urlscan.io logo urlscan.io
SecurityTrails logo

1275.ru Open in urlscan Pro
172.67.140.84  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/0.8550740663381553
Effective URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Submission: On December 06 via api from US — Scanned from IL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 6 domains to perform 53 HTTP transactions. The main IP is 172.67.140.84, located in United States and belongs to CLOUDFLARENET, US. The main domain is 1275.ru.
TLS certificate: Issued by WE1 on November 11th 2024. Valid for: 3 months.
This is the only time 1275.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 24 172.67.140.84 13335 (CLOUDFLAR...)
7 5.255.255.77 13238 (YANDEX YA...)
2 104.21.36.85 13335 (CLOUDFLAR...)
1 88.198.153.60 24940 (HETZNER-A...)
7 178.154.131.215 13238 (YANDEX YA...)
5 213.180.204.90 13238 (YANDEX YA...)
2 87.250.247.181 13238 (YANDEX YA...)
1 178.154.131.217 13238 (YANDEX YA...)
1 6 87.250.250.119 13238 (YANDEX YA...)
1 93.158.134.36 13238 (YANDEX YA...)
53 11
24    172.67.140.84 (United States)

ASN13335 (CLOUDFLARENET, US)
1275.ru
7    5.255.255.77 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: yandex.ru
yandex.ru
2    104.21.36.85 (None, )

ASN13335 (CLOUDFLARENET, US)
waos-soft.ru
1    88.198.153.60 (Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: moderate3.cleantalk.org
moderate3-v4.cleantalk.org
7    178.154.131.215 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: static.yandex.net
yastatic.net
5    213.180.204.90 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: bs.yandex.ru
an.yandex.ru
2    87.250.247.181 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: avatars.mds.yandex.net
avatars.mds.yandex.net
1    178.154.131.217 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: static.yandex.net
yastatic.net
6    87.250.250.119 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: mc.yandex.ru
mc.yandex.ru
1    93.158.134.36 (Russian Federation)

ASN13238 (YANDEX YANDEX LLC, RU)
PTR: favicon.yandex.net
favicon.yandex.net
Apex Domain
Subdomains		 Transfer
24 1275.ru
1275.ru
318 KB
18 yandex.ru
yandex.ru — Cisco Umbrella Rank: 1488
an.yandex.ru — Cisco Umbrella Rank: 2611
mc.yandex.ru — Cisco Umbrella Rank: 4577
218 KB
8 yastatic.net
yastatic.net — Cisco Umbrella Rank: 7444
198 KB
3 yandex.net
avatars.mds.yandex.net — Cisco Umbrella Rank: 8731
favicon.yandex.net — Cisco Umbrella Rank: 10949
180 KB
2 waos-soft.ru
waos-soft.ru
25 KB
1 cleantalk.org
moderate3-v4.cleantalk.org — Cisco Umbrella Rank: 227904
257 B
53 6
Domain Requested by
24 1275.ru 2 redirects 1275.ru
8 yastatic.net yandex.ru
yastatic.net
7 yandex.ru 1275.ru
yandex.ru
yastatic.net
6 mc.yandex.ru 1 redirects yandex.ru
mc.yandex.ru
5 an.yandex.ru yandex.ru
2 avatars.mds.yandex.net 1275.ru
2 waos-soft.ru 1275.ru
waos-soft.ru
1 favicon.yandex.net 1275.ru
1 moderate3-v4.cleantalk.org 1275.ru
53 9

This site contains links to these domains. Also see Links.

Domain
g-soft.info
Subject Issuer Validity Valid
1275.ru
WE1		 2024-11-11 -
2025-02-09		 3 months crt.sh
*.xn--d1acpjx3f.xn--p1ai
GlobalSign ECC OV SSL CA 2018		 2024-11-21 -
2025-05-21		 6 months crt.sh
waos-soft.ru
WE1		 2024-10-30 -
2025-01-28		 3 months crt.sh
*.cleantalk.org
Sectigo RSA Domain Validation Secure Server CA		 2024-09-12 -
2025-09-24		 a year crt.sh
*.yastatic-net.ru
GlobalSign ECC OV SSL CA 2018		 2024-10-25 -
2025-04-24		 6 months crt.sh
bs.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2024-08-27 -
2025-02-25		 6 months crt.sh
*.avatars.yandex.net
GlobalSign RSA OV SSL CA 2018		 2024-09-27 -
2025-04-29		 7 months crt.sh
mc.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2024-10-20 -
2025-04-01		 5 months crt.sh
favicon.yandex.net
GlobalSign ECC OV SSL CA 2018		 2024-07-23 -
2024-12-22		 5 months crt.sh

This page contains 4 frames:

Primary Page: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Frame ID: 1C9206A2909FF57CAE4F180CE443F0D4
Requests: 56 HTTP requests in this frame

Frame: https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js
Frame ID: 115411603B1696F5F2FE4B540F082981
Requests: 2 HTTP requests in this frame

Frame: https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
Frame ID: C636B33FA8B54E7ABC62C06CC5666940
Requests: 1 HTTP requests in this frame

Frame: https://mc.yandex.ru/metrika/metrika_match.html
Frame ID: 9343CBE359A590F33222A507EE4F0DE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cuba Ransomware APT IOCs - SEC-1275-1

Page URL History Show full URLs

  1. https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/0.8550740663381553 HTTP 301
    https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • https?://an\.yandex\.ru/
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

53
Requests

96 %
HTTPS

0 %
IPv6

6
Domains

9
Subdomains

11
IPs

4
Countries

937 kB
Transfer

2514 kB
Size

40
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/0.8550740663381553 HTTP 301
    https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js
Request Chain 53
  • https://mc.yandex.ru/watch/1788970?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A0%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081054%3Aet%3A1733465454%3Ac%3A1%3Arn%3A267256607%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465454%3At%3ACuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&t=clc(0-0-0)aw(1)rcm(1)cdl(na)eco(565312)ti(1) HTTP 302
  • https://mc.yandex.ru/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A0%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081054%3Aet%3A1733465454%3Ac%3A1%3Arn%3A267256607%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465454%3At%3ACuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Redirect Chain
  • https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/0.8550740663381553
  • https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
51 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b69bf9294fc240b3861c23bf36eeca95ab0d4623f63e8cdf3e613bbd5682361
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-edge-cache
cache,platform=wordpress
cf-ray
8eda1d7368ee63b7-LHR
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Fri, 06 Dec 2024 06:10:49 GMT
last-modified
Fri, 06 Dec 2024 09:10:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SABnqZ53Yg%2B34wxlQXe%2FrtRqqpsuEcbw2YQPPuwTHT0tx4lcEkmOdYGs2iBVRre6Ux6QO3s3H8faVq8lbLOGzVcxPIkg36fSh1pZBkRUIm0%2F1pooiEkyRDC1"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=56687&min_rtt=56620&rtt_var=6776&sent=12&recv=14&lost=0&retrans=0&sent_bytes=4826&recv_bytes=2384&delivery_rate=68096&cwnd=255&unsent_bytes=0&cid=06308673327d2fec&ts=1403&x=0"
strict-transport-security
max-age=15552000; includeSubDomains; preload
wpo-cache-status
saving to cache
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-edge-cache
cache,platform=wordpress
cf-ray
8eda1d701f0163b7-LHR
content-type
text/html; charset=UTF-8
date
Fri, 06 Dec 2024 06:10:49 GMT
expires
Fri, 06 Dec 2024 07:10:49 GMT
location
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BIBqda2%2BkxfqOiUBT2a6qgO8P5ZsD8u3xRNdpLse%2FnmsFFT2YeO1sRlgAUQBPwmTMhbNb9JuB9lVWDj7jp3iTpm0m1KFGKt%2FwlCRr%2BpCv54iFQ2VTTzwy8H"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=56702&min_rtt=56631&rtt_var=11997&sent=9&recv=11&lost=0&retrans=0&sent_bytes=3992&recv_bytes=2309&delivery_rate=68096&cwnd=253&unsent_bytes=0&cid=06308673327d2fec&ts=726&x=0"
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-redirect-by
redirection
x-xss-protection
1
cleantalk-public.min.css
1275.ru/wp-content/plugins/cleantalk-spam-protect/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba4be648e180af840eba117f20203084f95b9933d9eda25650b1a52d4cc7b054
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WGgyfkukEXWqHgniqRtFv71ycDNb%2F0ynCcjK970SmQaMmLtJ4dviC9ODFXGSHWYhYuS%2Fad%2B6bn0XmcQ5obKKJZuJVyd5PJNtKoweE6o9QIWJlvGk9oSXaD5z"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1420&x=1", cfHdrFlush;dur=145
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 14:36:23 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb0a6554-LHR
x-xss-protection
1
server
cloudflare
cleantalk-email-decoder.min.css
1275.ru/wp-content/plugins/cleantalk-spam-protect/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-email-decoder.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53c49a3cfb39f581720c3eadcf40b011299dd1bae8a6c8a7fc85fbf49d6986ba
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=30uUcqSXhuba3b4jf18fWlXSj38AshNyZlEamrDb%2FHAkTOJdYganA%2Fd4smlomB6efJCG4SC0Y9kmwT%2FeG5fP%2B6mtY0bK3f4f76nLnZ%2B934BIAI15MC7VRgb%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1425&x=1", cfHdrFlush;dur=140
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 14:36:23 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb0d6554-LHR
x-xss-protection
1
server
cloudflare
screen.min.css
1275.ru/wp-content/plugins/easy-table-of-contents/assets/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fdf5f9a856940c379e8cc777e289f5b58d179a3edb5ef3e1e0cff46f7dd670c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DEJNwoPdIXcGsagBR72xG%2F0m05aF6G6xSGPVTI%2Bc%2FJ3OxFDK6%2F0Oa%2FMwulF%2FvzVBOwRzx77V8g%2FCJF9NQswEqevhmmiC%2F6aaoHrO1LGF9B4FwA%2Ft61GitQH8"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1423&x=1", cfHdrFlush;dur=142
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
text/css
last-modified
Thu, 17 Oct 2024 15:50:54 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb0e6554-LHR
x-xss-protection
1
server
cloudflare
a3_lazy_load.min.css
1275.ru/wp-content/uploads/sass/ 		127 B
779 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/uploads/sass/a3_lazy_load.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0%2BNaxi4HOGKJZtbFr4qW8%2BkAnXt647MfjG5MVI1Rs5r%2Fnbq7kL7y%2FDxwJrJmpAZNVLxD6lZX8hKHek%2FgDHsOurysyYHoeVD8Z3NN1muJT1O4OGGYWgox%2BnW"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1416&x=1", cfHdrFlush;dur=149
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
text/css
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb106554-LHR
x-xss-protection
1
server
cloudflare
wpo-minify-header-df321caa.min.css
1275.ru/wp-content/cache/wpo-minify/1733222001/assets/ 		258 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-header-df321caa.min.css
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cb8a8965209551d80db7fc489c0d69756c6e56cf7146fed44e213fff8d69097
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2Bsjhsdx8yUceSxp4%2BhJaOZ06HISp6271HFYF7TYdrSdhLev76yUcxNM1TLjYCg9JJ5KqT81B4E4ZcEFSCuLNRe4GkoTLATgmQKkspMGzcq%2B4a2Np8WHKeKM"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1419&x=1", cfHdrFlush;dur=146
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
text/css
last-modified
Tue, 03 Dec 2024 10:33:29 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb116554-LHR
x-xss-protection
1
server
cloudflare
wpo-minify-header-16e5216d.min.js
1275.ru/wp-content/cache/wpo-minify/1733222001/assets/ 		192 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-header-16e5216d.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0f68f55f98f7857f56e7b9b1d8370348c717dad771e8aa3e599e067224fd124
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXc9jiNa%2FuHljlF0ku8YWoSU7Wz5q4bkIMG7tH9R48rtqzMzbdPt9ahrWouCMyubVhmy2VWI%2Fhk31Jk63L7u6qbJKn3TD1Dsz8I3Os514b3C%2F1%2FjFuCVUhab"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1489&x=1", cfHdrFlush;dur=76
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
application/javascript
last-modified
Tue, 03 Dec 2024 10:33:29 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb126554-LHR
x-xss-protection
1
server
cloudflare
context.js
yandex.ru/ads/system/ 		376 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/system/context.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
f9358d5e45da633fa5b49ab842e1c3451473a0fe9b39a40d6eb649684266e114
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
x-yandex-req-id
1733465451960459-9580167039305911312-balancer-l7leveler-kubr-yp-vla-220-BAL
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
cache-control
private, max-age=3600
content-encoding
br
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
etag
"d49b1f6fa8a04ffd7f1834d5f5f66c0e-1170148"
timing-allow-origin
*
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 07:10:51 GMT
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
wpshop-core.ttf
1275.ru/wp-content/themes/reboot/assets/fonts/ 		57 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rauPWTBjSe0PJlROswrRJevUdk%2FraTOdiGzkLRQnI%2BzptzVvZ3HpEWDo3%2B5ar9nokArObsSU2vu1fyz2cLTsVJrPBYm8x0lbzKA0UxcN7D8FaIbMR%2B9zsOgP"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1429&x=1", cfHdrFlush;dur=136
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
font/ttf
last-modified
Wed, 20 Nov 2024 05:01:33 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb146554-LHR
x-xss-protection
1
server
cloudflare
cropped-54925859_transparent.png.webp
1275.ru/wp-content/uploads/2024/06/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2024/06/cropped-54925859_transparent.png.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6898945c1cd627102a395524e84b7b9a80cdce29286005498fd9710c69764df
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PMe2W%2Fe6On8qPzYvq2hxuReiVzrVMB0zyMHnPeL8%2Fmv%2Feqr0%2F8v0jI0vD623iDautKRZKIbxlylJY5vnvRpteUhJXgeY7Lsai8Mi6A3eva2LERtkMFUo%2BhgO"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=13&recv=20&lost=0&retrans=0&sent_bytes=4309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1415&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
image/webp
last-modified
Thu, 06 Jun 2024 09:30:54 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb166554-LHR
accept-ranges
bytes
content-length
16060
x-xss-protection
1
server
cloudflare
security.jpg.webp
1275.ru/wp-content/uploads/2022/07/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2022/07/security.jpg.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5178676c00ad6f11e9f3a1dff9d68ae2151b96036ba549e77eda6b236e903870
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnJ6B%2FfLHdZVo5nKSi%2BSeGEmBrAhFEcdwtTzY9VEU5kgv%2F86KrE6j5n0dHAnQzwxP31WzwbXfziyGGbr2OcppqMEOvjgQCHw01pcV%2BCVwyA6Fsjcykbako9E"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1421&x=1", cfHdrFlush;dur=144
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
image/webp
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb176554-LHR
accept-ranges
bytes
content-length
52882
x-xss-protection
1
server
cloudflare
lazy_placeholder.gif
1275.ru/wp-content/plugins/a3-lazy-load/assets/images/ 		42 B
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaSr3gqn7QfpEXUDxuYtyY6V1K0XZoi0T4ITAttORan3gUtoRRAL%2BJ6Dp1cXviuomtdHIZHpGt6AByL4v4h1Op26p2ZccvPVNepB3XJ4XqRvKkt5MFJOjk%2BJ"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128504&min_rtt=127607&rtt_var=21488&sent=23&recv=20&lost=0&retrans=0&sent_bytes=16309&recv_bytes=7771&delivery_rate=177&cwnd=12000&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=1438&x=1", cfHdrFlush;dur=258
date
Fri, 06 Dec 2024 06:10:50 GMT
content-type
image/gif
last-modified
Mon, 15 Jul 2024 15:29:45 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7bfb196554-LHR
accept-ranges
bytes
content-length
42
x-xss-protection
1
server
cloudflare
wpo-minify-footer-9f353268.min.js
1275.ru/wp-content/cache/wpo-minify/1733222001/assets/ 		64 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-footer-9f353268.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd057d7db4c5263a87501a7d8a59729dcaa1496e669def1f418cae4c817a1a8f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cu8sgSB%2BX9cVAG0c6LefeHOB7jdTQOHeskXR1Cp0gw2%2FUtsf7kRFCfZsJheXLNfCLkJMyPusIqf0DhjgBsemf38BH3Jd6NUvY0R6g9vM8xtBVHrcBQq2ux1o"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=128932&min_rtt=127485&rtt_var=774&sent=210&recv=74&lost=0&retrans=0&sent_bytes=227021&recv_bytes=10447&delivery_rate=711762&cwnd=124800&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2011&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
application/javascript
last-modified
Tue, 03 Dec 2024 10:33:58 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7fae416554-LHR
x-xss-protection
1
server
cloudflare
wpo-minify-footer-64e20749.min.js
1275.ru/wp-content/cache/wpo-minify/1733222001/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-footer-64e20749.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bc1776eb68e98de70fd1caf4f89e65be2a9315aad1352b46274d148508e31fd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c1tCvUn%2BFOvu26lkkwu4wnZ%2F7EOKpDBUdzkd4VlYchuqcbh7QKS0ijLgqiVA0oFZTdFSkgUQjwh2r6QkAeScQDWzqxoAtUYA3ozvDkBIYU4ZtbSJ2gt0TRPq"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=129033&min_rtt=127485&rtt_var=782&sent=226&recv=77&lost=0&retrans=0&sent_bytes=242151&recv_bytes=11503&delivery_rate=619604&cwnd=124800&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2059&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
application/javascript
last-modified
Tue, 03 Dec 2024 10:33:30 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d800e856554-LHR
x-xss-protection
1
server
cloudflare
wpo-minify-footer-f85f20d7.min.js
1275.ru/wp-content/cache/wpo-minify/1733222001/assets/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-footer-f85f20d7.min.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d913cbed84d37080dc6aa446c41f76b3a230ac810af1199d6350779882807edf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0gAfF%2Bh8q%2BLVp6xzcnXbx4cTleyUit6Kax7ZswFMawOYnY8DObaAv5ysd8I5LnBydbD9fIdq4ZxNrCRbtcmV%2BQPBpCPPbZK5E%2FMHOmjkKASL0NKdhBtdt2u"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=129033&min_rtt=127485&rtt_var=782&sent=229&recv=77&lost=0&retrans=0&sent_bytes=244326&recv_bytes=11503&delivery_rate=619604&cwnd=124800&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2062&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
application/javascript
last-modified
Tue, 03 Dec 2024 10:33:30 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d7ffe836554-LHR
x-xss-protection
1
server
cloudflare
security.jpg
1275.ru/wp-content/uploads/2022/07/ 		0
57 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-content/uploads/2022/07/security.jpg
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FdX7A0ngKusuchxGzOZPnTysXRgGWzTFFIVYsRcxCv3obS6PLm2ZU3u6FYOBTVN2rHql2BoEW3IJLd1lVOdNmjPdCmU6ZyMCFbT3HhxI4Mghe5CxVNw252K"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=129033&min_rtt=127485&rtt_var=782&sent=233&recv=77&lost=0&retrans=0&sent_bytes=247546&recv_bytes=11503&delivery_rate=619604&cwnd=124800&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2063&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
image/jpeg
last-modified
Thu, 23 Mar 2023 18:32:44 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
link
<https://1275.ru/wp-content/uploads/2022/07/security.jpg>; rel="canonical"
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d800e8d6554-LHR
accept-ranges
bytes
content-length
58020
x-xss-protection
1
server
cloudflare
matomo.js
waos-soft.ru/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waos-soft.ru/matomo.js
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.36.85 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
162ea9885c6f5016ef29bb4c55cf02e5f64b03de1fecf59c10d9941a1bc1823b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"1130f-6272c3e6e010b"
age
2296
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=knFTuX1DhOzRUlou9EjyaTY3Uc%2FrYDmIPjCPQVuETZ2zXAL0VmrTzeeOVWorzwLqOAsiGIesEqI%2BjRZg55%2BoRarUIfcK%2B3UcOtni7IggN6x9QqqwhNngNNSDpKlk8rA%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=120590&min_rtt=120572&rtt_var=45250&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4259&recv_bytes=4224&delivery_rate=28264&cwnd=12000&unsent_bytes=0&cid=6ac38ab7b6d57c5e&ts=141&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
application/javascript
last-modified
Mon, 18 Nov 2024 09:07:19 GMT
vary
Accept-Encoding
priority
u=3,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d81a8ab048b-FRA
server
cloudflare
truncated
/ 		969 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		290 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		626 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		544 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		624 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
admin-ajax.php
1275.ru/wp-admin/ 		77 B
897 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-admin/admin-ajax.php
Requested by
Host: 1275.ru
URL: https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-header-16e5216d.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48f5d226f594cfbd8b043826374650bc4d65bafa390b17d34a0d1886b8e8d09a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarybbhrokSAgXDjpgLm
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

x-robots-tag
noindex
cf-edge-cache
cache,platform=wordpress
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vVE3pJ%2FiAZF%2FeBHbxFYWe23d46nisheXa7NjO9tXuB4%2FTu6c29iGmwlYl8eU9IP3QPtJ2gzsysJu46UXy%2FSAheOCm507z6YQqD%2F1V6GNjSSqT7yxFSvA1i1G"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 11 Jan 1984 05:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=135925&min_rtt=127485&rtt_var=4343&sent=300&recv=98&lost=0&retrans=0&sent_bytes=314839&recv_bytes=15056&delivery_rate=4067&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2492&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
no-cache, must-revalidate, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
cf-ray
8eda1d81cff86554-LHR
access-control-allow-origin
https://1275.ru
x-xss-protection
1
server
cloudflare
admin-ajax.php
1275.ru/wp-admin/ 		1 B
820 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-admin/admin-ajax.php
Requested by
Host: 1275.ru
URL: https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-header-16e5216d.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryJgTNyaUdciv5dmOB
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

x-robots-tag
noindex
cf-edge-cache
cache,platform=wordpress
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WW8l2Ua0BF%2BOYbwc5zEGYMfYtfOJlB1vwxtmvbIKx02jtxxhEIamVIFYp%2B3QesizyvBJdFI2X6qGhY7iS3UnzFHS8sHHESdzRfB4Du%2F7TBkE7qmDjlqQquXg"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 11 Jan 1984 05:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=135993&min_rtt=127485&rtt_var=3393&sent=302&recv=99&lost=0&retrans=0&sent_bytes=316598&recv_bytes=15101&delivery_rate=41603&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2667&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
no-cache, must-revalidate, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
cf-ray
8eda1d81c8026554-LHR
access-control-allow-origin
https://1275.ru
x-xss-protection
1
server
cloudflare
admin-ajax.php
1275.ru/wp-admin/ 		0
815 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://1275.ru/wp-admin/admin-ajax.php
Requested by
Host: 1275.ru
URL: https://1275.ru/wp-content/cache/wpo-minify/1733222001/assets/wpo-minify-footer-9f353268.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Cache-Control
no-cache
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-robots-tag
noindex
cf-edge-cache
cache,platform=wordpress
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl4%2BM8Ct4Z41wBxo2iWkEpwZSXv3C%2B4NgqloDbvK40S8SB6aglOxjSUaByE2W1L6KKF1GBmCjZQqoc1YQJaWGlZWWqUNFdlEFjEPuoDIOG0cUqrBswPgxtW%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 11 Jan 1984 05:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=135993&min_rtt=127485&rtt_var=3393&sent=301&recv=99&lost=0&retrans=0&sent_bytes=315759&recv_bytes=15101&delivery_rate=41603&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2660&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
no-cache, must-revalidate, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
cf-ray
8eda1d81d8176554-LHR
access-control-allow-origin
https://1275.ru
x-xss-protection
1
server
cloudflare
main.js
1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/ Frame 1154
Redirect Chain
  • https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
550492c522111c892a16b7eae43a91b82a76733938f2e11acd823b78c23a27de
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKaF4IEo4MX3dSW3WVKyZ43jb97dSztmVgyxoZwGc72tNUpqJdrFTX7lO24b%2FZJW0WnpP7ZEM3g4rTmS3H4pndNIS%2BA1GZNtmn4Yh%2Bj%2FbD3q4EerkKANEDZn"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8eda1d82d8fb6554-LHR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=135925&min_rtt=127485&rtt_var=4343&sent=295&recv=98&lost=0&retrans=0&sent_bytes=309858&recv_bytes=15056&delivery_rate=4067&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2480&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/a6e12e96a2d5/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2B3UfpVh8oJZL%2Fa23JGCF9WjMWGSKnOr%2BYUc7lFUvVVK2mjO%2FK6F4aC%2FGUIWAE8V8acINyeow8lGv04W9T64gVSnuj4DS4yYaP%2BKSXNdOy6DDBG2QtO3763o"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8eda1d81f8406554-LHR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=136620&min_rtt=127485&rtt_var=3937&sent=290&recv=96&lost=0&retrans=0&sent_bytes=307744&recv_bytes=14401&delivery_rate=808384&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2334&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
vary
Accept-Encoding
server
cloudflare
rss_25.png.webp
1275.ru/wp-content/uploads/2024/10/ 		612 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1275.ru/wp-content/uploads/2024/10/rss_25.png.webp
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fde30968056d44b85605ca3f68a6c1a82cd3b4458570a1ba225e33dcad1c34cb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1F91UOJC1K0j%2B0QmiuljLMrbbR1%2FeZcU3UGCa7PcalKjd32eFUQC%2B452gFwfI8fEOR1gtKd2qgUTyans4xqYGlDR0FxVNQNNchZ7hgXNA4PZQzlyTOl3ZQdG"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=136620&min_rtt=127485&rtt_var=3937&sent=292&recv=97&lost=0&retrans=0&sent_bytes=308493&recv_bytes=14772&delivery_rate=808384&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2469&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:51 GMT
content-type
image/webp
last-modified
Mon, 14 Oct 2024 14:57:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d8288b06554-LHR
accept-ranges
bytes
content-length
612
x-xss-protection
1
server
cloudflare
matomo.php
waos-soft.ru/ 		0
619 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://waos-soft.ru/matomo.php?action_name=Cuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&idsite=97eED41Ee1b3d80&rec=1&r=908703&h=8&m=10&s=52&url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&_id=0cb93579d513bbc0&_idn=1&send_image=0&_refts=0&pv_id=3spMSV&nwefftype=4g&webgl=1&pf_net=0&pf_srv=624&pf_tfr=101&pf_dm1=1629&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by
Host: waos-soft.ru
URL: https://waos-soft.ru/matomo.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.36.85 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8
Referer
https://1275.ru/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
none
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtSu%2BhVo67QsVolKZaAf9QmVqvbNJsZ8S8dDdsfRGscFvr5Cj60qMnV8h9kMNgEGuQA%2Fc3P2Q8uZY03HGjtJmCHAE7jzdru0lakCrmwFYO2RTlMj3FXcjU99wCUqXF0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8eda1d83a9ea048b-FRA
access-control-allow-origin
https://1275.ru
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=140165&min_rtt=120572&rtt_var=12302&sent=36&recv=22&lost=0&retrans=0&sent_bytes=29749&recv_bytes=5548&delivery_rate=126162&cwnd=20700&unsent_bytes=0&cid=6ac38ab7b6d57c5e&ts=581&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:52 GMT
server
cloudflare
priority
u=4,i
8eda1d7368ee63b7
1275.ru/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 1154 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://1275.ru/cdn-cgi/challenge-platform/h/b/jsd/r/8eda1d7368ee63b7
Requested by
Host: 1275.ru
URL: https://1275.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FmBHz1aGNMfNKeBeU%2FVRLI7Vz5qkx1UII%2BJWBPD7Zq5jGNJV4e9Asx6etrgutemkWM4Gk6WUSH7%2FDjLt5pg%2BTRLOdT1%2F49qx1tuzshcjuEzigm1%2BVEnaz9jV"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8eda1d859b626554-LHR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=137138&min_rtt=127485&rtt_var=4835&sent=306&recv=115&lost=0&retrans=0&sent_bytes=317513&recv_bytes=32382&delivery_rate=9885&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=2933&x=1", cfHdrFlush;dur=0
content-length
0
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
a2e1512113bc4ea94f132be143b4d584.gif
moderate3-v4.cleantalk.org/pixel/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://moderate3-v4.cleantalk.org/pixel/a2e1512113bc4ea94f132be143b4d584.gif
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
88.198.153.60 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
moderate3.cleantalk.org
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

X-Server-IP
88.198.153.60
Content-Length
43
Date
Fri, 06 Dec 2024 06:10:52 GMT
Content-Type
image/gif
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Connection
keep-alive
text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

etag
"7f0cdaf91230f9789ca4162aedff612e"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sat, 06 Dec 2025 11:55:08 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
font/woff2
last-modified
Mon, 25 Apr 2022 14:02:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
x-amz-meta-owner
{"role":"admin","login":"4eb0da"}
x-nginx-request-id
828346e8edb0aaeb
accept-ranges
bytes
access-control-allow-origin
*
content-length
26004
server
nginx/1.17.9
f9d5bc3ecd4b5a959268.js
yastatic.net/partner-code-bundles/1170148/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1170148/f9d5bc3ecd4b5a959268.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
6cc09f68a3586bd2652fec2f4781629012ca03a5485f1157e55bc8543c610a5b
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"8ad1d75df125ed63176e4d10e4604708"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:43:55 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 09:23:05 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
6385
server
nginx/1.17.9
1740ba77a285754e7a9b.js
yastatic.net/partner-code-bundles/1170148/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1170148/1740ba77a285754e7a9b.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
e9146e3b38f8057e805ef96dc943a9f0ab6e197bfd709005d955d9b7eb7f3e69
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"541de47804e114070ed437dd5d254f32"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:43:55 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 09:23:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
5222
server
nginx/1.17.9
0a723b287ad21e1bfc42.js
yastatic.net/partner-code-bundles/1170148/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1170148/0a723b287ad21e1bfc42.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
d65b9052da404bbc8a8c4c65c8a9dc51a458f9affe03b84387c497ae5fdcb63a
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"aabc75c4836834ed5b9c243e114855d2"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:43:56 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 09:23:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
7949
server
nginx/1.17.9
02aa366ebfd7249e2a0c.js
yastatic.net/partner-code-bundles/1170148/ 		604 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1170148/02aa366ebfd7249e2a0c.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
8a79f27281dddd51d196f7775d51ceb2667c326c669a20628bc75a1bde15ce73
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"0cba1ae182fd1200e2fd435baf73261c"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:43:56 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 09:23:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
119720
server
nginx/1.17.9
host.js
yastatic.net/safeframe-bundles/0.83/ 		33 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.83/host.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"f80882bf67cf261aa08d636da095149a"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:41:53 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Nov 2021 13:42:58 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
8878
server
nginx/1.17.9
824b4b7ba221bea41791.js
yastatic.net/partner-code-bundles/1170148/ 		114 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/partner-code-bundles/1170148/824b4b7ba221bea41791.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.215 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
0f14b8328155a89c17a34164e6c72007931577e49b403879cb4166844f903664
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

x-robots-tag
noindex, noarchive, nofollow
content-encoding
br
etag
"5af9e4fc2a191b6f995dcba6abd4bb38"
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
expires
Sun, 06 Dec 2054 12:43:55 GMT
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 09:23:04 GMT
vary
Accept-Encoding
strict-transport-security
max-age=43200000; includeSubDomains;
cache-control
public, max-age=946708560
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
24402
server
nginx/1.17.9
1788970
yandex.ru/ads/meta/ 		25 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/meta/1788970?target-ref=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&pcode-version=1170148&pcodever=1170148&comboblock-unencoded-vast=1&ad-session-id=3399671733465452457&target-id=88772117&pcode-test-ids=1111484%2C0%2C75%3B1135992%2C0%2C87%3B1106680%2C0%2C43%3B1139796%2C0%2C39%3B1164347%2C0%2C74%3B1116850%2C0%2C27%3B1167679%2C0%2C36%3B1156187%2C0%2C35%3B1154208%2C0%2C58%3B1139870%2C0%2C78%3B1161299%2C0%2C27%3B1160681%2C0%2C29%3B1170148%2C0%2C30&pcode-flags-map=eJyVWFtzmzgU%2Fi9%2BDlkEiEvfZJCxxtwqCSfuTkZDa7JNm8S7cdLttpP%2FvkeIOoa2uH2yETqfzv184utsTYRKOZmrjBapXM5e%2Ffl19qm5fWpnr2aO7YWzs9lju39kW3gO7dAOvNnz1VkndsFJpTImJC0oV%2FONKouYDgAkr%2BkxAEKu52PngCBqvqYbxQohOSW5ysuE8kIlVLC0GCDt3zW3rbpv%2Fx3CYcdB4QGuFlStmeSsIEqu1eua8o2qCCf5AKv9%2FPcIxXcibFBYQkvQR8mUKJF0iEY3VqQqpwkjasEyKgaA17sH1dzejkCjMEAH1Xiu6iIrSXLCP34Qee6LfySZZ2AT5YKVQ4fA1jDA0Ug6Ch0jndeZZHNS6MjUBVswmoBZkvIFGcVo5A1Q2wmCDkMbP18pwd5QoRYlVwfvxGU%2BL6dQtBm2QeFcFfRCcSprCC1ZgA4qzli8UnLJyzpdTnokQMj2og5I5IRLHdSaKnpZqXlGAETn3zHCn7O75ub2%2FOEJUP5r7rftZ%2Fj%2Fx81d81e7Hyz91dx1K9sv7b3Z3ny6edyZv3fnRw%2Fb%2B5t%2BVSMfEGDhoflyu%2Fvyvn%2F95cH8Pj0055Cp%2B%2B82fGh2dze96O6j%2Fr0amIrB9cZUKqEIFgSCCPmbUlXU%2BZzyKY8HGLmB3UlvCOSNZLFaUIj6PCvBTSxRF0sm6Q%2F8xS1mOV6EoNotBJDHz87o2R09e90zsRyMbDtwenli4TD0fGQhdFjwwbxAH3A1aCiRj%2FxO6YVQWVlWUF2XU2aG2HWRSXGdVWkllYg5q%2BSkUOA6kelbCRNdSZkMjMtiwXgOzhpV1wggcrAbmlOTN7QwbWFFMypPyaHQiQb9aUmKJNNhKFa9ErqySCLrYrIuIzdwsGl1guRUbQCHXqqkzAmb1iGwAz8aGF9WtOByripOK2hqkqh5na0mQSLs9V0BtqdqSUkynY%2BQDyH2TQMkYlPEpnKPRb7O9u2jzsCj90rrlRBQqWuWZ8N3FGzWzhqt9y9Gq3qq%2FQzgp0ewgkllFkiyKC9Hr8FZnK0IJE6tm%2BnobVyWKwabiIyXel78eFfFy5wJ%2Bt3BXaFr83stu2472jXswDBwO4V1Tb3f7R%2F32pl6EF09DyKBwiDqe6ioFGSi7EfZBZPLspZwYsI4jSUAZptuw3RonQCYgClbaFR9VpGqyso16MZKocCEmPDkBEzk2PhQHQccAe3veODEMH8lW%2BvwkXjZKa03xxlh%2BakkdCL3yHRoLuqSEfA%2FYIFHhRTT4q6DA3wQj2shyxzSJlVsQYZd1MNt07xFvhW1zbXlBY1rvQ38rdVcv%2FU9WMNbrJtpgJvQ911svdv6keVF4bUVbaPQQva7BjVb1Lxthy0SdIBd4Y90qCiPaTEIlX1u2%2FjXpONFOizGCMGwDSJn9gqdzVzbBiLg2Qienn8CqMvnGzcxNTPtTA%2F6kHFmLHjPzlKW55N9T49%2Fx%2FdHYoICceSWgPyYFsa20w%2BYQ%2Bp3U%2FFnw9B3I9DTxaMYYNdzjOod6c01lYL%2BkilSiItTOYgjjJyDDpXuDkpyIC%2FguuHpro0cMBbjmY4A8j04daxK6IW9RcApFxlJT6RwGAVhzyoqGhsmCIzwte45SVdlepBWQKZoPsqm78EioMrGDylQlPUKWEpe9hQDLgAwGlgyzCqEMdQ4EPj9339oIOvTzbbdWZ8%2BWu325n7XmufzD%2Fvd%2FWyYaJFvo5fLBkkSQ%2BWFkqWZnDXPjrqETCcZKdKAPUEqK8lyYLUqXlJQPKkrgCOQD6fdCTBwh%2BlQKmhU31o%2BqDSfHKAg6ITeS7P7fWH8cs%2BhRdco5RIipmheyY0iseYwAFvQ7De5OoCj0HaHntGsIBHVCTkf9xE6yKUdc4WcMLE6IR9EvjmXXsKcLKCe4ExdG4WoSiD7J3sK8myvdwxcCbrw6ZOFua3BcBtOoDtnJO1EoXeoTLipgOdiqI8Y5sx0Y0EeUMqXiCzqLAMeSoEb9gQvhl%2BY5yVnUFQnCSZc3TygSwe8NbD3mLKsy3WSxUC4WLqcLk4Ec8VxjgoG6IvSNwnoVr8mD5c20ymOzOntACWyObQs0f0Ds07RP7iehiEalC8AJuAMRjIz3X84guEubQGFsR7af55aTWmGnw9wFL2YePhuoIl1QsQSTIWKkJtqGLx%2Fbx7fq2Z7vfs86gi%2B39MYc0WvFIXcgYrJyqFx7x5Hl3s3gtQd1%2BMc8jYxd4r0VLDd3tODDw4ds2G55oEboGX1XE%2BoFZ1WBRyN7bEqI5640EZpZ9WxHJmmfbN7elRt87AfpwMkhOHvEDwBPVLqdCQJqTo2tnZOfVVB%2FeChwOiKmH5TTiw53H6mrcKeY4dH5WA6PFB28majP4tweSpAYfDilZdbX6m%2FadQS7m3glGkIHzk9dez1zjlh3VeUUrsVWm3He6Y5LvJtvy%2BDKi4Tuh6VDTAumHLhUMYsPV89%2Fw%2BytLIM&pcode-icookie=Ocw34TF23ILCQYF7PyIdUx4Yk8%2Fm3ju3ikAMNc8n2U0cVV8722gg5MpPtJp%2BM3Pzo%2B6vKsale0N8e%2BMFU9%2BTPGeKFA8%3D&disable-base64=1&imp-id=1&ecma-version=es2017&charset=utf-8&test-tag=406819302277122&tga-with-creatives=1&top-ancestor=https%3A%2F%2F1275.ru&top-ancestor-undetermined=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1050%2C%22top%22%3A329%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjJ9CkKlpJDkuGkB1PrBJn-lFQSaX-9Pmjzkc8KcpyEzPJneK1I64W4iIxFZkgY2aJtjPyYHnugnOv-22XwC_k2cOk3aLoBeBnAJY1URmXRbm_DjM3zXiapixRiDGKmCdWR8jcsTkPHb6gIyzdZ4TUDKnmsjXpZuchEso23USBBtMABHqu98k6AgzdPED_OUjLzQIeM2bW1rcRuYwt70YdgczTYt4R6mpTVLA1MIriQKyQVk5KX3aXaCPXhL18EUckxdy7XG5fCW1vLenMXmaVu3LSJeUwDmR3kfuN3zNE0TmcMxDe7Scl1bVl9G3wg4eePO1nOj6RzT0m2ER3pvcxm5YRPxNaGArNsI5Sm6rbXnXhIMoc3JebZFuL-21qwnefVmfIvwf00FVsVjwlXxVEhM2CruViFuJhyVpUKpXECp-CqWissEgYx8lVeaIZqcK7yODb91mtYVlty2rKPL5vGoU57GV_Z1FFYFfAlE-fwh5JVHBFbB2TyZUG6z2E86z647bbANWyMoW8dZOD6FIl7RUv5Nc7cEMtcIOC0fbF0zRVzmBEwbGg0Hf-n54Nu8bjRLzOMHUXZZF4DO5v37a9o8W7ObTtcoiU1kLY1t0DAjXbwLQoBVK16aurUVFRgVwqcAjgpRxaXrUwVEDW9sFVfFYsJgMJGzeeL0yk0pca-3ZQy-kD5jhY0mzBW_wyhEFYYSoZgYZNZ_cT0zd9kW5q3KvwzNHu-Q433zCipwMkWZSXKt4lwVrj5TQb5vaWw957Anz9b5m86L7p5i9fls7rSW_QH19p7INAhy2xxbW0T54mgVwHiLnBsMi3yc2qe551x7GKbs4DpnWTLYZx5AVZz3LajvWfhM6O9ETNif6uJKgFbxS6IxbUu-X_hlgJUMfipX8Bd-c9WqCTGyU5_EFPMRZdXmLqJWzryTGCCJiaXjhRj0SxfDhayzKMouJva-qkGkYeet2X6wCpwKgQlLhfa_4n7YsP7TO5glD9RsbhNkHkWaUCRZkpyCf37wt6zE5w_iCFRAPVnY79XlCegb0aVyI71UbpX1hgr7nRrms-AxYe-fwFIhf25Zb6HeMt2yirefCeKZn5o11iXuTA5UJozfYalAf4pgPyUcJojV446btd-IALdrklWo-yniM-Ee1X1r-F_LWQqch7lK963_QHyK_X9_SF_fEJ88EGqbOMePdR__OEjH-GR-y18tEzYlvbJngvTMT5f1X9XlG60U8by4NebgVtbrjAnqkwypTs-vrZtX65Pqoty_UMuF_LSA_sph_bswa0LxKW8VYj2O9cwwVDzKg8GvWvXoPnt96WGhPyuEUjoT5B8Nwv_BBDAmqN89Ht1BTBApdzGgD3gAID-pP6buPh_eV3UHSjfUevGU-c_LyOE_jFvLxlOxmTDqAX_LLWwl81CUqs6rcJjQy3Cg7q_nu3jD3rfBBKU-B_NBfmau6TIRivTB89Xz4DzJsEqsHu2iPICubbJqjEKlICPnYAojeLlmjhxhQpwRBy7xe4XJ_tAxcr79SvbtDMFWaCvsMhyR0cSslvY27Fe7bbyqPtws1dHVjDOonF9TpS4UIFrzbZHpbNLirXrtpHiitapyUJQx_ULFLSsgTns_5v1xnAIwHsv-xsk09EIWl2OYXFsv2gvgJjR5QpEgjOj1ILjvxUIBCUCjTumUHQNkrbSUxxEU_xEbghpyeMWov3t-4OCez5aYP5UE6pmHYhbesT9UnhXuRfpH4qmUi-eLKMjPVMzxRfRZ4o-wXU07nBpF-NXE_0isanPxanhBPc-7yfL86xnrfPCjdavAKBGDu2tYgbJrrEAsng-ruifOedt7PmBtq5sIdMmlEDeuqbWNsumEmsnZSAzzrzR5Gy1ilEjQUG6SZiD8YETadP00OCqeOQg3WhKkqNBcmUh0FPDboKQ3-3cvVuX8zooZrs5TC2HCYfSIff3cz6f1z__uLhiFh2pN-McqtUGma4ZpEZ1OJTXnemwDiWbYhApOU2HbaP9pnLN-ijGvekc25NVEyo51Ch8khjXD3aSkcu3Y3ztWsYOvP94y1RKQ2lybcGnwpOGfPmjnGQ8Af1e7j3f26i0hKMUIYxV4NMX0c071YcmPV0NLLayxih1WeCCeDYHFhP5mDmo9j6XYRkhVH0Oo_QO6BjKcIw1ytQTVEJYqP6CBV9RujRUmXEolnVRHUJ-Ke6ENn4CE33i8LcMiM4lMa8uflLMuRE4Vw6R7Q7FDPx3Cae27FPzf03TOBPEJrmVCOjtwIDdqhOtxgGhJgQgaghIZoB0kIWhLR4DaQGJqFDqBjkbSrIo-PIKlL5-48yQYBXsvqx0p2Kseqhq16NpPjDhr0Kr1h12VIN6uyvJawi8K9xUKzHNuSjlfV_gFCPRd1YBs8itsrUrao7e5RWPl9XMo5e8LL0ql8KoKQakKFvci-JXXVgFZv3x1V_2XtWup2GUWblWcErb5LLIchXiyThNffHhtyFWZnV4DWbq4Jh1arRVG2cWVsdz41XOU8Ku4V8wq5kxrfUyJDEi72KzL_xMG5Wz6VuCvI3zFRJ2uODu5L8jfjkOUM85P0FfHz0bGjxXN_aBlBZx6IUUaxhSp61KkQSRp6NTNKNI0okjC6AEEEkcSUySJ_zT8B-BKPFFIESfHTREEYgX9c4sCFo_LVryGO1Mv6Z6TRt2dIw68ng03iRM_a60n7nTDTCIk69nvR9F0RxR67nJdb4ZZnPQk81YatCDuM_RSn9GEnziJ5wTpikM_DfwgSQO3B7GTZH7mp6s7SbrCaDBqzVzHmcObK21u_OtzLHcGfstWj8MgHVkQhm7Ypf34h414OG4YrJksP_W84WTtm3Oc7jpz-UGQub543429PzOIvNCZLfJTt33RoZN5yQqTMHG-kjkc8f6rD7d3b8TpgzszGCOMmxu0EfuzP7U5x2i-x0i_O5zRRg8z50H32A3S6fbY8ZzluX9_Mv3lhgnj2siJr6LUdwI_cf9Wb_rNS-IvIg5H1B3n8x17gXg_aM2LnPDzHznOQ3xF_hf0G2sGLcpG94f3NUv7YTg9d66e-kE4p-P6aeh9-p0ejodty-9R5LZkSftBX96KVpysKEozP0qcIAliPxjzK_FcL-hx5veQsf_zvM_V97yc5gV-NH9njiSb4V_gxXH_qHYj8X5z0q8_CmYSOp9D96qJgiwZ1-WXPtORZpNRyzP5npet9Av347HWBVj4xfwzcf8iZ8vcUDzeS5zUjVown9r96cyvPAu8f8sdaQvSKG7_LCNCPOdrjC76fLe3Obo7srgFK87ScHkt7v9-HMwp7btJMlaajCyaWRDNOHR6lvb1kRImQTC9lXxgjjiR9p_U_-Wv_fLiyPt-vDjNnPA_890sS_7MYCRiH5j-fxEP91MWtzCKRjZa1j-h00-_5LRl8fe2GON7Nj_gUu9DIUgcd_l-4vvB_OvvjzjswQjbj2Xsp_9x5sVhmvjtwf6-LHrj_zEXztZa0L7Nd1jGvpvF2ezzKc8oTD_Zba2P0_V2fy3vnc4Psu9L2m9x8kloyVOPVho3L2tBNm9yFv6o4b6LTj9qjP2grezCyl3e-OSEPfT86SbvIF7muIGz3tQ6KSNC3ue9T1o0_el_mt4Xkuwt6BfgxIHvnaeGfiI2tE6WeS0MzlniGThRGmVBEHp_6fM7nts_v1nqM7p1PkQ9v_0jK3E-bnqYfglvWp2WtNG83p8rdRlPOXHkO1_6n_H-nL1t7slb_aylPQ3eX1In6MMNGYbE6dH4-PhKg7TPd_iVdd8PY_979ILpZn54npiJjQWd6J3LJ2ZI3-klXTJlgmVwOLuC5UY7uUvHBJsjaPMkngqXJFHh2fqRNE_Gw6oKAqgiXD-lU8R9uEAkI58CMpMnSake87MR2USPfVCwTQV7j10VghivcZhe2LmC2cMp0OEKlMthjegEc6Cbdt-oFm-xDbEkFhNlZAveMti6SL6AZBnajunoAQEMZMgAjwIRRuQCFgwkqUudidzk0QvTFBEfdTGvtoh0kQRC4hIKnpxKGFVGeukkRhTFQlqxnIO2dd0c9uIJqTMstsY3jXya8IVUOWzLMYUY7xMTL4QLHcKIiQ_pG33yKwihYCO3Dh1c3-iQKUJnpor2T7szTC73ZPeyGIiGVUG67hiycXiSJEwFkIpXq9i-goVQIC5laLsaPJDk4k8GREfgcYqE4CKOXP6crIrVJPkKVaRlAHqcCPSNWTZmNABn20YVc8hCtUqwoEDZUxvXuEUKBb55KI4eWAxU4MG1OkBRPYnK8EqIzp5cu1rAE-geL32Qn2xAhl-HnilvILA7UdOoR_eH2yB8Hy5olBsweo6JW0hjdxRCC-K5UICYhIQm1q6-QnEXxOf8ENHywluRpSWo94N8H5iEqUtACjoKBSQqlABFi-IJcI3E2I3v0vzQfreyUwASG68MLY34LLXddCG6NajAVEEXjU5XRkoiSAFAIifJH9sBEG83jWVvVKZm_Tiq1oakfVBrGxXPhgfvEO0xtCIqAJ_OPvFxlQIVeUuVW1dIowqxduj_OCfaKVA-MsRThfx5iCdFAlr3ikiSVZCsq0wKxBPYVpn-QbKA9FBQIGxkbC53bRKtLd4pQtxdoLVOws_9t2kR4FC8Jud_MZapoaswUVv9E9D62goKIDWq5bwI3M8j5S-Da1tEGwi29rh5WsXm034GgJ9IkKvEUpHWVNG8LDYp4gtZ4gGsChxlQVaHUsURIFWohiqdg3avQL5XgFckpqwiiTvxcnmniN5YZXDlLVKSD11oTFgb7a8BrwKDhhan3yyTu0k49qHAIF2LBP13Y_TexYSehl6EAEsrwKPF7IpQWUrrMtIoZqOlcTSLWFHNGFatGCcxOqdcJ_hIA_d8gD0R6MYh2JMEpMQikF9cDKQUh3w5RAQakEki4sYdpk65US6DEPljI876ojLMQdgslKZpgGXw8hrCZpCYy6A3vWBPGNL1uhu-2BCCPaFPdhxstIhOpsb5Fi1tIzLs2dBQblQXCgb4JovdACzUlgyhf9h6jJRTBRK-Y5qHFimhcm7h4eKOkzrNLdp-LDcBr-VExiLAECjLCjUF6Mg0wGNXGKapfcXUWAv0&uniformat=true&callback=Ya%5B6530439524846%5D
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
8db6217d64d1013bb8e862dbd57cd8c0dcde72b19c6c76a39d7fe2d500c35513
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=, upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465452628490-7518905998177779796-balancer-l7leveler-kubr-yp-vla-220-BAL
content-encoding
gzip
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:52 GMT
uniformat
true
date
Fri, 06 Dec 2024 06:10:52 GMT
content-type
application/json
last-modified
Fri, 06 Dec 2024 06:10:52 GMT
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=, upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
timing-allow-origin
*
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://1275.ru
uniformat-product-type
MediaImage
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.180.204.90 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
bs.yandex.ru
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://1275.ru
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://1275.ru
access-control-max-age
1728000
content-encoding
gzip
date
Fri, 06 Dec 2024 06:10:53 GMT
strict-transport-security
max-age=31536000
timing-allow-origin
*
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ 		0
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.180.204.90 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
bs.yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Fri, 06 Dec 2024 06:10:54 GMT
access-control-allow-origin
https://1275.ru
x-xss-protection
1; mode=block
date
Fri, 06 Dec 2024 06:10:54 GMT
last-modified
Fri, 06 Dec 2024 06:10:54 GMT
optimize
avatars.mds.yandex.net/get-direct-picture/117537/nGp0AY6mZcH_lDbUSsH7KQ/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.mds.yandex.net/get-direct-picture/117537/nGp0AY6mZcH_lDbUSsH7KQ/optimize
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.247.181 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
avatars.mds.yandex.net
Software
nginx /
Resource Hash
0665feb4b4bd2948c855c55381634733cd7eb8f98bd3c1fdfa7889783f644064

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-request-id
766a53f57c13bd8
cache-control
max-age=31536000,immutable
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
timing-allow-origin
*
access-control-allow-credentials
true
report-to
{"group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/s3_nel?datacenter=SAS"}]}
access-control-allow-origin
*
content-length
157954
date
Fri, 06 Dec 2024 06:10:53 GMT
content-type
image/webp
last-modified
Tue, 19 Nov 2024 18:58:43 GMT
server
nginx
render.html
yastatic.net/safeframe-bundles/0.83/1-1-0/ Frame C636 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
Requested by
Host: yastatic.net
URL: https://yastatic.net/safeframe-bundles/0.83/host.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.154.131.217 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
static.yandex.net
Software
nginx/1.17.9 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Referer
https://1275.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, max-age=946708560
content-encoding
br
content-length
6262
content-type
text/html
date
Fri, 06 Dec 2024 06:10:53 GMT
etag
"eb77de48712912aadc9aa8171ac75ede"
expires
Sun, 06 Dec 2054 12:44:26 GMT
last-modified
Wed, 03 Nov 2021 13:42:58 GMT
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
server
nginx/1.17.9
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
vary
Accept-Encoding
x-robots-tag
noindex, noarchive, nofollow
watch.js
mc.yandex.ru/metrika/ 		167 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.250.119 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
d5a55592f4a6876494b954640a81ed7afdd761d01be51ed05862a8ef69b1a589
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://1275.ru
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=3600
timing-allow-origin
*
content-encoding
br
etag
"674f133a-ea0c"
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires
Fri, 06 Dec 2024 07:10:53 GMT
access-control-allow-origin
*
content-length
59916
date
Fri, 06 Dec 2024 06:10:53 GMT
last-modified
Tue, 03 Dec 2024 14:18:34 GMT
content-type
application/javascript
1788970
yandex.ru/ads/meta/ 		133 KB
34 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/ads/meta/1788970?target-ref=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&pcode-version=1170148&pcodever=1170148&comboblock-unencoded-vast=1&ad-session-id=3399671733465452457&target-id=79901397&pcode-test-ids=1111484%2C0%2C75%3B1135992%2C0%2C87%3B1106680%2C0%2C43%3B1139796%2C0%2C39%3B1164347%2C0%2C74%3B1116850%2C0%2C27%3B1167679%2C0%2C36%3B1156187%2C0%2C35%3B1154208%2C0%2C58%3B1139870%2C0%2C78%3B1161299%2C0%2C27%3B1160681%2C0%2C29%3B1170148%2C0%2C30&pcode-flags-map=eJyVWFtzmzgU%2Fi9%2BDlkEiEvfZJCxxtwqCSfuTkZDa7JNm8S7cdLttpP%2FvkeIOoa2uH2yETqfzv184utsTYRKOZmrjBapXM5e%2Ffl19qm5fWpnr2aO7YWzs9lju39kW3gO7dAOvNnz1VkndsFJpTImJC0oV%2FONKouYDgAkr%2BkxAEKu52PngCBqvqYbxQohOSW5ysuE8kIlVLC0GCDt3zW3rbpv%2Fx3CYcdB4QGuFlStmeSsIEqu1eua8o2qCCf5AKv9%2FPcIxXcibFBYQkvQR8mUKJF0iEY3VqQqpwkjasEyKgaA17sH1dzejkCjMEAH1Xiu6iIrSXLCP34Qee6LfySZZ2AT5YKVQ4fA1jDA0Ug6Ch0jndeZZHNS6MjUBVswmoBZkvIFGcVo5A1Q2wmCDkMbP18pwd5QoRYlVwfvxGU%2BL6dQtBm2QeFcFfRCcSprCC1ZgA4qzli8UnLJyzpdTnokQMj2og5I5IRLHdSaKnpZqXlGAETn3zHCn7O75ub2%2FOEJUP5r7rftZ%2Fj%2Fx81d81e7Hyz91dx1K9sv7b3Z3ny6edyZv3fnRw%2Fb%2B5t%2BVSMfEGDhoflyu%2Fvyvn%2F95cH8Pj0055Cp%2B%2B82fGh2dze96O6j%2Fr0amIrB9cZUKqEIFgSCCPmbUlXU%2BZzyKY8HGLmB3UlvCOSNZLFaUIj6PCvBTSxRF0sm6Q%2F8xS1mOV6EoNotBJDHz87o2R09e90zsRyMbDtwenli4TD0fGQhdFjwwbxAH3A1aCiRj%2FxO6YVQWVlWUF2XU2aG2HWRSXGdVWkllYg5q%2BSkUOA6kelbCRNdSZkMjMtiwXgOzhpV1wggcrAbmlOTN7QwbWFFMypPyaHQiQb9aUmKJNNhKFa9ErqySCLrYrIuIzdwsGl1guRUbQCHXqqkzAmb1iGwAz8aGF9WtOByripOK2hqkqh5na0mQSLs9V0BtqdqSUkynY%2BQDyH2TQMkYlPEpnKPRb7O9u2jzsCj90rrlRBQqWuWZ8N3FGzWzhqt9y9Gq3qq%2FQzgp0ewgkllFkiyKC9Hr8FZnK0IJE6tm%2BnobVyWKwabiIyXel78eFfFy5wJ%2Bt3BXaFr83stu2472jXswDBwO4V1Tb3f7R%2F32pl6EF09DyKBwiDqe6ioFGSi7EfZBZPLspZwYsI4jSUAZptuw3RonQCYgClbaFR9VpGqyso16MZKocCEmPDkBEzk2PhQHQccAe3veODEMH8lW%2BvwkXjZKa03xxlh%2BakkdCL3yHRoLuqSEfA%2FYIFHhRTT4q6DA3wQj2shyxzSJlVsQYZd1MNt07xFvhW1zbXlBY1rvQ38rdVcv%2FU9WMNbrJtpgJvQ911svdv6keVF4bUVbaPQQva7BjVb1Lxthy0SdIBd4Y90qCiPaTEIlX1u2%2FjXpONFOizGCMGwDSJn9gqdzVzbBiLg2Qienn8CqMvnGzcxNTPtTA%2F6kHFmLHjPzlKW55N9T49%2Fx%2FdHYoICceSWgPyYFsa20w%2BYQ%2Bp3U%2FFnw9B3I9DTxaMYYNdzjOod6c01lYL%2BkilSiItTOYgjjJyDDpXuDkpyIC%2FguuHpro0cMBbjmY4A8j04daxK6IW9RcApFxlJT6RwGAVhzyoqGhsmCIzwte45SVdlepBWQKZoPsqm78EioMrGDylQlPUKWEpe9hQDLgAwGlgyzCqEMdQ4EPj9339oIOvTzbbdWZ8%2BWu325n7XmufzD%2Fvd%2FWyYaJFvo5fLBkkSQ%2BWFkqWZnDXPjrqETCcZKdKAPUEqK8lyYLUqXlJQPKkrgCOQD6fdCTBwh%2BlQKmhU31o%2BqDSfHKAg6ITeS7P7fWH8cs%2BhRdco5RIipmheyY0iseYwAFvQ7De5OoCj0HaHntGsIBHVCTkf9xE6yKUdc4WcMLE6IR9EvjmXXsKcLKCe4ExdG4WoSiD7J3sK8myvdwxcCbrw6ZOFua3BcBtOoDtnJO1EoXeoTLipgOdiqI8Y5sx0Y0EeUMqXiCzqLAMeSoEb9gQvhl%2BY5yVnUFQnCSZc3TygSwe8NbD3mLKsy3WSxUC4WLqcLk4Ec8VxjgoG6IvSNwnoVr8mD5c20ymOzOntACWyObQs0f0Ds07RP7iehiEalC8AJuAMRjIz3X84guEubQGFsR7af55aTWmGnw9wFL2YePhuoIl1QsQSTIWKkJtqGLx%2Fbx7fq2Z7vfs86gi%2B39MYc0WvFIXcgYrJyqFx7x5Hl3s3gtQd1%2BMc8jYxd4r0VLDd3tODDw4ds2G55oEboGX1XE%2BoFZ1WBRyN7bEqI5640EZpZ9WxHJmmfbN7elRt87AfpwMkhOHvEDwBPVLqdCQJqTo2tnZOfVVB%2FeChwOiKmH5TTiw53H6mrcKeY4dH5WA6PFB28majP4tweSpAYfDilZdbX6m%2FadQS7m3glGkIHzk9dez1zjlh3VeUUrsVWm3He6Y5LvJtvy%2BDKi4Tuh6VDTAumHLhUMYsPV89%2Fw%2BytLIM&pcode-icookie=Ocw34TF23ILCQYF7PyIdUx4Yk8%2Fm3ju3ikAMNc8n2U0cVV8722gg5MpPtJp%2BM3Pzo%2B6vKsale0N8e%2BMFU9%2BTPGeKFA8%3D&disable-base64=1&imp-id=3&ecma-version=es2017&charset=utf-8&skip-token=yabs.NzIwNTc2MTA2ODkyNjMzOTQ%3D&test-tag=406819302277122&tga-with-creatives=1&top-ancestor=https%3A%2F%2F1275.ru&top-ancestor-undetermined=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A300%2C%22h%22%3A0%2C%22width%22%3A300%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1050%2C%22top%22%3A1951%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A1%7D&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjJ9CkKlpJDkuGkB1PrBJn-lFQSaX-9Pmjzkc8KcpyEzPJneK1I64W4iIxFZkgY2aJtjPyYHnugnOv-22XwC_k2cOk3aLoBeBnAJY1URmXRbm_DjM3zXiapixRiDGKmCdWR8jcsTkPHb6gIyzdZ4TUDKnmsjXpZuchEso23USBBtMABHqu98k6AgzdPED_OUjLzQIeM2bW1rcRuYwt70YdgczTYt4R6mpTVLA1MIriQKyQVk5KX3aXaCPXhL18EUckxdy7XG5fCW1vLenMXmaVu3LSJeUwDmR3kfuN3zNE0TmcMxDe7Scl1bVl9G3wg4eePO1nOj6RzT0m2ER3pvcxm5YRPxNaGArNsI5Sm6rbXnXhIMoc3JebZFuL-21qwnefVmfIvwf00FVsVjwlXxVEhM2CruViFuJhyVpUKpXECp-CqWissEgYx8lVeaIZqcK7yODb91mtYVlty2rKPL5vGoU57GV_Z1FFYFfAlE-fwh5JVHBFbB2TyZUG6z2E86z647bbANWyMoW8dZOD6FIl7RUv5Nc7cEMtcIOC0fbF0zRVzmBEwbGg0Hf-n54Nu8bjRLzOMHUXZZF4DO5v37a9o8W7ObTtcoiU1kLY1t0DAjXbwLQoBVK16aurUVFRgVwqcAjgpRxaXrUwVEDW9sFVfFYsJgMJGzeeL0yk0pca-3ZQy-kD5jhY0mzBW_wyhEFYYSoZgYZNZ_cT0zd9kW5q3KvwzNHu-Q433zCipwMkWZSXKt4lwVrj5TQb5vaWw957Anz9b5m86L7p5i9fls7rSW_QH19p7INAhy2xxbW0T54mgVwHiLnBsMi3yc2qe551x7GKbs4DpnWTLYZx5AVZz3LajvWfhM6O9ETNif6uJKgFbxS6IxbUu-X_hlgJUMfipX8Bd-c9WqCTGyU5_EFPMRZdXmLqJWzryTGCCJiaXjhRj0SxfDhayzKMouJva-qkGkYeet2X6wCpwKgQlLhfa_4n7YsP7TO5glD9RsbhNkHkWaUCRZkpyCf37wt6zE5w_iCFRAPVnY79XlCegb0aVyI71UbpX1hgr7nRrms-AxYe-fwFIhf25Zb6HeMt2yirefCeKZn5o11iXuTA5UJozfYalAf4pgPyUcJojV446btd-IALdrklWo-yniM-Ee1X1r-F_LWQqch7lK963_QHyK_X9_SF_fEJ88EGqbOMePdR__OEjH-GR-y18tEzYlvbJngvTMT5f1X9XlG60U8by4NebgVtbrjAnqkwypTs-vrZtX65Pqoty_UMuF_LSA_sph_bswa0LxKW8VYj2O9cwwVDzKg8GvWvXoPnt96WGhPyuEUjoT5B8Nwv_BBDAmqN89Ht1BTBApdzGgD3gAID-pP6buPh_eV3UHSjfUevGU-c_LyOE_jFvLxlOxmTDqAX_LLWwl81CUqs6rcJjQy3Cg7q_nu3jD3rfBBKU-B_NBfmau6TIRivTB89Xz4DzJsEqsHu2iPICubbJqjEKlICPnYAojeLlmjhxhQpwRBy7xe4XJ_tAxcr79SvbtDMFWaCvsMhyR0cSslvY27Fe7bbyqPtws1dHVjDOonF9TpS4UIFrzbZHpbNLirXrtpHiitapyUJQx_ULFLSsgTns_5v1xnAIwHsv-xsk09EIWl2OYXFsv2gvgJjR5QpEgjOj1ILjvxUIBCUCjTumUHQNkrbSUxxEU_xEbghpyeMWov3t-4OCez5aYP5UE6pmHYhbesT9UnhXuRfpH4qmUi-eLKMjPVMzxRfRZ4o-wXU07nBpF-NXE_0isanPxanhBPc-7yfL86xnrfPCjdavAKBGDu2tYgbJrrEAsng-ruifOedt7PmBtq5sIdMmlEDeuqbWNsumEmsnZSAzzrzR5Gy1ilEjQUG6SZiD8YETadP00OCqeOQg3WhKkqNBcmUh0FPDboKQ3-3cvVuX8zooZrs5TC2HCYfSIff3cz6f1z__uLhiFh2pN-McqtUGma4ZpEZ1OJTXnemwDiWbYhApOU2HbaP9pnLN-ijGvekc25NVEyo51Ch8khjXD3aSkcu3Y3ztWsYOvP94y1RKQ2lybcGnwpOGfPmjnGQ8Af1e7j3f26i0hKMUIYxV4NMX0c071YcmPV0NLLayxih1WeCCeDYHFhP5mDmo9j6XYRkhVH0Oo_QO6BjKcIw1ytQTVEJYqP6CBV9RujRUmXEolnVRHUJ-Ke6ENn4CE33i8LcMiM4lMa8uflLMuRE4Vw6R7Q7FDPx3Cae27FPzf03TOBPEJrmVCOjtwIDdqhOtxgGhJgQgaghIZoB0kIWhLR4DaQGJqFDqBjkbSrIo-PIKlL5-48yQYBXsvqx0p2Kseqhq16NpPjDhr0Kr1h12VIN6uyvJawi8K9xUKzHNuSjlfV_gFCPRd1YBs8itsrUrao7e5RWPl9XMo5e8LL0ql8KoKQakKFvci-JXXVgFZv3x1V_2XtWup2GUWblWcErb5LLIchXiyThNffHhtyFWZnV4DWbq4Jh1arRVG2cWVsdz41XOU8Ku4V8wq5kxrfUyJDEi72KzL_xMG5Wz6VuCvI3zFRJ2uODu5L8jfjkOUM85P0FfHz0bGjxXN_aBlBZx6IUUaxhSp61KkQSRp6NTNKNI0okjC6AEEEkcSUySJ_zT8B-BKPFFIESfHTREEYgX9c4sCFo_LVryGO1Mv6Z6TRt2dIw68ng03iRM_a60n7nTDTCIk69nvR9F0RxR67nJdb4ZZnPQk81YatCDuM_RSn9GEnziJ5wTpikM_DfwgSQO3B7GTZH7mp6s7SbrCaDBqzVzHmcObK21u_OtzLHcGfstWj8MgHVkQhm7Ypf34h414OG4YrJksP_W84WTtm3Oc7jpz-UGQub543429PzOIvNCZLfJTt33RoZN5yQqTMHG-kjkc8f6rD7d3b8TpgzszGCOMmxu0EfuzP7U5x2i-x0i_O5zRRg8z50H32A3S6fbY8ZzluX9_Mv3lhgnj2siJr6LUdwI_cf9Wb_rNS-IvIg5H1B3n8x17gXg_aM2LnPDzHznOQ3xF_hf0G2sGLcpG94f3NUv7YTg9d66e-kE4p-P6aeh9-p0ejodty-9R5LZkSftBX96KVpysKEozP0qcIAliPxjzK_FcL-hx5veQsf_zvM_V97yc5gV-NH9njiSb4V_gxXH_qHYj8X5z0q8_CmYSOp9D96qJgiwZ1-WXPtORZpNRyzP5npet9Av347HWBVj4xfwzcf8iZ8vcUDzeS5zUjVown9r96cyvPAu8f8sdaQvSKG7_LCNCPOdrjC76fLe3Obo7srgFK87ScHkt7v9-HMwp7btJMlaajCyaWRDNOHR6lvb1kRImQTC9lXxgjjiR9p_U_-Wv_fLiyPt-vDjNnPA_890sS_7MYCRiH5j-fxEP91MWtzCKRjZa1j-h00-_5LRl8fe2GON7Nj_gUu9DIUgcd_l-4vvB_OvvjzjswQjbj2Xsp_9x5sVhmvjtwf6-LHrj_zEXztZa0L7Nd1jGvpvF2ezzKc8oTD_Zba2P0_V2fy3vnc4Psu9L2m9x8kloyVOPVho3L2tBNm9yFv6o4b6LTj9qjP2grezCyl3e-OSEPfT86SbvIF7muIGz3tQ6KSNC3ue9T1o0_el_mt4Xkuwt6BfgxIHvnaeGfiI2tE6WeS0MzlniGThRGmVBEHp_6fM7nts_v1nqM7p1PkQ9v_0jK3E-bnqYfglvWp2WtNG83p8rdRlPOXHkO1_6n_H-nL1t7slb_aylPQ3eX1In6MMNGYbE6dH4-PhKg7TPd_iVdd8PY_979ILpZn54npiJjQWd6J3LJ2ZI3-klXTJlgmVwOLuC5UY7uUvHBJsjaPMkngqXJFHh2fqRNE_Gw6oKAqgiXD-lU8R9uEAkI58CMpMnSake87MR2USPfVCwTQV7j10VghivcZhe2LmC2cMp0OEKlMthjegEc6Cbdt-oFm-xDbEkFhNlZAveMti6SL6AZBnajunoAQEMZMgAjwIRRuQCFgwkqUudidzk0QvTFBEfdTGvtoh0kQRC4hIKnpxKGFVGeukkRhTFQlqxnIO2dd0c9uIJqTMstsY3jXya8IVUOWzLMYUY7xMTL4QLHcKIiQ_pG33yKwihYCO3Dh1c3-iQKUJnpor2T7szTC73ZPeyGIiGVUG67hiycXiSJEwFkIpXq9i-goVQIC5laLsaPJDk4k8GREfgcYqE4CKOXP6crIrVJPkKVaRlAHqcCPSNWTZmNABn20YVc8hCtUqwoEDZUxvXuEUKBb55KI4eWAxU4MG1OkBRPYnK8EqIzp5cu1rAE-geL32Qn2xAhl-HnilvILA7UdOoR_eH2yB8Hy5olBsweo6JW0hjdxRCC-K5UICYhIQm1q6-QnEXxOf8ENHywluRpSWo94N8H5iEqUtACjoKBSQqlABFi-IJcI3E2I3v0vzQfreyUwASG68MLY34LLXddCG6NajAVEEXjU5XRkoiSAFAIifJH9sBEG83jWVvVKZm_Tiq1oakfVBrGxXPhgfvEO0xtCIqAJ_OPvFxlQIVeUuVW1dIowqxduj_OCfaKVA-MsRThfx5iCdFAlr3ikiSVZCsq0wKxBPYVpn-QbKA9FBQIGxkbC53bRKtLd4pQtxdoLVOws_9t2kR4FC8Jud_MZapoaswUVv9E9D62goKIDWq5bwI3M8j5S-Da1tEGwi29rh5WsXm034GgJ9IkKvEUpHWVNG8LDYp4gtZ4gGsChxlQVaHUsURIFWohiqdg3avQL5XgFckpqwiiTvxcnmniN5YZXDlLVKSD11oTFgb7a8BrwKDhhan3yyTu0k49qHAIF2LBP13Y_TexYSehl6EAEsrwKPF7IpQWUrrMtIoZqOlcTSLWFHNGFatGCcxOqdcJ_hIA_d8gD0R6MYh2JMEpMQikF9cDKQUh3w5RAQakEki4sYdpk65US6DEPljI876ojLMQdgslKZpgGXw8hrCZpCYy6A3vWBPGNL1uhu-2BCCPaFPdhxstIhOpsb5Fi1tIzLs2dBQblQXCgb4JovdACzUlgyhf9h6jJRTBRK-Y5qHFimhcm7h4eKOkzrNLdp-LDcBr-VExiLAECjLCjUF6Mg0wGNXGKapfcXUWAv0&uniformat=true&callback=Ya%5B1020699724984%5D
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
f97690a1a2151e1cffa137e78461c2fd620f5b48eac09297d47fd5503f5df43c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=, upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465453331984-4548636130867995563-balancer-l7leveler-kubr-yp-vla-220-BAL
content-encoding
gzip
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:53 GMT
uniformat
true
date
Fri, 06 Dec 2024 06:10:53 GMT
last-modified
Fri, 06 Dec 2024 06:10:53 GMT
content-type
application/json
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=, upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
timing-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
access-control-allow-credentials
true
access-control-allow-origin
https://1275.ru
uniformat-product-type
Direct
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ 		0
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.180.204.90 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
bs.yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Fri, 06 Dec 2024 06:10:54 GMT
access-control-allow-origin
https://1275.ru
x-xss-protection
1; mode=block
date
Fri, 06 Dec 2024 06:10:54 GMT
last-modified
Fri, 06 Dec 2024 06:10:54 GMT
1GqP8xpm0K8200000000U9nJpBvgSUWtu_T4m-icbQ_NfVvAiSoP6fJE00IUC97GbjM-CR5QFj8CgOn0ySph9YyVWiHBGRpQgq2YbR4PICvaF5d100OB6NDy8QoLZ5nI4DPUniKNk1cEWlbd6Pc18bSPGGRSPMIGOM3u2sRFPM82aakPT82SjKmHGCvPflz0y8f9e...
yandex.ru/an/rtbcount/ 		43 B
1 KB 		Ping
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/an/rtbcount/1GqP8xpm0K8200000000U9nJpBvgSUWtu_T4m-icbQ_NfVvAiSoP6fJE00IUC97GbjM-CR5QFj8CgOn0ySph9YyVWiHBGRpQgq2YbR4PICvaF5d100OB6NDy8QoLZ5nI4DPUniKNk1cEWlbd6Pc18bSPGGRSPMIGOM3u2sRFPM82aakPT82SjKmHGCvPflz0y8f9e7IDiUnr4qQ6hjST3oPhi37yPG8PqShC2YHxcVc1v5HcaCXSPf0H6vbNygk-okNNqp_93FFXLMQmTM3oARFYexiyFvaTdFWX3cPHrNW2PcrWOTp1yXy660-mCDraWNZWW_r3bhJGV7NrjglsRrb0tbZ0AdYIjK1642nzWRMX8U4cAyoshwmW_RzOEOqCJItCp2sDpHlO5XxvdjR1ri0oWUtrgiSJz-m_y3jn1jkLmy4Bs7gVlVjuUc7BheILR30h3h3Pd61ZViJ6cr7kRcKSL6HicU9QRZwHFK5Xav2ws5lxMUpiXeRc1eOc5WlO6LUmCsvWTzp1pdE2NVm1-ue5Ltvi-j2mtFq7Eqy7H_02ZfCV6LTml9d5k86ZosG71-Cj3epWNC3PmBo2ivDf0oVh1KwM5voC7pWPVt0oBk02Qlt8DR-kfNOdvow7HcwmLwClEtI2MGv6znm0PO30Am00?
Requested by
Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/1170148/02aa366ebfd7249e2a0c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465453407340-13415116043067496364-balancer-l7leveler-kubr-yp-vla-220-BAL
content-encoding
gzip
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:53 GMT
date
Fri, 06 Dec 2024 06:10:53 GMT
last-modified
Fri, 06 Dec 2024 06:10:53 GMT
content-type
image/gif
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
timing-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://1275.ru
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.180.204.90 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
bs.yandex.ru
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://1275.ru
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://1275.ru
access-control-max-age
1728000
content-encoding
gzip
date
Fri, 06 Dec 2024 06:10:53 GMT
strict-transport-security
max-age=31536000
timing-allow-origin
*
x-xss-protection
1; mode=block
event_confirmation
an.yandex.ru/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://an.yandex.ru/event_confirmation
Requested by
Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.180.204.90 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
bs.yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Fri, 06 Dec 2024 06:10:54 GMT
access-control-allow-origin
https://1275.ru
date
Fri, 06 Dec 2024 06:10:54 GMT
x-xss-protection
1; mode=block
last-modified
Fri, 06 Dec 2024 06:10:54 GMT
wy300
avatars.mds.yandex.net/get-direct/5439082/kq1Vo0H2UhXPHKGA3k6IxA/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.mds.yandex.net/get-direct/5439082/kq1Vo0H2UhXPHKGA3k6IxA/wy300
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.247.181 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
avatars.mds.yandex.net
Software
nginx /
Resource Hash
765675f05ae98cc3a35c4bd21380eb79429c46e3df30789b647efe24bae7d905

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-request-id
6da48966a7a3702d
cache-control
max-age=31536000,immutable
nel
{"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
access-control-allow-credentials
true
report-to
{"group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/s3_nel?datacenter=SAS"}]}
access-control-allow-origin
*
content-length
24188
date
Fri, 06 Dec 2024 06:10:53 GMT
content-type
image/webp
last-modified
Tue, 25 Jun 2024 11:00:56 GMT
server
nginx
m-smile-vsena4.ru
favicon.yandex.net/favicon/ 		948 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://favicon.yandex.net/favicon/m-smile-vsena4.ru?size=32&stub=2
Requested by
Host: 1275.ru
URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
93.158.134.36 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
favicon.yandex.net
Software
/
Resource Hash
5195cbc0c22eaedc8df45ca744e89a2ee87932e43771330686cf5e5279290e83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=43200
access-control-allow-origin
*
X-XSS-Protection
1; mode=block
Content-Type
image/png
X-Content-Type-Options
nosniff
1
mc.yandex.ru/watch/1788970/
Redirect Chain
  • https://mc.yandex.ru/watch/1788970?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqng...
  • https://mc.yandex.ru/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afq...
547 B
724 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A0%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081054%3Aet%3A1733465454%3Ac%3A1%3Arn%3A267256607%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465454%3At%3ACuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29
Protocol
H2
Server
87.250.250.119 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
197224fde0ccd66576a6e4e774a9dcc925e16c5af9f7af4bb77ba493cc9c4372
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 06-Dec-2024 06:10:54 GMT
access-control-allow-origin
https://1275.ru
content-length
547
x-xss-protection
1; mode=block
date
Fri, 06 Dec 2024 06:10:54 GMT
last-modified
Fri, 06-Dec-2024 06:10:54 GMT
content-type
application/json; charset=utf-8

Redirect headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
location
/watch/1788970/1?wmode=7&page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A0%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081054%3Aet%3A1733465454%3Ac%3A1%3Arn%3A267256607%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465454%3At%3ACuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&t=clc%280-0-0%29aw%281%29rcm%281%29cdl%28na%29eco%28565312%29ti%281%29
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
pragma
no-cache
access-control-allow-credentials
true
expires
Fri, 06-Dec-2024 06:10:54 GMT
access-control-allow-origin
https://1275.ru
date
Fri, 06 Dec 2024 06:10:54 GMT
x-xss-protection
1; mode=block
last-modified
Fri, 06-Dec-2024 06:10:54 GMT
1275.svg
1275.ru/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://1275.ru/1275.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30d219fdd2c143bf6199edb608a596f51e3bb692e5cd8803057a0c478a9140a3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/

Response headers

content-encoding
zstd
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj5lDPATds3Xf1vAC%2B%2FypyOmtlR13S1mxDfjvTdjOvdiwz8v8YQrc8CwiLPnSC8TOJem2LpDjKes%2FHtzI5ACqH8YyWL%2ByYU7P4y%2BJVb38X79FTdKztLL0UZN"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=137229&min_rtt=127485&rtt_var=3808&sent=308&recv=117&lost=0&retrans=0&sent_bytes=318720&recv_bytes=33219&delivery_rate=6490&cwnd=135600&unsent_bytes=0&cid=24b4e9dbce22fd7f&ts=4944&x=1", cfHdrFlush;dur=0
date
Fri, 06 Dec 2024 06:10:54 GMT
content-type
image/svg+xml
last-modified
Sun, 17 Jul 2022 14:47:18 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8eda1d920df56554-LHR
x-xss-protection
1
server
cloudflare
metrika_match.html
mc.yandex.ru/metrika/ Frame 9343 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/metrika_match.html
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.250.119 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://1275.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin
*
cache-control
max-age=3600
content-encoding
br
content-length
1473
content-type
text/html
date
Fri, 06 Dec 2024 06:10:54 GMT
etag
"674f133a-5c1"
expires
Fri, 06 Dec 2024 07:10:54 GMT
last-modified
Tue, 03 Dec 2024 14:18:34 GMT
strict-transport-security
max-age=31536000
timing-allow-origin
*
1
mc.yandex.ru/watch/1788970/ 		43 B
158 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/1788970/1?page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1733465454_9095b30c2f2bc9e5f668788efa6d61ae472d6598fa57fb78fea56ea64a790e99&browser-info=pa%3A1%3Aar%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A1%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081055%3Aet%3A1733465455%3Ac%3A1%3Arn%3A327537426%3Arqn%3A1%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A3256%3Ads%3A0%2C0%2C623%2C102%2C1023%2C1023%2C1%2C1555%2C33%2C5958%2C5958%2C0%2C3343%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465455&t=mc(p-1-h-1)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(565312)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%223399671733465452457%22%7D%7D
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.250.119 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials
true
expires
Fri, 06-Dec-2024 06:10:55 GMT
access-control-allow-origin
https://1275.ru
content-length
43
x-xss-protection
1; mode=block
date
Fri, 06 Dec 2024 06:10:55 GMT
content-type
image/gif
last-modified
Fri, 06-Dec-2024 06:10:55 GMT
1788970
mc.yandex.ru/watch/ 		43 B
180 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/1788970?page-url=https%3A%2F%2F1275.ru%2Fioc%2F1112%2Fcuba-ransomware-apt-iocs%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1733465454_9095b30c2f2bc9e5f668788efa6d61ae472d6598fa57fb78fea56ea64a790e99&browser-info=pv%3A1%3Aar%3A1%3Avf%3Afqngs4ku2ry4ydu78wzu8osbu73%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ahe-IL%3Av%3A1541%3Acn%3A1%3Adp%3A1%3Als%3A1103029123430%3Ahid%3A678764742%3Az%3A120%3Ai%3A20241206081055%3Aet%3A1733465455%3Ac%3A1%3Arn%3A407572778%3Arqn%3A2%3Au%3A1733465454471801183%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1733465448388%3Arqnl%3A1%3Ast%3A1733465455%3At%3ACuba%20Ransomware%20APT%20IOCs%20-%20SEC-1275-1&t=mc(p-1-h-1)clc(0-0-0)rqnt(2)aw(1)rcm(1)cdl(na)eco(565312)ti(0)&force-urlencoded=1
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.250.250.119 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-credentials
true
expires
Fri, 06-Dec-2024 06:10:55 GMT
access-control-allow-origin
https://1275.ru
content-length
43
x-xss-protection
1; mode=block
date
Fri, 06 Dec 2024 06:10:55 GMT
content-type
image/gif
last-modified
Fri, 06-Dec-2024 06:10:55 GMT
WPKejI_zOoVX2Lae0JqC04FLK1v4emTH1i7aTxpUS8VhTx8wZbvdhv2JxSdH_GUp_z1OmW0wJXMfZHJLwOtKukPvmCQC6HpiiiENWGvU5qO0RxRBEzscaJwpAODjl4gbKgaC0EV8PeUDxXMnkfOov7RBYOFv0WTn01ku6iPnPbojXhqPnsMdrR3rDMGcpVP9ertIP...
yandex.ru/an/count/ 		0
112 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/an/count/WPKejI_zOoVX2Lae0JqC04FLK1v4emTH1i7aTxpUS8VhTx8wZbvdhv2JxSdH_GUp_z1OmW0wJXMfZHJLwOtKukPvmCQC6HpiiiENWGvU5qO0RxRBEzscaJwpAODjl4gbKgaC0EV8PeUDxXMnkfOov7RBYOFv0WTn01ku6iPnPbojXhqPnsMdrR3rDMGcpVP9ertIP3Cq-lpD-Uq1X4iuWGFWqW5eVG1PVmv0ZyHWri2tb-LY5MIG2OEs-aNBZH4AOXKd5xXKBs2xkHvIognOsD8LzAPCex9vm1KvQoLAwN4d0zndInXaocYPhET18Rkae4_mJZ0pnnCQQLtNiJ5Y6iPCmuWhQ7KTnbkDjAOPLi6Tm7IfNBoNkxm9ZQOU3TNyBikQk_-D7O1rNTUnj3b6wmMm2Ds8Wzj5pmufzz5mdixItki5lO0oMlWOEa3vxGXLM74ocw235VmWcxptDie-y0-1Xn7vTLdFiofVDDE_KRGcJHuUjT7v_xZUblv5BRfZr8dFjNMNkriE9IQHxhynpjF2YwfH91e0~2=WRWejI_zOoVX2Lan0LKD09EONSsulR951BmsLfUj0LyQ15W6nDTlDIa2mkkRUdW1mGN1v9kG6_7af3o1mhRJ-7VAz8uTybBV6KEVp-NEdkrtxhpXpbVPFE2AdBKIfVIuam7kioKCEeucdAJLu31y84rdnmDP9GLe7yZo5Q1z89ka0Eq3MRq2j2H-D5qXzCCAqYqWcu8DBkThWj2EImVK3eavtIGiIU0-XEag7xpU0rShfoO3fmSIs37dnzpmrSbwb1paYpFZQZNipJWkEws6BJrLK_PYtV9PZHW4NQ_HcJJR1x9y0MmpU8lG5NGERZe5CqrXkwIWJ_0kkS1DnP2REjR7w3ICsG8RpBSQQKqph88xWUakovfS2-2kBwwXG-k7bs8qjG_ElmJ-hm9LPT_hoLguh_LT9Ma_-xFCChtqoj1W64R7BRt3C3fkwQsl8npay-Pbb2yFW0JBrfEz4YpPEpz68Ej4Rkk_jFVcqD5b4CzlQLtN9NLq6SJpMez4ozvRbCzwscRK0iCC3_m4acD-0DXQlrtoelR_15ylNB1nKcpMuWbW5UsKDYrGcR4dN_1i0o9fLwGHKxfEcG00~2?ctime=1733465455421&media-test-tag=2251799813691219&confirmTime=2100000&confirmRatio=1000000
Requested by
Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/1170148/02aa366ebfd7249e2a0c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465455503782-14277248531527580800-balancer-l7leveler-kubr-yp-vla-220-BAL
content-encoding
gzip
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:55 GMT
date
Fri, 06 Dec 2024 06:10:55 GMT
last-modified
Fri, 06 Dec 2024 06:10:55 GMT
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
timing-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
access-control-allow-credentials
true
access-control-allow-origin
https://1275.ru
x-xss-protection
1; mode=block
1V4FJbRk0K8200000000U9nJpBvgSUWtu_T4m-icbQ_NfVvAiSoP6fJE00IUC97GbjM-CR5QFj8CgOn0ySph9YyVWiHBGRpQgq2YbR4PICvaF5d100OB6NDy8QoLZ5nI4DPUniKNk1cEWlbd6K5QhuB9kumCCWmCVy7ikKnCG78famwGivOf0iWvo_GV25un2PIkC...
yandex.ru/an/rtbcount/ 		43 B
232 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/an/rtbcount/1V4FJbRk0K8200000000U9nJpBvgSUWtu_T4m-icbQ_NfVvAiSoP6fJE00IUC97GbjM-CR5QFj8CgOn0ySph9YyVWiHBGRpQgq2YbR4PICvaF5d100OB6NDy8QoLZ5nI4DPUniKNk1cEWlbd6K5QhuB9kumCCWmCVy7ikKnCG78famwGivOf0iWvo_GV25un2PIkCPQzRiB8qFMwuy5a3JQ6lqpC88kPMO5aBpC_a9pA31APommoOYFpIdxLLxdyUledcM4-lCeCjWvCFcLMV7INvoUpWnC_nC4igXfFmAmDB8mxMFx30EC15gQRB10FVB1_o98Mcg-ktdRL_YqBo1iBM0LFiXR828AbBx0sD2JSP8NPzfKLfFyNAwUHeQc5cRcbiNa3sy8ZtzCws1fO9h2zNlLuufxz1tudpc2xSZXu0LllitSVJozisPMmaWrcnG4scnDip8_OU3FAtQsCWugCBLDSoyqdiYSeR19I5tjhFukTtT3GtC3Gn681E-CATiODx8uxs7bEi8i_O5-nuCgFJHyQbhl_OEVfu0XUm77o8-CAZZUp63TmT9diu62ynO4Hd0iu6vXNS7OoRU1alS39yeAJyGCdumzEnWLSGAqVkURNjTJkvDpbqCWDzchqPOTECCl1w9u3067im2a0?media-test-tag=2251799813691219&confirmTime=2100000&confirmRatio=1000000&test-tag=406819302277122&ctime=1733465455420&rnd=7257306648646
Requested by
Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/1170148/02aa366ebfd7249e2a0c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465455504077-4815107748780340966-balancer-l7leveler-kubr-yp-vla-220-BAL
content-encoding
gzip
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:55 GMT
date
Fri, 06 Dec 2024 06:10:55 GMT
content-type
image/gif
last-modified
Fri, 06 Dec 2024 06:10:55 GMT
content-security-policy
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: abs.yandex.ru an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs&project=yabs&yandex_login=&platform=
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
timing-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
access-control-allow-credentials
true
access-control-allow-origin
https://1275.ru
x-xss-protection
1; mode=block
WXCejI_zOoVX2Lbz0IqG08DUSpw4s8S8Un2D7aGP19DlGcx4avFo10hRJkFVATCxTiXBVMTimabQ3Gx31z9qTamI8FOvP3fdpt7RARLjc0z_ILYIm7q8qrK-UAKxzkl3xa4mqiFOkp5w4TJo_QBtv45SmW0wJXMfZHJLwOtKukPvmCQC6Hoil_dQw46ISrLXYv1HH...
yandex.ru/an/tracking/ 		0
183 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://yandex.ru/an/tracking/WXCejI_zOoVX2Lbz0IqG08DUSpw4s8S8Un2D7aGP19DlGcx4avFo10hRJkFVATCxTiXBVMTimabQ3Gx31z9qTamI8FOvP3fdpt7RARLjc0z_ILYIm7q8qrK-UAKxzkl3xa4mqiFOkp5w4TJo_QBtv45SmW0wJXMfZHJLwOtKukPvmCQC6Hoil_dQw46ISrLXYv1HHJYOBt0GDx6Sq4bj89VWXcqOBw746yGwMO-I6lZsiboiWWmoQHZx6d8pZWWFivgn5-kMpsh4CZLX2ZqCnVGQi2ThuMgu8EXwZVv0bY-0RGPl4UcE_SAWLxzekJ52GQpYv09N11Sg5dQg5x3TN0yfPLQQCetAvW5NvAoLAAN7dGnmdorXa2cZPR8c2EsuT43ja4YX24rXkwIWJ_0sTQoFqMaOimKsc6yrqffcM0Lt0jEbSl5Uxl8cD9gxn_ha6ZgqVdWfHbFxuFnBuFygK5NslGfKbNtkNQZrTq_Mmdsjxof9-rdVLPB6DFyiizm1MDTr7KkRPMWm3AFZbjvX61stz7O095YsdkoLOCdU-J42MIToM_-blJU7ZYw3U7vBwxekgQFB89xNUYHQzjwYVDPxdJaZPWu4B-W5p9LAfL962nz3DWq0vGU1gkHIAfNA3_mpbB6Fqwy0KMpH9OJ4-DMTAvQfWssfeFw4ipsNxZWR-29eLRjV_0LSndqIxvfWg3xl_m40~2?action-id=25&viewability-undetermined=0
Requested by
Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/1170148/02aa366ebfd7249e2a0c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
5.255.255.77 , Russian Federation, ASN13238 (YANDEX YANDEX LLC, RU),
Reverse DNS
yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://1275.ru/

Response headers

x-yandex-req-id
1733465458400152-9742932426073749334-balancer-l7leveler-kubr-yp-vla-220-BAL
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
nel
{"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
content-encoding
gzip
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width
timing-allow-origin
*
access-control-allow-credentials
true
report-to
{ "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
x-content-type-options
nosniff
expires
Fri, 06 Dec 2024 06:10:58 GMT
access-control-allow-origin
https://1275.ru
date
Fri, 06 Dec 2024 06:10:58 GMT
x-xss-protection
1; mode=block
last-modified
Fri, 06 Dec 2024 06:10:58 GMT

Verdicts & Comments Add Verdict or Comment

195 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ctPublicFunctions object| ctPublic object| UrvanovSyntaxHighlighterSyntaxSettings object| UrvanovSyntaxHighlighterSyntaxStrings function| jQueryUrvanovSyntaxHighlighter function| ownKeys function| _objectSpread function| _callSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _isNativeReflectConstruct function| _getPrototypeOf function| _inherits function| _setPrototypeOf function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| _typeof function| _classCallCheck function| _defineProperties function| _createClass function| _defineProperty function| _toPropertyKey function| _toPrimitive function| ApbctCore function| ctProcessError function| selectActualNonce function| apbct function| ApbctXhr function| ApbctAjax function| ApbctRest function| ctSetCookie function| ctDetectForcedAltCookiesForms function| ctSetAlternativeCookie function| ctGetCookie function| ctDeleteCookie function| apbct_public_sendAJAX function| apbct_public_sendREST function| apbctGenerateUniqueID object| apbctLocalStorage object| apbctSessionStorage function| apbctOnAnimationStart function| apbctOnInput function| apbctAutocomplete function| apbctCancelAutocomplete number| ctMouseReadInterval number| ctMouseWriteDataInterval function| CTTypoData object| ctDate number| ctTimeMs boolean| ctMouseEventTimerFlag object| ctMouseData object| ctCheckedEmails object| ctCheckedEmailsExist function| apbct_attach_event_handler function| apbct_remove_event_handler function| ctFunctionFirstKey function| ctFunctionMouseMove function| cronFormsHandler function| restartBotDetectorEventTokenAttach function| ctMouseStopData function| ctKeyStopStopListening function| checkEmail function| checkEmailExist function| getResultCheckEmailExist function| viewCheckEmailExist function| ctIsDrawPixel function| ctSetPixelImg function| ctSetPixelImgFromLocalstorage function| ctGetPixelUrl function| ctSetHasScrolled function| ctSetMouseMoved function| restartFieldsListening function| ctStartFieldsListening function| ctStopFieldsListening function| ctFunctionHasInputFocused function| ctFunctionHasKeyUp function| ctSetHasInputFocused function| ctSetHasKeyUp function| apbctPrepareBlockForAjaxForms function| startForcedAltEventTokenChecker function| apbct_ready function| ctAddWCMiddlewares function| apbctCatchXmlHttpRequest function| apbctAjaxSetImportantParametersOnCacheExist function| ctAjaxSetupAddCleanTalkDataBeforeSendAjax function| ctOnsubmitPrevCallExclude function| ctSearchFormOnSubmitHandler function| ctFillDecodedEmailHandler function| apbctSetEmailDecoderPopupAnimation function| apbctAjaxEmailDecodeBulk function| apbctEmailEncoderCallbackBulk function| fillDecodedEmails function| resetEncodedNodes function| getJavascriptClientData function| removeDoubleJsonEncoding function| ctProcessDecodedDataResult function| ctFillDecodedEmail function| ctShowDecodeComment function| apbct_collect_visible_fields function| apbct_visible_fields_set_cookie function| apbct_js_keys__set_input_value function| apbctGetScreenInfo function| ctParseBlockMessage function| ctSetPixelUrlLocalstorage function| ctNoCookieConstructHiddenField function| getCleanTalkStorageDataArray function| ctGetPageForms function| ctGetHiddenFieldExclusionsType function| ctCheckHiddenFieldsExclusions function| ctNoCookieAttachHiddenFieldsToForms function| defaultFetch function| defaultSend function| checkFormsExistForCatching function| isFormThatNeedCatch function| isFormThatNeedCatchXhr function| getNoCookieData function| apbctWriteReferrersToSessionStorage function| apbctCheckAddToCartByGet object| cleantalkModal function| ctProtectExternal function| formIsExclusion function| apbctGetFormClass function| apbctProcessIframes function| apbctProcessExternalForm function| apbctProcessExternalFormByFakeButton function| apbctReplaceInputsValuesFromOtherForm function| ctProtectKlaviyoForm function| apbctProcessExternalFormKlaviyo function| ctProtectOutsideIframe function| ctProtectOutsideIframeHandler function| catchNextendSocialLoginForm function| blockBtnNextendSocialLogin function| allowAjaxNextendSocialLogin function| forbiddenAjaxNextendSocialLogin function| ctCheckAjax function| isIntegratedForm function| isFormHasDiviRedirect function| sendAjaxCheckingFormData function| catchDynamicRenderedForm function| catchDynamicRenderedFormHandler function| sendAjaxCheckingDynamicFormData function| apbctVal function| ctCheckInternal function| ctCheckInternalIsExcludedForm function| jQuery object| UrvanovSyntaxHighlighterUtil object| jqueryPopup function| popupWindow function| popdownWindow object| UrvanovSyntaxHighlighterSyntax object| yaContextCb object| pseudo_links object| _paq object| eztoc_smooth_local object| ezTOC object| ajax_tptn_tracker object| settings_array object| wps_ajax function| Cookies object| VK object| ODKL object| _goodshare object| a3_lazyload_params object| a3_lazyload_extend_params object| addComment string| currentURL string| currentDir object| GET string| top_menu_mobile_position object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log function| cnc object| pcode_1170148_default_rusPHPjlzA object| Ya object| __activeTestIds object| __vasActiveTestIds object| __pcodeAllActiveTestIds number| pr function| AdFox_getCodeScript object| ya object| yaads object| yaSafeFrameCallbacksStorage boolean| isLoadingSafeframeStarted object| adfoxAsyncParams object| adfoxAsyncParamsScroll object| adfoxAsyncParamsAdaptive object| layoutConfig object| $sf object| yaSafeFrameAsyncCallbacks object| yaCounter1788970

40 Cookies

Domain/Path Name / Value
yastatic.net/safeframe-bundles/0.83/1-1-0 Name: pcssspb
Value: 1
yastatic.net/safeframe-bundles/0.83/1-1-0 Name: pcs3
Value: 1
1275.ru/ Name: _pk_id.97eED41Ee1b3d80.a7b8
Value: 0cb93579d513bbc0.1733465452.
1275.ru/ Name: _pk_ses.97eED41Ee1b3d80.a7b8
Value: 1
.yandex.ru/ Name: i
Value: ngEBmosXBwgSBJ4IPD4j656jwjFTHVrW8mPlQFbk6JspsNBN2EBXZCiqEoqlmUVUp2ccFqE3Iy5yCTj0rrW2Np4T9uo=
.yandex.ru/ Name: yandexuid
Value: 7059113121733465451
.yandex.ru/ Name: yashr
Value: 9877212361733465451
.yandex.ru/ Name: receive-cookie-deprecation
Value: 1
.1275.ru/ Name: cf_clearance
Value: .YZ6ceJbN4dNXYi_rJhfhYEBaA9i47Mdpv6MJXLUWU8-1733465452-1.2.1.1-PWR4RRo9NvQAzemYpBUdZ2KQMsnCt1h15LZAr3YRNzwJekhC20POow17TuxzkJwIYS9hgv.B0byI2a_AxFz5VIG04zglIgkT1kh6Deir6HX__8Mq3hIpJaVaNjFFRke7D3lmUPkqpKQlxAp3.goCJuHqm1ayxkGeSscW9IibR2l6_ERj5vqtCdhzTyKl9KtzMs.wN4LoyHF9oRFUidxGkG1Tp78tdufvZtulvjUPChWRdQuByCpQ78vnJOWzCr2kqcIKgX3q6yezE6E3nkHDwhb1waRI53WZIMnRVszVoiC8XeeUEq_utp.Ngppzk6eDTcgS3yhTHqSDIRvLAFCbFEhfL3G0ZuOyawX3mvAsgC5b6QsB6D8ph3tqseExetWS
.yandex.ru/ Name: yuidss
Value: 7059113121733465451
.yandex.ru/ Name: yabs-vdrf
Value: A0
.weborama.fr/ Name: AFFICHE_W
Value: -jgl29d0dyr@91
.hybrid.ai/ Name: vid
Value: 4a4a94713860c8071048
.mts.ru/ Name: ma_last_sync
Value: 1733465454212
.mts.ru/ Name: ma_id
Value: 2586676651733465454212
.acint.net/ Name: test_cookie
Value: CheckForPermission
.acint.net/ Name: aid
Value: fwAABGdSlW468S4+M/h5AnT9teZn8Em6lKYBGenmcmwmDmBc
.tns-counter.ru/ Name: guid
Value: 0045072F6752956EX1733465454
.betweendigital.com/ Name: dc
Value: was1
.betweendigital.com/ Name: tuuid
Value: 4a5102b5-fd8f-5355-8e67-75bee935e0d0
.betweendigital.com/ Name: ss
Value: 1
.acint.net/ Name: cSyncDp14v4
Value: 1733465454
.betweendigital.com/ Name: ut
Value: Z1KVbgAIlzjp-ZbhmmJPMFSDIO_UxJ7Nnt-I7Q==
.360yield.com/ Name: tuuid
Value: aa066e1f-e11b-4293-971d-b3d9fc8a958c
.360yield.com/ Name: tuuid_lu
Value: 1733465454
.dsp.mpartner.digital/ Name: dmp
Value: dystsqkzrCtkSQUTwZuoVCxStXlANEJR
mc.yandex.ru/ Name: yabs-sid
Value: 1078283731733465454
.yandex.ru/ Name: ymex
Value: 2048825454.yrts.1733465454
.ssp-rtb.sape.ru/ Name: sspuid
Value: CkIDPWdSlW8oqwIvid7TAgXUhN7WBTiBRXLxWl9mXLHVmnnh
.yandex.ru/ Name: bh
Value: EkEiR29vZ2xlIENocm9tZSI7dj0iMTMxIiwgIkNocm9taXVtIjt2PSIxMzEiLCAiTm90X0EgQnJhbmQiO3Y9IjI0IioCPzA6ByJMaW51eCJg76rKugZqGdzK6YgO8qy3pQv7+vDnDev//fYP0+zMhwg=
.targetads.io/ Name: _TADUID
Value: 6964918129303721271
.uuidksinc.net/ Name: jcsuuid
Value: qJ9YHUzHqhCWS4Frhf8j
.bumlam.com/ Name: suuid3
Value: IiRkYWU0YzQ1Mi1iMzk4LTExZWYtOWNmYS0wMDI1OTBjODI0MzY*
.adhigh.net/ Name: gi_u
Value: u64jNaMyn6By.AikABlGTmpe_FQ
.adhigh.net/ Name: yandexssp_sync
Value: L7Ux
.otm-r.com/ Name: mpid
Value: Njc1Mjk1NzAwNjE1MjM0Yg==
sync.gonet-ads.com/ Name: chk
Value: 1
.gonet-ads.com/ Name: pid
Value: Njc0NTMwNWUyMjY0ZTMwNA
.upravel.com/ Name: session_tptc
Value: 1733465457361
.upravel.com/ Name: user_id
Value: b562d030-fef9-4d8a-b788-525db1e32cb7

1 Console Messages

Source Level URL
Text
rendering warning URL: https://1275.ru/ioc/1112/cuba-ransomware-apt-iocs/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0A01C0034210000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1275.ru
an.yandex.ru
avatars.mds.yandex.net
favicon.yandex.net
mc.yandex.ru
moderate3-v4.cleantalk.org
waos-soft.ru
yandex.ru
yastatic.net
104.21.36.85
172.67.140.84
178.154.131.215
178.154.131.217
213.180.204.90
5.255.255.77
87.250.247.181
87.250.250.119
88.198.153.60
93.158.134.36
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
0665feb4b4bd2948c855c55381634733cd7eb8f98bd3c1fdfa7889783f644064
0f14b8328155a89c17a34164e6c72007931577e49b403879cb4166844f903664
162ea9885c6f5016ef29bb4c55cf02e5f64b03de1fecf59c10d9941a1bc1823b
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2
197224fde0ccd66576a6e4e774a9dcc925e16c5af9f7af4bb77ba493cc9c4372
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031
2fdf5f9a856940c379e8cc777e289f5b58d179a3edb5ef3e1e0cff46f7dd670c
30d219fdd2c143bf6199edb608a596f51e3bb692e5cd8803057a0c478a9140a3
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
3cb8a8965209551d80db7fc489c0d69756c6e56cf7146fed44e213fff8d69097
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146
48f5d226f594cfbd8b043826374650bc4d65bafa390b17d34a0d1886b8e8d09a
5178676c00ad6f11e9f3a1dff9d68ae2151b96036ba549e77eda6b236e903870
5195cbc0c22eaedc8df45ca744e89a2ee87932e43771330686cf5e5279290e83
53c49a3cfb39f581720c3eadcf40b011299dd1bae8a6c8a7fc85fbf49d6986ba
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
550492c522111c892a16b7eae43a91b82a76733938f2e11acd823b78c23a27de
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d
6bc1776eb68e98de70fd1caf4f89e65be2a9315aad1352b46274d148508e31fd
6cc09f68a3586bd2652fec2f4781629012ca03a5485f1157e55bc8543c610a5b
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b
765675f05ae98cc3a35c4bd21380eb79429c46e3df30789b647efe24bae7d905
7b69bf9294fc240b3861c23bf36eeca95ab0d4623f63e8cdf3e613bbd5682361
8a79f27281dddd51d196f7775d51ceb2667c326c669a20628bc75a1bde15ce73
8db6217d64d1013bb8e862dbd57cd8c0dcde72b19c6c76a39d7fe2d500c35513
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee
b6898945c1cd627102a395524e84b7b9a80cdce29286005498fd9710c69764df
ba4be648e180af840eba117f20203084f95b9933d9eda25650b1a52d4cc7b054
c0f68f55f98f7857f56e7b9b1d8370348c717dad771e8aa3e599e067224fd124
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d5a55592f4a6876494b954640a81ed7afdd761d01be51ed05862a8ef69b1a589
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3
d65b9052da404bbc8a8c4c65c8a9dc51a458f9affe03b84387c497ae5fdcb63a
d913cbed84d37080dc6aa446c41f76b3a230ac810af1199d6350779882807edf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9146e3b38f8057e805ef96dc943a9f0ab6e197bfd709005d955d9b7eb7f3e69
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9358d5e45da633fa5b49ab842e1c3451473a0fe9b39a40d6eb649684266e114
f97690a1a2151e1cffa137e78461c2fd620f5b48eac09297d47fd5503f5df43c
fd057d7db4c5263a87501a7d8a59729dcaa1496e669def1f418cae4c817a1a8f
fde30968056d44b85605ca3f68a6c1a82cd3b4458570a1ba225e33dcad1c34cb