bXUEh4Yp1C4EtuprEQJcr1TyURLXfwTSgtmOz%2BKhnMqBqkuSAHdCcgcmiqM8xMgoe%2B156xr1SwM9U8EXUIDxpzifubN%2Frx5%2FDD%2FcnO9vz8bNH30NM6EA%2BeGtaZMVUzkWRh3nezAg3KJT9WElX89mD%2B%2BUpgLPj4%2BDMCSbubXecDZ9oXeR15k25q2ax0HYZCuoV76meM7rgcZjvRoCv%2BHAWTMMI1gyrVprEvuqDWgkJfQA55gAndg3xUtL0GU4eXUSJtEcTfRVJhslDva9l2YoqNBwkHjxFnWfREQxbBUf3%2B8Pf%2B6cgSBnekxmi2w3aqp27qgg6JxLtxB4MM4OMKIBojiyhQ%2BgC05geF8gSfqLgoD37PRFtl6qIJ1eLSgHkSs09i2VlcN3hKqvFhJUtYFSMKJRaFZuk%2BpYPPFCmbnooBG1G0InuIM12alkkGI%2BugwEg%2FSGPlJeILeV7Kc5BCZ1WCf5yeEukFkCHIAOEwV7XcC25kZBID0A4Acx%2Flp8BJfHjpyK5ueT%2FkhnqYAmJgAs0kliAaxprWlFThgmtN0cpCCU%2FY9O6ocuJCXtekMU4Zu5PXUNc25Fug5nOsCW33%2F8u8zgOi50XH2qvGVmd%2FMCMsHeuXsIFECfGATvP2izdXCzBqSGeHJJhIh6j76He1%2F1hIqkVSp%2FtoGAWAgAu1IPLVrz%2Bnbi18azMlTxmeLR7ETBAe3jbcpy6yUNKFjwmStN6UNkiA8UMxJX7FTWwq%2FkFaMUziSl2QV6r5ndJuCjJSQkMULY%2BImmjl%2B%2FB9GfM56&pcode-icookie=Qt5wXi3VFAsdW6tX3q88pfaIMKMXKoQA38RzAE6ES3EAv1C4jaWL5yMld5uvY1v%2FFHE7%2FHxN%2Bt%2F4iWAZKB%2FhA0zsz0w%3D&imp-id=3&charset=utf-8&skip-token=yabs.NzIwNTc2MTA0NjA2NjIxMzc%3D&test-tag=320507639496706&tga-with-creatives=1&top-ancestor=https%3A%2F%2F1275.ru&top-ancestor-undetermined=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1050%2C%22top%22%3A1285%2C%22ad_no%22%3A1%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A2%7D&grab-orig-len=3748&grab=eyJncmFiX3ZlcnNpb24iOjJ9CkqmoJAkN-4A1fTCIv5Zsq7t2uLr_lFsGXMJ5SiJLHhdz2kbNZ28bsVtTbCCjR0ZbbwRbf3Sj7p-yUIJRn8Tp3ZdJw2oX0GumJm2Zl3XxH4u-DQtEY2JAQMJyMw0ucQTxzK5pI9UJvcSL-4ykp4SjSSe5IFA5IXiJOrBJINP7s96ko7Am-WDJkZIXutKlbrWySkbrHJx98aMhrgj1qfdz4JE5CVhpJ9ZGHk98hDrwbKRnlImp2yV5mEqmFk8fB-xXhT6Xu11sSgeXq_TLh3C2Jt-EhHE3QFYH-V54ElaawtNaXNIw0A8vNr3RpSOIJ14orqL857WQfdFYeQn-Nc97fkI6iAhkHh6mTxN8G1S_MTrzz2YQOAmojpOIrjzU-o9-s4j7cGXCPLD5kJxeSxcl-dCYMF2udPlTBYcl-1iLhckl--iu1wWNDnlaDH4oFtJrh1eaQJyT-lKd1jqJLrgSYVxbEw5Dz6zz6OxOuBDZnHjE0K5PBawBRfGdlNxj4TfPU4Wnp4Jg8QTNLiOs3G850y8-ML4axx5EhtT8BOCaHjCD4SJGdQR442gm3gQIaAw8boA2ahhuFwXnQUdlYlSGFuztjN3wun3EWQSvTmRxkYXPedFtDzvMDTHMzDYrJ_0eGbxSCJGuJb_r5Bk_7PsL3c3bcBsijYT8zHtMwvME4gc9r-MJ_RrkTCPE18yTeeQDL9umFkiFOfRYcDssTFBGAjqJMymNwjqAXd8xR_k5qPD8RvZZcvwe11WpabWqFWq5Q566n1j-6i-aEQ22Lsa0C74_wjWP4TPgvpnYMF-37ZLgOTym2cZ4GZ-uPHbALeHRGeH_GP21ewo65FZ13eWjtHhDY5EPAh6C9oFAxUkISEzwHoaZZq-2nrdDjrwMrCnY_ecjj0eeX-CXYC5aCwcF_vDyXU5v_FYG1e2TaCXiLtMV1JVKqpz_83S8yNfsvPDJ0gkcwHu8qckjLpAFHr-_N1ls2A-sXwWrElMRkI0Xazj4z0f79zr8uYD5P2uXsngWSA8AO5T-ilFv9mcLtq3h_MF8ea56uixcFnQbx7PJzgsqC7ET537WI19XvgdJIeH0HpgF5sF_f49vwH2nhv3ww9pSVg-tMUr_D_1tbsO3xLtyvhmfBfCVobuQn4qzvep5JQihsADrvbCrMYvCSvCQkn49w2FH-ygliS_t38UwXRoO-w2MIKgW1mj_8YftU6ToGdrNQ2J3r-hUrlIGFKfehnRyB9AKJ3kzb3-FtJcF40dI2clzf3XOjsgblZ_LN7Cych-Ih7XhIHfeolFwWN7v60YWDctvykpvsY8UOAOn1YvIwaNolQXpg1CBbl5tuT-ccC9F9jvEIx_M4y77rvtHMaZ7xI499H9IkQH14Pfy_0H22n5e_2nhPHPhLzvguyy51orwG5__g_y1FMgSvXUkwVzafwh_6kPCm2X90_2ewvCfML5y_tdqNtTYD0VSF8zhNlOh7YmBPMPhfk_AbFhccZ__UWc8333tw5YT2mT30k0kTzxCLp3JYG_nxw75P0AxMOb05f0OK4bfnXuwKeaLoAWM8GeFvZNZ6cJ_IFiWwg79g_f27tL3ELE5kpGWj8v5qV5vFjTBejGCM7lzBDM5nOcX3kna6wW8OdB3-1HfzZoLbLsy_r7YLyXcZjZgTMmmi6wljxv69n7bZgbamtkIW1C75fr-3nY7dbl8-ZzC4ToRIZ7WzXfXq6TH5C3Q8qdLOCv3r3pmdirBHv_zT-CqFG63UXZAv9diP2NichJ61URL8DcpbWT9RkCt0_iuRiXI3prwWntOMu6JH2wuXci5rUuaNzmzPW104_acdZ1Pmebv8ikavGb5ZaO14xO9XVifaLQHC9c0GznoFs-de7Bap2wNmPLJOyndipgOY_jfA-cs-1HPndp8m7_P8iAMaRJ3WJ_1HCe8yhgXek29sM6V4LU7Pn-mEv_ZOrmotb4a2yRxriYc862NmWb_WrGtriYTCAlURri-XYUn-Z6FuJH9ujzLtN1Oez7tkP3Y097L69Uxt9u9u0eTtp0mXOdQh57LT46U4Vrw7eGhzOXtR0RgoE9uvDCPCPzQNFtrmbbJCXKpvzZ5BKtY_UftG28dUo1lU5VUulKJZVCa92Ip2wvgJVGlaqqUWk0Km05VCqFWtXHkJbK9EFqUpU6HWrN6BptlSpHWnZNpVHkqU5Zdp1WUahGIWVaX51iVEXaFUOZF4VOUUhHkWWKriyUpSbt_VX2rinKLO9Dqi1SlU6dKaV9qPMsr5S5WpMy-5ZZUZU6jSpTlaqi1GXqrlCqS7WmKHJlHyql8svKe5lp066rpFWu1WZPlOal_VFW6p4z-ypUam0q1fahyRUKjTJTltqHv9BIpbpKWyjVUpVySJXqru1ffq6WVmmVaj49VVZoM61Ozew7cqXi61FJX4DS6fKyUH21Rf_IFtKHfRQKRdc--NCoP47Vk9mrsrrYf_1lllp9b9L9xBJCVPXPLCnalAUjEInmgr3OcHJLygC0xuv5idYOF1MiefH8OuUnI6HaM551a10u6HLKXCYPbQVchkBSvWhNQkFk0i8YREagi_0UmKE3HzD6ATlK9PIglMVKnF1jzNXlOM1egz5fLbpZOZEERjMeaG3qH9ej2jzrhqzefnBgrx1Ha9butvdhQ7cVDlP1NAVxE0VGXehLbGVg7ra-3dzJfAn3yXtVBvjNFu1MUjP3jDrQTj9Mpq5BGy-QgkZq1T3D2CwfOVKbsUT_8qJvQStncullFCvpTVsYeGPSJL0l1xB-xlRoUXWCZ0WCp6_VD7NkxHpjhiwUi0-JsQUVOlYHzTilySaKmaKbC6g9t1XV46xWveZ8_Y67p3UqPynF1PA4LcqAhaMeQk8SnrS_AiFTAjBE0wXk6UqTUaoLOijCl8Ivb1sc3MayXQ0D4rq4yU_IkYfw6CGBQAc4uGYHCMMgGRC-TXxhLk52Ok-yPV7zVw712gY-DiHRhgMvSV_5M363_1gf7j-0IQ5OwPs1A7eebrCuhtbwdTb_MUN96Fl146WxTldkfaiY04GnASR8qe0DSnjPSLrPUKJTSUNz_XgCu3tJN08OkUzpUAZEBMS1utQBYYKaBI-fUF4vIrwe4_dJQUpkME8AdpD8OSv_OtpK019_ul79XnVmRd02Tze8px5Dbeote1VJENtqPeuzO_h0VTi0VaQxVseGsUoQ9k4MrylcGKv38G3ReefQSBQ9BYy9CNn8NhDWMg-N3JQovBHHXXDG10Ghs40uGRl9eIU-3Ek-xKKREERGsYWfxCQJwQTzY6cpwaAVNCATIaiBUle6ihZ1cvhAQ0RCBg8hCZP6lwuPtik0MOKrXGF8iBv6JNRFnNnY8pvgt-Z8bVtDnOZZtBn0NWZMHyKrCdAXMII8jCaxKDlUFTCBQQZUFRiMWVtCxIDUhNIRoJxDnqz7MK59cAb13IKu0iq2URMZ19ITeRGhvQkA2JMwN82KsGcHF7laUcRGSO9E611Ib2aIz5Hc0TS7SG9qiCuR3hGlSUd6I5oYAslVJekbTmKvjxgV-QMeGdIy8AUIgg4XuZhZcYsBPgFrI2brVWd2aJmqhYwtDcNDM2KiRk39aZnHaUxzWuB-kyCIe00QDAFNaJkONQc6JR2UYIchD73P2Ig1iaShXjZf8SlX55kn_PaD6hlP4lDqMSGRjkMAWATblSsaJO03fK8j3FQbQWSkbGSb-Q4C10E6PchGAPw%3D&uniformat=true&callback=Ya%5B5377450683035%5D
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
8354fc0ff592ed860fe6df249adbaf0e709912df416ca4ff1dbe051f25dd48b9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
date
Sun, 18 Aug 2024 17:38:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id
1724002716916602-259849908963810848-balancer-l7leveler-kubr-yp-sas-40-BAL
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 18 Aug 2024 17:38:36 GMT
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sun, 18 Aug 2024 17:38:36 GMT
render.html
yastatic.net/safeframe-bundles/0.83/1-1-0/ Frame 0083 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
Requested by
Host: yastatic.net
URL: https://yastatic.net/safeframe-bundles/0.83/host.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, max-age=946708560
content-encoding
br
content-length
6262
content-type
text/html
date
Sun, 18 Aug 2024 17:10:26 GMT
etag
"eb77de48712912aadc9aa8171ac75ede"
expires
Wed, 19 Aug 2054 00:14:37 GMT
last-modified
Wed, 03 Nov 2021 13:42:58 GMT
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
vary
Accept-Encoding
x-robots-tag
noindex, noarchive, nofollow
loader.bundle.js
yastatic.net/vas-bundles/1089383/bundles-es2017/ 		801 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/vas-bundles/1089383/bundles-es2017/loader.bundle.js
Requested by
Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/1089095/b0df7beb1774362cd6e6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
b2e0dba91c2c889d0f96952f3a253cc2ce937fa54f30bb90225152b9ff5e6d11
Security Headers
Name Value
Strict-Transport-Security max-age=946708560; includeSubDomains;

Request headers

Referer
https://1275.ru/
Origin
https://1275.ru
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 16:43:33 GMT
content-encoding
br
strict-transport-security
max-age=946708560; includeSubDomains;
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length
211343
last-modified
Thu, 15 Aug 2024 17:17:45 GMT
etag
"fb6ed7568473b011c59dd624f449bdb2"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=946708560
accept-ranges
bytes
x-robots-tag
noindex, noarchive, nofollow
timing-allow-origin
*
expires
Wed, 19 Aug 2054 00:14:37 GMT
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10465.ntCc_Gcq8Y15iZN2JOCOXsC_s_1C2tt7IvO5UlOa0xig_AeZmR4xbt8K3JP1MPH4.pWMx7gIP8NILojPWsBF-U_wwBmo%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=10465.eMlZ9z9741djiY-kvwBRVvClONBKtlU_QlKW_SLcnugUeL2FDcUtmRWsrHxAYx7fC6i0jTvmfPj8OTAmJibYEWAkrJ5dhCqleeX3IrLoViHGMIk1u_hJygQibT0m3_lsaI25gyHorc...
43 B
808 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=10465.eMlZ9z9741djiY-kvwBRVvClONBKtlU_QlKW_SLcnugUeL2FDcUtmRWsrHxAYx7fC6i0jTvmfPj8OTAmJibYEWAkrJ5dhCqleeX3IrLoViHGMIk1u_hJygQibT0m3_lsaI25gyHorcfmgtodDhP76lYvIxmlyGCd_SbbYKz8__u4hrH7cuxjNak8188o36BnSLErzhCYgj2hLagv8uddoYxa3RBxXUKuewCnmrstdB4%2C.ya8iadb4Ed79I9Anyh5iwtYmKxY%2C
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 18 Aug 2024 17:38:39 GMT
content-length
43
x-xss-protection
1; mode=block
content-type
image/gif

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=10465.eMlZ9z9741djiY-kvwBRVvClONBKtlU_QlKW_SLcnugUeL2FDcUtmRWsrHxAYx7fC6i0jTvmfPj8OTAmJibYEWAkrJ5dhCqleeX3IrLoViHGMIk1u_hJygQibT0m3_lsaI25gyHorcfmgtodDhP76lYvIxmlyGCd_SbbYKz8__u4hrH7cuxjNak8188o36BnSLErzhCYgj2hLagv8uddoYxa3RBxXUKuewCnmrstdB4%2C.ya8iadb4Ed79I9Anyh5iwtYmKxY%2C
date
Sun, 18 Aug 2024 17:38:38 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
metrika_match.html
mc.yandex.com/metrika/ Frame 98D8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/metrika/metrika_match.html
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://1275.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin
*
cache-control
max-age=3600
content-encoding
br
content-length
1046
content-type
text/html
date
Sun, 18 Aug 2024 17:38:37 GMT
etag
"66b1ec49-416"
expires
Sun, 18 Aug 2024 18:38:37 GMT
last-modified
Tue, 06 Aug 2024 09:26:33 GMT
strict-transport-security
max-age=31536000
timing-allow-origin
*
1
mc.yandex.ru/watch/39370120/
Redirect Chain
  • https://mc.yandex.ru/watch/39370120?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715
  • https://mc.yandex.ru/watch/39370120/1?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715
43 B
93 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/39370120/1?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 18 Aug 2024 17:38:37 GMT
strict-transport-security
max-age=31536000
last-modified
Sun, 18-Aug-2024 17:38:37 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
43
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:37 GMT

Redirect headers

pragma
no-cache
date
Sun, 18 Aug 2024 17:38:37 GMT
strict-transport-security
max-age=31536000
last-modified
Sun, 18-Aug-2024 17:38:37 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin
https://1275.ru
location
/watch/39370120/1?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:37 GMT
log
log.strm.yandex.ru/ 		0
229 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://log.strm.yandex.ru/log?VAS=1089383&event=PrioritiseMediaFiles
Requested by
Host: yastatic.net
URL: https://yastatic.net/vas-bundles/1089383/bundles-es2017/loader.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::28d Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-trace-id
00000000000000000000000000000000
date
Sun, 18 Aug 2024 17:38:37 GMT
access-control-allow-origin
https://1275.ru
access-control-expose-headers
Date
access-control-allow-credentials
true
timing-allow-origin
https://1275.ru
content-length
0
x-request-id
1724002717963019-4706082711947454993
VP8_240_426_500.webm
strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/
Redirect Chain
  • https://strm.yandex.ru/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x...
  • https://strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064...
432 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715&noredir=1&lid=289
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Server
2a02:6b8:0:1807::8 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-server-time-ms
1724002720103
date
Sun, 18 Aug 2024 17:38:40 GMT
x-estimated-bandwidth
309840
nel
{"report_to": "network-errors", "max_age": 1200, "success_fraction": 0.005, "failure_fraction": 0.05, "include_subdomains": true}
Content-Range
bytes 0-831627/831628
x_h
strm-ams27.strm.yandex.net
x-strm-request-id
2a60dcc871337166
x-connection-id
913869521
Content-Length
831628
x-request-id
2a60dcc871337166
x-estimated-rtt
160098
last-modified
Wed, 12 Jun 2024 13:57:05 GMT
server
nginx
etag
"e219fc5c2941cd97ccfdf0f0bb004943"
x-strm-log-split
1
content-type
video/webm
report-to
{"group": "network-errors", "max_age": 1200, "include_subdomains": true, "endpoints": [ {"url": "https://dr.yandex.net/strm", "priority": 1}, {"url": "https://dr2.yandex.net/strm", "priority": 2} ]}
access-control-expose-headers
Age, Date, Content-Range, X-Strm-Session, X-Estimated-RTT, X-Estimated-Bandwidth, X-Connection-ID, X-Server-Time-Ms, X-Plg-URL
cache-control
max-age=300
access-control-allow-credentials
true
x-robots-tag
noindex, noarchive, nofollow
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Range, X-Client-Timestamp, X-Strm-Session
expires
Sun, 18 Aug 2024 17:43:40 GMT

Redirect headers

date
Sun, 18 Aug 2024 17:38:37 GMT
nel
{"report_to": "network-errors", "max_age": 1200, "success_fraction": 0.005, "failure_fraction": 0.05, "include_subdomains": true}
x-strm-request-id
0622109e9f9e020b
x_h
strm-anycast-ru-net-production-47.vla.yp-c.yandex.net
content-length
0
x-request-id
0622109e9f9e020b
x-trace-id
00000000000000000000000000000000
server
nginx
x-strm-log-split
0
report-to
{"group": "network-errors", "max_age": 1200, "include_subdomains": true, "endpoints": [ {"url": "https://dr.yandex.net/strm", "priority": 1}, {"url": "https://dr2.yandex.net/strm", "priority": 2} ]}
location
https://strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715&noredir=1&lid=289
access-control-expose-headers
Age, Date, Content-Range, X-Strm-Session, X-Estimated-RTT, X-Estimated-Bandwidth, X-Connection-ID, X-Server-Time-Ms, X-Plg-URL
cache-control
no-cache
access-control-allow-credentials
true
x-plg
host=strm-plgo-production-190.vla.yp-c.yandex.net; version=14627789
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Range, X-Client-Timestamp, X-Strm-Session
expires
Thu, 01 Jan 1970 00:00:01 GMT
1
mc.yandex.com/watch/1788970/
Redirect Chain
  • https://mc.yandex.com/watch/1788970?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Av...
  • https://mc.yandex.com/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3...
995 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A0%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193837%3Aet%3A1724002717%3Ac%3A1%3Arn%3A63960659%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002719%3At%3ARedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
c525d541f68c0050acd08801fb2133724bbb50cfb6827e2fadb98d5e0c3d3123
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 18 Aug 2024 17:38:38 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Sun, 18-Aug-2024 17:38:38 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type
application/json; charset=utf-8
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
995
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:38 GMT

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sun, 18 Aug 2024 17:38:38 GMT
last-modified
Sun, 18-Aug-2024 17:38:38 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location
/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A0%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193837%3Aet%3A1724002717%3Ac%3A1%3Arn%3A63960659%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002719%3At%3ARedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:38 GMT
1
mc.yandex.com/watch/1788970/ 		43 B
74 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/1788970/1?page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1724002718_4a3d6f42e8f04d9bce81bfd3d9a165a4ee096677e9036f30b63593872b7e0741&browser-info=pa%3A1%3Aar%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A1%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193839%3Aet%3A1724002720%3Ac%3A1%3Arn%3A213268950%3Arqn%3A1%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A3747%3Ads%3A8%2C96%2C3036%2C87%2C0%2C0%2C%2C671%2C5%2C%2C%2C%2C4002%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002720&t=mc(p-1-h-1)clc(0-0-0)rqnt(1)lt(6600)aw(1)rcm(1)cdl(na)eco(565312)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%227088881724002715667%22%7D%7D
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sun, 18 Aug 2024 17:38:39 GMT
last-modified
Sun, 18-Aug-2024 17:38:39 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type
image/gif
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:39 GMT
1788970
mc.yandex.com/watch/ 		43 B
243 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/1788970?page-url=https%3A%2F%2F1275.ru%2Fioc%2F3642%2Fredtail-cryptominer-iocs-part-2%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1724002718_4a3d6f42e8f04d9bce81bfd3d9a165a4ee096677e9036f30b63593872b7e0741&browser-info=pv%3A1%3Aar%3A1%3Avf%3A5hhtndq4m7gdrr9ncc0y4hs3h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1410%3Acn%3A1%3Adp%3A1%3Als%3A762402095013%3Ahid%3A916121685%3Az%3A120%3Ai%3A20240818193839%3Aet%3A1724002720%3Ac%3A1%3Arn%3A963630834%3Arqn%3A2%3Au%3A1724002717185925693%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1724002711078%3Arqnl%3A1%3Ast%3A1724002720%3At%3ARedTail%20Cryptominer%20IOCs%20-%20Part%202%20-%20SEC-1275-1&t=mc(p-1-h-1)clc(0-0-0)rqnt(2)lt(6600)aw(1)rcm(1)cdl(na)eco(565312)ti(0)&force-urlencoded=1
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://1275.ru/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sun, 18 Aug 2024 17:38:39 GMT
last-modified
Sun, 18-Aug-2024 17:38:39 GMT
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type
image/gif
access-control-allow-origin
https://1275.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sun, 18-Aug-2024 17:38:39 GMT
rum
1275.ru/cdn-cgi/ 		0
135 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Sun, 18 Aug 2024 17:38:41 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://1275.ru
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
8b53adcddaff5b3e-FRA
1275.svg
1275.ru/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://1275.ru/1275.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30d219fdd2c143bf6199edb608a596f51e3bb692e5cd8803057a0c478a9140a3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://1275.ru/ioc/3642/redtail-cryptominer-iocs-part-2/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 17:38:41 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5462
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
last-modified
Sun, 17 Jul 2022 14:47:18 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tXT5%2BcK1YMp514nN0EJCmMrKEk%2BZVsz%2BxocqwJx6LVX9a0BV3un63dhKXO9z1A%2F6h2qnPOVUYG2oTKkeeJDd2v36DQLEYwK8nDuXwRpZltHAIsihrtTgQvr"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
8b53adcecbb05b3e-FRA
priority
u=1,i
VP8_240_426_500.webm
strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
strm-ams27.strm.yandex.net
URL
https://strm-ams27.strm.yandex.net/vh-canvas-converted/vod-content/8681222488459704287/ead1ad7d-10a2-42ac-bbd1-ba918287b2a9/webm/VP8_240_426_500.webm?vsid=e47eb5ffc6b3f48782678c6e24df4df39b4ac9a064eaxVASx9095x1724002715&noredir=1&lid=289

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ctPublicFunctions object| ctPublic object| UrvanovSyntaxHighlighterSyntaxSettings object| UrvanovSyntaxHighlighterSyntaxStrings function| jQueryUrvanovSyntaxHighlighter function| ownKeys function| _objectSpread function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _callSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _isNativeReflectConstruct function| _getPrototypeOf function| _inherits function| _setPrototypeOf function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| _typeof function| _classCallCheck function| _defineProperties function| _createClass function| _defineProperty function| _toPropertyKey function| _toPrimitive function| ApbctCore function| ctProcessError function| apbct function| ApbctXhr function| ApbctAjax function| ApbctRest function| ctSetCookie function| ctDetectForcedAltCookiesForms function| ctSetAlternativeCookie function| ctGetCookie function| ctDeleteCookie function| apbct_public_sendAJAX function| apbct_public_sendREST function| apbctGenerateUniqueID object| apbctLocalStorage object| apbctSessionStorage function| apbctOnAnimationStart function| apbctOnInput function| apbctAutocomplete function| apbctCancelAutocomplete number| ctMouseReadInterval number| ctMouseWriteDataInterval function| CTTypoData object| ctDate number| ctTimeMs boolean| ctMouseEventTimerFlag object| ctMouseData object| ctCheckedEmails function| apbct_attach_event_handler function| apbct_remove_event_handler function| ctFunctionFirstKey function| ctFunctionMouseMove function| cronFormsHandler function| restartBotDetectorEventTokenAttach function| ctMouseStopData function| ctKeyStopStopListening function| checkEmail function| ctIsDrawPixel function| ctSetPixelImg function| ctSetPixelImgFromLocalstorage function| ctGetPixelUrl function| ctSetHasScrolled function| ctSetMouseMoved function| restartFieldsListening function| ctStartFieldsListening function| ctStopFieldsListening function| ctFunctionHasInputFocused function| ctFunctionHasKeyUp function| ctSetHasInputFocused function| ctSetHasKeyUp function| ctPreloadLocalStorage function| apbctPrepareBlockForAjaxForms function| startForcedAltEventTokenChecker function| apbct_ready function| apbctCatchXmlHttpRequest function| ctAjaxSetupAddCleanTalkDataBeforeSendAjax function| ctOnsubmitPrevCallExclude function| ctSearchFormOnSubmitHandler function| ctFillDecodedEmailHandler function| apbctAjaxEmailDecodeBulk function| apbctEmailEncoderCallbackBulk function| resetEncodedNodes function| getJavascriptClientData function| removeDoubleJsonEncoding function| ctProcessDecodedDataResult function| ctFillDecodedEmail function| ctShowDecodeComment function| apbct_collect_visible_fields function| apbct_visible_fields_set_cookie function| apbct_js_keys__set_input_value function| apbctGetScreenInfo function| ctParseBlockMessage function| ctSetPixelUrlLocalstorage function| ctNoCookieConstructHiddenField function| getCleanTalkStorageDataArray function| ctGetPageForms function| ctGetHiddenFieldExclusionsType function| ctCheckHiddenFieldsExclusions function| ctNoCookieAttachHiddenFieldsToForms function| defaultFetch function| defaultSend function| apbctRealUserBadge function| apbctRealUserBadgeWoocommerce function| checkFormsExistForCatching function| isFormThatNeedCatch function| isFormThatNeedCatchXhr function| getNoCookieData function| apbctWriteReferrersToSessionStorage object| cleantalkModal function| ctProtectExternal function| formIsExclusion function| apbctGetFormClass function| apbctProcessIframes function| apbctProcessExternalForm function| apbctProcessExternalFormByFakeButton function| apbctReplaceInputsValuesFromOtherForm function| ctProtectKlaviyoForm function| apbctProcessExternalFormKlaviyo function| ctProtectOutsideIframe function| ctProtectOutsideIframeHandler function| catchNextendSocialLoginForm function| blockBtnNextendSocialLogin function| allowAjaxNextendSocialLogin function| forbiddenAjaxNextendSocialLogin function| ctCheckAjax function| isIntegratedForm function| isFormHasDiviRedirect function| sendAjaxCheckingFormData function| catchDynamicRenderedForm function| catchDynamicRenderedFormHandler function| sendAjaxCheckingDynamicFormData function| apbctVal function| ctCheckInternal function| ctCheckInternalIsExcludedForm function| jQuery object| UrvanovSyntaxHighlighterUtil object| jqueryPopup function| popupWindow function| popdownWindow object| UrvanovSyntaxHighlighterSyntax object| yaContextCb object| pseudo_links object| _paq object| eztoc_smooth_local object| ezTOC object| ajax_tptn_tracker object| settings_array object| wps_ajax function| Cookies object| VK object| ODKL object| _goodshare object| q2w3_sidebar_options object| a3_lazyload_params object| a3_lazyload_extend_params function| extendStatics function| __extends function| __assign function| reactive function| StaticOffsets function| DynamicOffsets string| StopWidgetClassName string| FixedWidgetClassName function| BaseWidget function| getWidgetContainer function| compatabilty_FW_v5 function| queryElements function| findWithProperty function| PositionWidget function| FixedWidget function| StickyWidget function| StopWidget function| Sidebar function| Sidebars function| onDocumentLoaded object| addComment object| __cfBeacon string| currentURL string| currentDir object| GET string| top_menu_mobile_position object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log function| cnc object| pcode_1089095_default_lCT9DOgtOO object| Ya object| __activeTestIds object| __vasActiveTestIds object| __pcodeAllActiveTestIds number| pr function| AdFox_getCodeScript object| ya object| yaads object| yaSafeFrameCallbacksStorage boolean| isLoadingSafeframeStarted object| adfoxAsyncParams object| adfoxAsyncParamsScroll object| adfoxAsyncParamsAdaptive object| layoutConfig object| $sf object| yaSafeFrameAsyncCallbacks object| yaCounter1788970 object| webpackChunkvas

56 Cookies

Domain/Path Name / Value
yastatic.net/safeframe-bundles/0.83/1-1-0 Name: pcssspb
Value: 1
yastatic.net/safeframe-bundles/0.83/1-1-0 Name: afpix
Value: 1
yastatic.net/safeframe-bundles/0.83/1-1-0 Name: pcs3
Value: 1
shopnetic.com/api/rtb/dmp Name: test_cookie
Value: 1
kimberlite.io/rtb/sync Name: f
Value: https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsoltadspis%2FZsIxn06-siQ
kimberlite.io/rtb/sync Name: n
Value: 1
kimberlite.io/rtb Name: da
Value: KLqvcgAAAAE
.yandex.ru/ Name: i
Value: nVPwpixM0OPpOQdnWvxx9l9ZJcrFOTtSr3unkg2BVCF0CI2VERTMT5+5d5Rui/xYik+8d4uDXYHHekR9aMf3w18debQ=
.yandex.ru/ Name: yandexuid
Value: 3753850401724002714
.yandex.ru/ Name: yashr
Value: 1734025261724002714
.yandex.ru/ Name: receive-cookie-deprecation
Value: 1
1275.ru/ Name: _pk_id.97eED41Ee1b3d80.a7b8
Value: 0aafca42784ea57b.1724002715.
1275.ru/ Name: _pk_ses.97eED41Ee1b3d80.a7b8
Value: 1
.1275.ru/ Name: cf_clearance
Value: KFyLSRfw5ynbU9IT0LHAUs8j9UIi2YnFCXa8JD7vUJg-1724002715-1.2.1.1-9GRPYVBPTG9LBWN5_286ZUw_sra2OTYzQbagwD1hmKpIRmaJQFKu8utUaoP23eGE_QGgpmYn7yn0SFaQt66LTRQcn68Y0tKE_KSYBNsh7QmD6Hqj8mkeyS3yuKj8FbiT66pMNjruvludl8yifDe4affYxSj.2MzoDEkxCft2TT.C53Sl83fuDBfVMVj5F42ImPm5UykuIPYctyF93AXtmMccKv_5Xttli..Y1AyW9KAA2DqMmTtuIexo6GeBxO7b0T1S1C0oM_m_LTuGlmmLHcstDb.S5TAZ6JxInclv6K7E.fpnl.wL5uPrWkb8MarzaG5__uVyt3Jx8ECkcwuAJMpAH3h6C77ewCND34wrfjIm4TDwitMqw92LA6igen39
.yandex.ru/ Name: yabs-vdrf
Value: A0
mc.yandex.ru/ Name: yabs-sid
Value: 1967653061724002717
.yandex.ru/ Name: yuidss
Value: 3753850401724002714
.yandex.ru/ Name: ymex
Value: 1755538717.yrts.1724002717
.yandex.com/ Name: yashr
Value: 8658097601724002717
.weborama.fr/ Name: AFFICHE_W
Value: -dYdWgdUXyH935
.dmg.digitaltarget.ru/ Name: viuserid
Value: EYb1Oh3-z1RRyDd7HbNs
.tns-counter.ru/ Name: guid
Value: A4AB7A2666C2319DX1724002717
.mts.ru/ Name: ma_last_sync
Value: 1724002717518
.mts.ru/ Name: ma_id
Value: 4623952351724002717518
.dsp.mpartner.digital/ Name: dmp
Value: PQqgzfbIdMyQLTTcNlTEsDZahOZbTRAW
.yandex.ru/ Name: bh
Value: EkEiTm90KUE7QnJhbmQiO3Y9Ijk5IiwgIkdvb2dsZSBDaHJvbWUiO3Y9IjEyNyIsICJDaHJvbWl1bSI7dj0iMTI3IioCPzA6ByJMaW51eCJgnuOItgY=
.mc.yandex.com/ Name: sync_cookie_csrf
Value: 1778243761fake
mc.yandex.com/ Name: yabs-sid
Value: 963698951724002718
.yandex.com/ Name: receive-cookie-deprecation
Value: 1
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 2137929520fake
.targetads.io/ Name: _TADUID
Value: 10663265552076046011
.acint.net/ Name: test_cookie
Value: CheckForPermission
.acint.net/ Name: aid
Value: fwAACmbCMZ6+HAbVl42sAlje1ts4IN+k5tZpZCmqJvrobKeU
.uuidksinc.net/ Name: jcsuuid
Value: yBNZNhQEeMGpB2Z8X4yZ
.acint.net/ Name: cSyncDp14v4
Value: 1724002719
.adhigh.net/ Name: gi_u
Value: PHxQmAKKxL2.AikABlGRZpHWvA
.yandex.com/ Name: yandexuid
Value: 3753850401724002714
.yandex.com/ Name: yuidss
Value: 3753850401724002714
.yandex.com/ Name: i
Value: nVPwpixM0OPpOQdnWvxx9l9ZJcrFOTtSr3unkg2BVCF0CI2VERTMT5+5d5Rui/xYik+8d4uDXYHHekR9aMf3w18debQ=
.yandex.com/ Name: yp
Value: 1724089119.yu.6761934301724002717
.yandex.com/ Name: ymex
Value: 1726594719.oyu.6761934301724002717#1755538718.yrts.1724002718
.mc.yandex.com/ Name: sync_cookie_ok
Value: synced
.yandex.com/ Name: bh
Value: KgI/MGCf44i2Bg==
.adhigh.net/ Name: yandexssp_sync
Value: L7tn
kimberlite.io/ Name: u
Value: ZsIxn06-siU~BtxsZUXYUZBA1glRzeqPVcn9i5g
shopnetic.com/ Name: shuniq
Value: VHLByo4LuGBseNIiXY2xlWbrUoI
.ssp-rtb.sape.ru/ Name: sspuid
Value: CkIDM2bCMaCh/gXkjwaXAuvrZumUpq/LsMXCXzBkiISDl2KH
.mts.ru/ Name: reset_cookie
Value: 1
.mts.ru/ Name: dspid
Value: e5fbc043-be58-459b-b1c8-2c9fa7d6eb2a
.bumlam.com/ Name: suuid3
Value: IiRiNTUwMmU1ZS01ZDg4LTExZWYtODZlMC0wMDI1OTBjMDY0N2M*
.upravel.com/ Name: session_tptc
Value: 1724002721439
.upravel.com/ Name: user_id
Value: 45504a68-c9f2-4743-ad57-e5e84fbbd2c6
.rutarget.ru/ Name: userId
Value: h-XoGVxekeaJ
sync.gonet-ads.com/ Name: chk
Value: 1
.adx.opera.com/ Name: UID
Value: OPU2faf35500bdd4358b23ddb0d0748e540
.demdex.net/ Name: demdex
Value: 40115697162906018093234572863137933797

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1275.ru
an.yandex.ru
avatars.mds.yandex.net
favicon.yandex.net
log.strm.yandex.ru
mc.yandex.com
mc.yandex.ru
static.cloudflareinsights.com
strm-ams27.strm.yandex.net
strm.yandex.ru
waos-soft.ru
yandex.ru
yastatic.net
strm-ams27.strm.yandex.net
172.67.140.84
2606:4700:3032::6815:2455
2606:4700::6810:4f49
2a02:6b8:0:1807::8
2a02:6b8:20::215
2a02:6b8::184
2a02:6b8::1:119
2a02:6b8::28d
2a02:6b8::36
2a02:6b8::487
2a02:6b8::90
2a02:6b8:a::a
00685798a2be74d85eb048b2ad280413434fe055a0d61cc0673cd06b5a414f32
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
0ef3b3169d726701ae448082d6e822b09d40f3087ab8cb88bad1b65981458ab2
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031
2bb6714466d236d6182301286ac159b482056c473e5293ffe6494315d8529481
30d219fdd2c143bf6199edb608a596f51e3bb692e5cd8803057a0c478a9140a3
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146
49681cf629185b67be2aa28ab7a821f4fbd9dad0d38e19928401818aa2914f0d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57b706ad8e6cf27d0734cf87efeef7e4151e6ceb6eb92c854e719e1baf7c5e8e
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b
71f88d9dc56863616641a0f979c8980f6ba80a430db1455fb60bb316bc7483ac
8354fc0ff592ed860fe6df249adbaf0e709912df416ca4ff1dbe051f25dd48b9
86abd377f7f68f7ee1d2f0254c51b5b33e4a868f672da114020aa04c37ee6eb1
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a77ab6376bf1e6fa1182199bec8be63db1cd7cd0fdf0ec8dfcd3ba28f9845c5
9387807e98875575d1c4f5c12d5b0088c30f9f16cd72d63306db0d841e3a8609
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
9f4add628ef0aa1be1b751dac0021d045842d43a6faa4b2f87794a1839a7eb9f
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f
b2e0dba91c2c889d0f96952f3a253cc2ce937fa54f30bb90225152b9ff5e6d11
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee
b57bea2adfc7b0808a369e963ee65d0f71c797309ef9d896886d3811ab8818ed
b6898945c1cd627102a395524e84b7b9a80cdce29286005498fd9710c69764df
bcbf8d917d2f45c39329dd47453eb02831800e52bc305efe58d2f7c347e5c192
bea864f0b1cdc4c54757c699527cb3efff5233a6d6095bd2e97fb8828f61091a
c420f32b3ac8ca4dad29c471fd2149bf221ac03740c7816154c9703b38f6907c
c525d541f68c0050acd08801fb2133724bbb50cfb6827e2fadb98d5e0c3d3123
ca12ebfe4dfbefaa7e7c647bfc59d5cb6530a4fc98c3840bff756fe94978116b
ca78c8772144786ce0ee316088200440e6186d283898cc36ebf18fbbe1eb79ab
cb09089e95f20a6c4aff1a36e32c8f741467a101c08d496170f82c649cda4d38
ceea63fb5c025884af4b141f4c55b4a52a678db0432d319fd4a909b6171f78e2
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3
d6ae8dbff96469621efbc79f5d44c1f6d6c13460ed12e34e826af9b0308424aa
d6c6e0c2cc095a480d6369d7514443c10ca91d8356372050d2bb30011a778981
d73c2f35cf104b9eec6c97b351fd1bb05bc19c11a253d8f9cd191671d45460af
dbe5b0d8de6688b7a05d14b699840c570d25314c0d73a08854719a684182cd2b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f32da45434196ec4223a8704890201a1c92eb975f0e9b47ea73eeb7245c01bf6
fd057d7db4c5263a87501a7d8a59729dcaa1496e669def1f418cae4c817a1a8f