reftrans161.ru/
91.189.114.22200 OK 13 kB IP 91.189.114.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2331), with CRLF, LF line terminators
Hash c092f56d6132167be66aec8d570040f8
19c3659f7f0ed1ca2e4b39528e1e96a74789338e
fdccc220af8d470eee2524a9011ffa1a26283935f99bb6119d89ae6044cc8b62
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
ETag: 0951d9ed958bfe72f46d7bf1193517fa
Expires: Fri, 07 Jun 1974 04:00:00 GMT
Last-Modified: Wed, 05 Oct 2022 16:41:48 GMT
X-Bitrix-Composite: Cache (200)
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: b03F0WFJTrAhq5bAOnXq8j68mK65DBx6olllUqP2igfY_gc8QUH0Uw==
Age: 49623
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7536
Expires: Thu, 06 Oct 2022 07:39:57 GMT
Date: Thu, 06 Oct 2022 05:34:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13851
Expires: Thu, 06 Oct 2022 09:25:12 GMT
Date: Thu, 06 Oct 2022 05:34:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fVwv7MLV07TiBF/JyQ6w6CmLM5o2+6RCDGJUnv64h840iYJneKrfc/zf2yLIaSox2MMWLgJOnAQ=
x-amz-request-id: 0H5HSY9CX6H39EB8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 04:58:37 GMT
age: 2144
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
reftrans161.ru/bitrix/js/main/core/css/core.min.css?15845330382854
91.189.114.22200 OK 839 B URL HTTP/1.1 reftrans161.ru/bitrix/js/main/core/css/core.min.css?15845330382854
IP 91.189.114.22:0
File type ASCII text, with very long lines (2854), with no line terminators
Hash 3065841f990a3a924dceb5ca2eabe9cb
f79f2c9078fe9064a7414e446dbf3075ff3b59c6
fb2cfe1400d508567e4d88e8255ea09872d459915cd097c6b4131845524e4b2d
Analyzer Verdict Alert fortinet Malware
GET /bitrix/js/main/core/css/core.min.css?15845330382854 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:58 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2e-b26"
Content-Encoding: gzip
reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/kernel_main/kernel_main_v1.js?165421509010092
91.189.114.22200 OK 3.0 kB URL HTTP/1.1 reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/kernel_main/kernel_main_v1.js?165421509010092
IP 91.189.114.22:0
File type ASCII text, with very long lines (9732)
Hash d32e128e374fb8f6ae2eea90ec34b5ac
bbff42eabd0da9a9a246798f738b9dac2c038a25
a036eeffe933949ecd0e2037955eb3aa854ab5b0fde7770a4ed68c76b9613fdb
GET /bitrix/cache/js/s1/aspro-allcorp/kernel_main/kernel_main_v1.js?165421509010092 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 00:11:30 GMT
Vary: Accept-Encoding
ETag: W/"629951b2-276c"
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 05:34:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/kernel_main_polyfill_customevent/kernel_main_polyfill_customevent_v1.js?16542150901051
91.189.114.22200 OK 1.1 kB URL HTTP/1.1 reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/kernel_main_polyfill_customevent/kernel_main_polyfill_customevent_v1.js?16542150901051
IP 91.189.114.22:0
File type ASCII text, with very long lines (502)
Hash 1b05e8e90a7cb79fe8079fa903e08f48
5b82c7b0e5aa564d67769d9f262ca65fad81bc2c
c1ef1ef6c8417c01fae4c90ace039e4e2f25d814edb855bcbd8144d768847ce9
GET /bitrix/cache/js/s1/aspro-allcorp/kernel_main_polyfill_customevent/kernel_main_polyfill_customevent_v1.js?16542150901051 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Content-Length: 1051
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 00:11:30 GMT
ETag: "629951b2-41b"
Accept-Ranges: bytes
reftrans161.ru/bitrix/js/main/core/core_ls.min.js?15845330387365
91.189.114.22200 OK 2.0 kB URL HTTP/1.1 reftrans161.ru/bitrix/js/main/core/core_ls.min.js?15845330387365
IP 91.189.114.22:0
File type ASCII text, with very long lines (7329)
Hash ed9b7e41b54d9728c067f439f4047545
3baa017267f65692a3e9e2457b1738734a126f15
1046a03435066f9a238398c6924eb10d97bf27eba69b86c4f8caf0af1d6ec67e
Analyzer Verdict Alert fortinet Malware
GET /bitrix/js/main/core/core_ls.min.js?15845330387365 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:58 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2e-1cc5"
Content-Encoding: gzip
reftrans161.ru/bitrix/js/main/core/core_frame_cache.min.js?158453303810422
91.189.114.22200 OK 3.5 kB URL HTTP/1.1 reftrans161.ru/bitrix/js/main/core/core_frame_cache.min.js?158453303810422
IP 91.189.114.22:0
File type ASCII text, with very long lines (10377)
Hash d1e4b6f49b9f303d63da448bc77bde30
23493758bbd001281fd7d3e47dbe49c509a37433
0434b34429a6fd66ac635bf442c0a1d0bc039681070e4b91b0eb7191ee49c13d
Analyzer Verdict Alert fortinet Malware
GET /bitrix/js/main/core/core_frame_cache.min.js?158453303810422 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:58 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2e-28b6"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reftrans161.ru/bitrix/js/main/ajax.js?158453303835509
91.189.114.22200 OK 8.4 kB URL HTTP/1.1 reftrans161.ru/bitrix/js/main/ajax.js?158453303835509
IP 91.189.114.22:0
Hash f94e849e5cd0e07695937a6d9bb7286b
7f64176da498f5a932415a2db493a909501c47f9
ee1e8629207b5aa76afad849b9d390bddfb8c7eb36ddeb5c4860175521c135fe
Analyzer Verdict Alert fortinet Malware
GET /bitrix/js/main/ajax.js?158453303835509 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:58 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2e-8ab5"
Content-Encoding: gzip
reftrans161.ru/bitrix/js/ui/dexie/dist/dexie.bitrix.bundle.min.js?158453303760287
91.189.114.22200 OK 19 kB URL HTTP/1.1 reftrans161.ru/bitrix/js/ui/dexie/dist/dexie.bitrix.bundle.min.js?158453303760287
IP 91.189.114.22:0
File type ASCII text, with very long lines (60239)
Hash 83685751a1ca15a9523ec5ef24e7c199
faad5f4baad95d284d596b930861b77a8a1df3fb
eac68aef82bc46bfb54f9ab7af7c6fdd924355730b6c4536db926dc2bdfa683c
GET /bitrix/js/ui/dexie/dist/dexie.bitrix.bundle.min.js?158453303760287 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:57 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2d-eb7f"
Content-Encoding: gzip
reftrans161.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?158453303993637
91.189.114.22200 OK 34 kB URL HTTP/1.1 reftrans161.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?158453303993637
IP 91.189.114.22:0
File type ASCII text, with very long lines (65482)
Hash f19775604ba1382654b913b51fa09e30
353da1b9db009be808b43e465bbc2ab85e852d88
c0908bf1dc52529cc1520703c500124ac8c10e681eee55d52d561b5f346921ca
GET /bitrix/js/main/jquery/jquery-1.8.3.min.js?158453303993637 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:59 GMT
Vary: Accept-Encoding
ETag: W/"5e720e2f-16dc5"
Content-Encoding: gzip
reftrans161.ru/bitrix/cache/css/s1/aspro-allcorp/template_ce6474ad160ea114cf5e809c14e09bc7/template_ce6474ad160ea114cf5e809c14e09bc7_v1.css?1654215119247290
91.189.114.22200 OK 42 kB URL HTTP/1.1 reftrans161.ru/bitrix/cache/css/s1/aspro-allcorp/template_ce6474ad160ea114cf5e809c14e09bc7/template_ce6474ad160ea114cf5e809c14e09bc7_v1.css?1654215119247290
IP 91.189.114.22:0
File type assembler source, ASCII text, with very long lines (540)
Hash f14388215317f246ce63fcf23808255b
206acf22fd25a3178f8d70b4e8b3b5cfe53d8688
264e485975461f6e9806b6711418a176c95923d621827928b1882fdfe308fa3a
Analyzer Verdict Alert fortinet Malware
GET /bitrix/cache/css/s1/aspro-allcorp/template_ce6474ad160ea114cf5e809c14e09bc7/template_ce6474ad160ea114cf5e809c14e09bc7_v1.css?1654215119247290 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 00:11:59 GMT
Vary: Accept-Encoding
ETag: W/"629951cf-3c5fa"
Content-Encoding: gzip
reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/template_427b51719868ca26d94fa42be09e7a9f/template_427b51719868ca26d94fa42be09e7a9f_v1.js?1654215090254154
91.189.114.22200 OK 75 kB URL HTTP/1.1 reftrans161.ru/bitrix/cache/js/s1/aspro-allcorp/template_427b51719868ca26d94fa42be09e7a9f/template_427b51719868ca26d94fa42be09e7a9f_v1.js?1654215090254154
IP 91.189.114.22:0
File type Unicode text, UTF-8 text, with very long lines (3396)
Hash dd88d5b7f9c960a025a0678f668c530a
49a20327f3e9533ebde724de4404bced0ea80a70
89f0adfb6ab15e1b4fa96d83c5aa3553923fe21dda2ba7cbdc1713d2fa35399b
GET /bitrix/cache/js/s1/aspro-allcorp/template_427b51719868ca26d94fa42be09e7a9f/template_427b51719868ca26d94fa42be09e7a9f_v1.js?1654215090254154 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 00:11:30 GMT
Vary: Accept-Encoding
ETag: W/"629951b2-3e0ca"
Content-Encoding: gzip
reftrans161.ru/upload/iblock/da7/da78d467de6384e6f94a98a834263aab.jpg
91.189.114.22200 OK 6.1 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/da7/da78d467de6384e6f94a98a834263aab.jpg
IP 91.189.114.22:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 250x187, components 3\012- data
Hash 0f5bd496d95d5ded3a5112798d253ec3
e31c362f52974bb74af8db89c7893489d8df58e6
c856749d1a4af9f6cb41f20f78d234df7d5cc4ff86c0623193b130a032fa69fb
GET /upload/iblock/da7/da78d467de6384e6f94a98a834263aab.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 6117
Connection: keep-alive
Last-Modified: Tue, 19 Oct 2021 20:58:52 GMT
ETag: "616f318c-17e5"
Accept-Ranges: bytes
reftrans161.ru/bitrix/templates/aspro-allcorp/themes/color5/images/logo.png
91.189.114.22200 OK 22 kB URL HTTP/1.1 reftrans161.ru/bitrix/templates/aspro-allcorp/themes/color5/images/logo.png
IP 91.189.114.22:0
File type PNG image data, 234 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash a5663c5df9acf658fa01d7012e569ea0
ce1551e509b75f3acfb41dc1972e27b03efcb9bf
1d8aeb1a824d07075685989a662bbc70fb5be3714f46e5c367d593d4c6eb9056
GET /bitrix/templates/aspro-allcorp/themes/color5/images/logo.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 21967
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-55cf"
Accept-Ranges: bytes
reftrans161.ru/upload/iblock/310/31073dfb6eb675bb17808517517761f3.jpg
91.189.114.22200 OK 26 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/310/31073dfb6eb675bb17808517517761f3.jpg
IP 91.189.114.22:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95", baseline, precision 8, 250x187, components 3\012- data
Hash 89f51ec592f150768aa7eb880a0ccf14
68ad0b11ecd481a806384ae259964a9456ab024e
9ccf538a3849dd16f1ea512a8f7c6c261347751f5c827aa6183a43b0a60f687a
GET /upload/iblock/310/31073dfb6eb675bb17808517517761f3.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 25771
Connection: keep-alive
Last-Modified: Fri, 26 Mar 2021 13:52:36 GMT
ETag: "605de724-64ab"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reftrans161.ru/upload/iblock/d83/d836ac4570c2b8f6572b386df96ef47b.jpg
91.189.114.22200 OK 6.1 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/d83/d836ac4570c2b8f6572b386df96ef47b.jpg
IP 91.189.114.22:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 250x187, components 3\012- data
Hash 0f5bd496d95d5ded3a5112798d253ec3
e31c362f52974bb74af8db89c7893489d8df58e6
c856749d1a4af9f6cb41f20f78d234df7d5cc4ff86c0623193b130a032fa69fb
GET /upload/iblock/d83/d836ac4570c2b8f6572b386df96ef47b.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 6117
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 19:05:37 GMT
ETag: "61fc2781-17e5"
Accept-Ranges: bytes
reftrans161.ru/upload/iblock/cb7/cb7372a235d6ff2904670903e53ba8d3.png
91.189.114.22200 OK 123 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/cb7/cb7372a235d6ff2904670903e53ba8d3.png
IP 91.189.114.22:0
File type PNG image data, 520 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 123 kB (123128 bytes)
Hash 210aae3e47be6e9ca0a5088b2c621d48
de84ab4582a72575600ac75b78584d86dcaa6a76
4e4583fefad40103ba2a9b30dbc69334035f84a93e568084493c38801b74500b
GET /upload/iblock/cb7/cb7372a235d6ff2904670903e53ba8d3.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 123128
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-1e0f8"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,cyrillic-ext
142.250.74.10200 OK 1.9 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,cyrillic-ext
IP 142.250.74.10:0
File type ASCII text, with very long lines (2864)
Hash a6ca10a6e7f9fc3033479979cb42a992
60efcb9a13af4332d80eeeff1833096b1f9041ba
dd9ee71ca3e17898d52a74ec6ef6e3267a1a0bb6580b07bec6871610e9695942
GET /css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,cyrillic-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 05:34:22 GMT
date: Thu, 06 Oct 2022 05:34:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
reftrans161.ru/upload/iblock/d24/d24e3d65a42cf67a9f193c29d620e3e3.png
91.189.114.22200 OK 298 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/d24/d24e3d65a42cf67a9f193c29d620e3e3.png
IP 91.189.114.22:0
File type PNG image data, 520 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 298 kB (297510 bytes)
Hash 6e5373b1bcd0c96472d0a39544cd6c97
08130a7a855f52ebf9beef351540e6ad7f125381
2b5c5002863ae07b9aca4ba93cf8a76d2adcd6d00211f01eb4e0a9de0a5fc5ae
GET /upload/iblock/d24/d24e3d65a42cf67a9f193c29d620e3e3.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 297510
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-48a26"
Accept-Ranges: bytes
reftrans161.ru/upload/iblock/b83/b83d96b73451bcae07f68861b2e7757d.png
91.189.114.22200 OK 342 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/b83/b83d96b73451bcae07f68861b2e7757d.png
IP 91.189.114.22:0
File type PNG image data, 553 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 342 kB (342240 bytes)
Hash 3ea05ae273f6ab47d104e1dd9f536395
0f2f05b9f94a0718c7f29dae6d502c25bcf1eb18
e4794520aa1072ada73145c163b8d9aa3f01ff3c67a818653a20b9aefe65f2aa
GET /upload/iblock/b83/b83d96b73451bcae07f68861b2e7757d.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 342240
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-538e0"
Accept-Ranges: bytes
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 924f50fb91e9d052edb04ba9970e089e
f7b373789480ac37ee0322f063c8653c381b1d2e
e1cacc103650018ae26713fe06523f285a517c89369ae31d00165d71a8ac79cd
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 10 Oct 2022 04:11:38 GMT
ETag: "f7b373789480ac37ee0322f063c8653c381b1d2e"
Last-Modified: Thu, 06 Oct 2022 04:11:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755c070d69d70afa-OSL
metrika-informer.com/informer/67403560/2_1_FFFFFFFF_EFEFEFFF_0_pageviews
149.5.244.82200 OK 1.4 kB URL HTTP/2 metrika-informer.com/informer/67403560/2_1_FFFFFFFF_EFEFEFFF_0_pageviews
IP 149.5.244.82:0
File type PNG image data, 80 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash a757f67fcf085e5c51f50225b53e93be
0c9434be87b0ad21b037c4bdedc19e76d7fa0e3a
6f4acb980a21c573ce22639d0e42eb28cb95d3b4409cc21cf0cab04e8ad1dce6
GET /informer/67403560/2_1_FFFFFFFF_EFEFEFFF_0_pageviews HTTP/1.1
Host: metrika-informer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 1437
last-modified: Thu, 06-Oct-2022 05:34:22 GMT
content-type: image/png
pragma: no-cache
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:22 GMT
X-Firefox-Spdy: h2
reftrans161.ru/bitrix/tools/composite_data.php
91.189.114.22200 OK 218 B URL HTTP/1.1 reftrans161.ru/bitrix/tools/composite_data.php
IP 91.189.114.22:0
File type ASCII text, with very long lines (303), with no line terminators
Hash e6b6bd8e89340a96bb892da1e2f86aaa
d1aa776bd0fe4916f1850d52dd8d1bc55b1688b3
144e74760545fc29f9ee503e6f8812fafaa9d6b901c76a7b00dda4d8109b175d
Analyzer Verdict Alert fortinet Malware
GET /bitrix/tools/composite_data.php HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Bx-ajax: true
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 218
Connection: keep-alive
X-Powered-By: PHP/7.2.34
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (1df5a763b3544a61acb0f4d1bb2fdf43)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
bitrix.info/ba.js
99.81.218.191200 OK 3.0 kB IP 99.81.218.191:0
File type ASCII text, with very long lines (6659), with no line terminators
Hash 3f4ae6a3d97c2564a0e5c02e1ebdf4f8
df7bad29a1e8c70f9e27467e73a1a3a894055cdf
0d65b327ff4539fbcdc2d773ee883fd832b37aca69352141a731cae2e46844e5
GET /ba.js HTTP/1.1
Host: bitrix.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Last-Modified: Wed, 19 May 2021 09:38:44 GMT
ETag: W/"60a4dca4-1a03"
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: bx_user_id=faeb16995534b86675f7f7dd93f6df76; expires=Sun, 03-Oct-32 05:34:22 GMT; path=/; domain=bitrix.info; SameSite=None; Secure
Access-Control-Allow-Origin: *
Expires: Sat, 08 Oct 2022 05:34:22 GMT
Cache-Control: max-age=172800
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
reftrans161.ru/bitrix/templates/aspro-allcorp/images/background.png
91.189.114.22200 OK 263 kB URL HTTP/1.1 reftrans161.ru/bitrix/templates/aspro-allcorp/images/background.png
IP 91.189.114.22:0
File type PNG image data, 1920 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 263 kB (263013 bytes)
Hash a150c42717967c39d953ba895c50e505
25e26a6537a9872b3467cb1e9b05c10a8e0b2a12
e03d7b12437016327bd10ed01ae034392ce247e38acc03924c00f0a33f99a798
GET /bitrix/templates/aspro-allcorp/images/background.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/bitrix/cache/css/s1/aspro-allcorp/template_ce6474ad160ea114cf5e809c14e09bc7/template_ce6474ad160ea114cf5e809c14e09bc7_v1.css?1654215119247290
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 263013
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-40365"
Accept-Ranges: bytes
reftrans161.ru/bitrix/templates/aspro-allcorp/css/fonts/font-awesome/fonts/fontawesome-webfont.woff?v=4.0.3
91.189.114.22200 OK 44 kB URL HTTP/1.1 reftrans161.ru/bitrix/templates/aspro-allcorp/css/fonts/font-awesome/fonts/fontawesome-webfont.woff?v=4.0.3
IP 91.189.114.22:0
File type Web Open Font Format, TrueType, length 44432, version 1.0\012- data
Hash 3293616ec0c605c7c2db25829a0a509e
04c3bf56d87a0828935bd6b4aee859995f321693
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
Analyzer Verdict Alert fortinet Malware
GET /bitrix/templates/aspro-allcorp/css/fonts/font-awesome/fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://reftrans161.ru/bitrix/cache/css/s1/aspro-allcorp/template_ce6474ad160ea114cf5e809c14e09bc7/template_ce6474ad160ea114cf5e809c14e09bc7_v1.css?1654215119247290
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: font/woff
Content-Length: 44432
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-ad90"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:55 GMT
expires: Sun, 01 Oct 2023 03:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 440727
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reftrans161.ru/bitrix/images/main/composite/sprite-1x.png
91.189.114.22200 OK 2.3 kB URL HTTP/1.1 reftrans161.ru/bitrix/images/main/composite/sprite-1x.png
IP 91.189.114.22:0
File type PNG image data, 42 x 124, 8-bit/color RGBA, non-interlaced\012- data
Hash 2f32394cd97fd6d44d1314e317fa2832
2013c6d313f668dc7ba865f02efde2ffb8a5cc82
edce40b9e973e67feecac20662231479305d283cfb2578c121d9d7b71bbf630b
GET /bitrix/images/main/composite/sprite-1x.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/png
Content-Length: 2325
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:03:56 GMT
ETag: "5e720e2c-915"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
151.101.85.229200 OK 84 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 5df383641efa0a3ba4302c7fec8d6394
f0cec22d20f41110ab644ee246201cb8787379b0
10fb3cdc6d2cbc33aa86bd81a8325449c04d227555a8a9f504deb8cfb0f16e91
GET /npm/yandex-metrica-watch/tag.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.245.0
x-jsd-version-type: version
etag: W/"33a2f-8LAWo/m1uPKVR6/desBN4giRHHM"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 06 Oct 2022 05:34:22 GMT
age: 30200
x-served-by: cache-fra19157-FRA, cache-bma1625-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 83822
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
216.58.207.195200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Hash 4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 19:01:39 GMT
expires: Tue, 03 Oct 2023 19:01:39 GMT
cache-control: public, max-age=31536000
age: 210763
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reftrans161.ru/upload/iblock/d1b/d1b62acfeebc101d3d05ba1065a56c23.jpg
91.189.114.22200 OK 288 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/d1b/d1b62acfeebc101d3d05ba1065a56c23.jpg
IP 91.189.114.22:0
File type JPEG image data, baseline, precision 8, 1920x400, components 3\012- data
Size 288 kB (288137 bytes)
Hash 417ab47c1e8444d835d1c3c44e5c606c
06beeba49196a4b494dc6c1271eda78f50e3c53b
d46fa6184f0e48dc5c052c22c04446c40767f6567b7707718f42b77ba385c01a
GET /upload/iblock/d1b/d1b62acfeebc101d3d05ba1065a56c23.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 288137
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-46589"
Accept-Ranges: bytes
reftrans161.ru/bitrix/templates/aspro-allcorp/asprobanner.php
91.189.114.22404 Not Found 1.1 kB URL HTTP/1.1 reftrans161.ru/bitrix/templates/aspro-allcorp/asprobanner.php
IP 91.189.114.22:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash f47ac2c4dcf87de8b472d9a0ce10ec72
6043f8c97348fdfee7c9a7ea83905dd86d83aabb
3b622416e2c8bae1b5ebd047f7a87215940ded6e476a51620cf82d74f2370222
Analyzer Verdict Alert fortinet Malware
POST /bitrix/templates/aspro-allcorp/asprobanner.php HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null
Content-Length: 0
HTTP/1.1 404 Not Found
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.34
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (1df5a763b3544a61acb0f4d1bb2fdf43)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
bitrix.info/bx_stat
99.81.218.191406 Not Acceptable 10 B IP 99.81.218.191:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 190f0ca90ef9d8f401ed505b8e377411
12ad51bbdfcc081a984bbff898a0d47cc29a61dc
bb54369234516c2f2469a9989fce0f73145879defec57a2b276b5b1e0bf92336
POST /bx_stat HTTP/1.1
Host: bitrix.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 247
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 406 Not Acceptable
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Access-Control-Allow-Origin: http://reftrans161.ru
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash df77afb1b42fcd8804991af98cb72bd8
b809a687828dd5d93a40aa208e1a7c13073f06ac
f33dd8a205e4cdf61fc043a44985350016d21a065d685f3b8aeba78a35a4586f
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "B6F9BB1957B041A9C4196D7BA0AFB0E3EF850BCC"
Expires: Thu, 06 Oct 2022 16:00:00 GMT
Last-Modified: Thu, 06 Oct 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1978
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755c070fab160afa-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Thu, 06 Oct 2022 05:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 06 Oct 2022 05:58:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O5_a6PtPoH58LcjNW7GbOh8ONS3xfEiAPPRqMMmRsoHtkH1xYmxPBQ==
Age: 281
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 899
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:22 GMT
Last-Modified: Thu, 06 Oct 2022 05:19:23 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
reftrans161.ru/favicon.ico
91.189.114.22200 OK 2.3 kB URL HTTP/1.1 reftrans161.ru/favicon.ico
IP 91.189.114.22:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 63x63, components 3\012- data
Hash 3ae4a8002dae5762e580a54f9ebc6e7e
4e21e4f282729f0d87e260972357aaa9391558e2
f8668977620993988d530b48990734e53738883d5149880416a21874a42022ac
GET /favicon.ico HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/x-icon
Content-Length: 2266
Connection: keep-alive
Last-Modified: Fri, 20 Mar 2020 08:53:30 GMT
ETag: "5e74848a-8da"
Accept-Ranges: bytes
reftrans161.ru/favicon_72.png
91.189.114.22404 Not Found 8.5 kB URL HTTP/1.1 reftrans161.ru/favicon_72.png
IP 91.189.114.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1186), with CRLF, LF line terminators
Hash 986cf914998125d5b6e0b10b728d48a9
45b35c4b0111066d6219c907d139a4fe05156849
4734dca2f4427a4ade0d8a099f32d54b77b33d1884c24e4eca483202efe28a79
GET /favicon_72.png HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null
HTTP/1.1 404 Not Found
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (1df5a763b3544a61acb0f4d1bb2fdf43)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
cleversite.ru/cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678
178.248.233.13301 Moved Permanently 169 B URL HTTP/1.1 cleversite.ru/cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678
IP 178.248.233.13:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f78ab64a4362dade42d94a01665e7448
d688f9b762cb95a3300d7231f26b6fb0ca23f822
8da45d3c6bbf8581d4bc8985a7331a369c92fd9a1124e5e28da83bf91125eb09
GET /cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678 HTTP/1.1
Host: cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 301 Moved Permanently
Server: QRATOR
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://cleversite.ru/cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678
reftrans161.ru/upload/iblock/c6b/c6b35f5a4c2f830950da29c3593fc41f.jpg
91.189.114.22200 OK 64 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/c6b/c6b35f5a4c2f830950da29c3593fc41f.jpg
IP 91.189.114.22:0
File type JPEG image data, baseline, precision 8, 1920x400, components 3\012- data
Hash a0d82e94a5d4343261adb702fa84fe85
e03f41b8acf86ba8f5801a6ad88873fc4c3d412f
a62f12c71ca3aa03a5366f7030d6152dccb1b3d09cd02f7366b19735bb2ffedc
GET /upload/iblock/c6b/c6b35f5a4c2f830950da29c3593fc41f.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null; _ym_uid=1665034463801148409; _ym_d=1665034463
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 64204
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-facc"
Accept-Ranges: bytes
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 6509a69987b1b7d99f37ea9b2d4321e4
f5e5200dd9d2dee184358e4aeceb5fab2be7d2c5
83d5c580896c43ee2815e80cb3250e988cad8084563e792d1e2fc847be0f9aa6
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 05:34:23 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 10 Oct 2022 04:28:14 GMT
ETag: "f5e5200dd9d2dee184358e4aeceb5fab2be7d2c5"
Last-Modified: Thu, 06 Oct 2022 04:28:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2183
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755c0711bc4d0afa-OSL
reftrans161.ru/upload/iblock/718/71849fc1c61ae411bd29b4778ae8b8d9.jpg
91.189.114.22200 OK 512 kB URL HTTP/1.1 reftrans161.ru/upload/iblock/718/71849fc1c61ae411bd29b4778ae8b8d9.jpg
IP 91.189.114.22:0
File type JPEG image data, baseline, precision 8, 1920x400, components 3\012- data
Size 512 kB (512056 bytes)
Hash cc43734ddd8f139fc12a9e88facce34d
101177ff3fe5c211a1d35562a8943ba951213932
1caadaf0987c76e2a245d4a395024966a75a73862874fc636ffec1ab26aeb56b
GET /upload/iblock/718/71849fc1c61ae411bd29b4778ae8b8d9.jpg HTTP/1.1
Host: reftrans161.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
Cookie: PHPSESSID=d443527a85106f5781d569b498a3aafb; _ym_debug=null; _ym_uid=1665034463801148409; _ym_d=1665034463
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 06 Oct 2022 05:34:22 GMT
Content-Type: image/jpeg
Content-Length: 512056
Connection: keep-alive
Last-Modified: Wed, 18 Mar 2020 12:04:17 GMT
ETag: "5e720e41-7d038"
Accept-Ranges: bytes
push.services.mozilla.com/
54.148.242.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.242.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bSkssvZCvHVFhcSN/5gv9w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: R9ISQjthrxtxlllkIRyjliDQ2fg=
mc.yandex.ru/watch/67403560/1?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/67403560/1?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash b0188249a6a87eee204ec754d00bb138
3418b36b219b844961b35fb4d54a67dcf024ae1c
c2d04c3f927973133e0694ef957aa5f6a6021d432f927612b3e85caf6ba3c271
GET /watch/67403560/1?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://reftrans161.ru
Referer: http://reftrans161.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Thu, 06 Oct 2022 05:34:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:23 GMT
last-modified: Thu, 06-Oct-2022 05:34:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash adeaaec583a77ee0aa3a17eb82801489
45688e24c0014364fb82d0e5fa276f0a57dee7c0
bc4395686a01aa00cd0b0fdb23baa8ff076f8d5b67c27c42f68f01a6e59f9566
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 774
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 05:34:23 GMT
Last-Modified: Thu, 06 Oct 2022 05:21:29 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:23 GMT
access-control-allow-origin: *
etag: "633be002-2b"
expires: Thu, 06 Oct 2022 06:34:23 GMT
accept-ranges: bytes
last-modified: Tue, 04 Oct 2022 10:25:54 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cleversite.ru/cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678
178.248.233.13200 OK 260 B URL HTTP/1.1 cleversite.ru/cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678
IP 178.248.233.13:0
Hash 9ff61c668dc11b74ccb8b45e732afd80
605c9cd37865221ccfe4df6de0612eef248cfe04
37a331beb26618a868469f0dd984a15a921101604d863649021cbd0fc6f1fd56
GET /cleversite/widget_new.php?supercode=1&referer_main=&clid=74541EDYeE&siteNew=96678 HTTP/1.1
Host: cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://reftrans161.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: QRATOR
Date: Thu, 06 Oct 2022 05:34:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Thu, 06 Oct 2022 05:34:15 GMT
X-Powered-CMS: Bitrix Site Manager (a0de1128e3166103cf84e257ecc0de45)
Cache-Control: no-store, no-cache, must-revalidate
Set-Cookie: PHPSESSID=m702coppg7s5near31rli7nhpo; path=/; HttpOnly; Secure
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Clever-Server: web01
X-Clv-Server: backend
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-By: PHP/7.2.34
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3142
Expires: Thu, 06 Oct 2022 06:26:45 GMT
Date: Thu, 06 Oct 2022 05:34:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3142
Expires: Thu, 06 Oct 2022 06:26:45 GMT
Date: Thu, 06 Oct 2022 05:34:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3142
Expires: Thu, 06 Oct 2022 06:26:45 GMT
Date: Thu, 06 Oct 2022 05:34:23 GMT
Connection: keep-alive
widget.cleversite.ru/widget/74541/96678/
141.101.185.18301 Moved Permanently 169 B URL HTTP/1.1 widget.cleversite.ru/widget/74541/96678/
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f78ab64a4362dade42d94a01665e7448
d688f9b762cb95a3300d7231f26b6fb0ca23f822
8da45d3c6bbf8581d4bc8985a7331a369c92fd9a1124e5e28da83bf91125eb09
GET /widget/74541/96678/ HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://reftrans161.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:16 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://widget.cleversite.ru/widget/74541/96678/
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F913c841b-40a5-4fa4-bc55-0e9d1369640e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F913c841b-40a5-4fa4-bc55-0e9d1369640e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a508ac9cd743bec987b2a24454418265
8c7ecefe6908387e2128dc849a6ba857991ba0ab
afb2c2b51f2ce445ada599068901551beee594b15c152ed7551ab7a8835dde6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F913c841b-40a5-4fa4-bc55-0e9d1369640e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10809
x-amzn-requestid: db4d1d2a-05b8-403e-a7ca-8b8a6a0a4087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQb-HrTIAMFtNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfab2-74f184406a48e42c0ecc4ec9;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: tv80OXQUu13gDuuFESnEnXMuFdNBmGc1y592euL7QnfZW5PwJym9-g==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:53:39 GMT
age: 27644
etag: "8c7ecefe6908387e2128dc849a6ba857991ba0ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e949d36-f543-4757-9bc2-dbfc1a880438.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e949d36-f543-4757-9bc2-dbfc1a880438.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e2d931d10ab5596a26616db46797f248
03bc7fa2fe6a4b291dc3ffb3ace50e21cf6478f4
15ac08b069bf5128c8def9d261ce1bd3834fbe7bbb17c49b69c07330a9f325fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e949d36-f543-4757-9bc2-dbfc1a880438.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7597
x-amzn-requestid: 1c7002f7-2369-4547-82ff-b873f7b055b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmFarIAMFTtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-785f9ddd7c8485be32388494;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: KNY8jwU3nt_M2VlKF03p36tg3HrBZe-CWkkHGmARnGEQF4KrWqZWOg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 33d72803ad26b392c1b578a2b1276580.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 04:06:02 GMT
age: 5301
etag: "03bc7fa2fe6a4b291dc3ffb3ace50e21cf6478f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e520f87cae411cfc2ed1c8a14184385
69ad212cb7ae309d4f02019552887135bfae67da
723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3lKuGlFCBN2wEsp9-Oa3ysQg62py090H30jy6_bR02Ufs0KGPrVC4w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:36:41 GMT
age: 28662
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6646df0-31a7-4c5a-8148-5fe9e20f3baf.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6646df0-31a7-4c5a-8148-5fe9e20f3baf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5958f828ccc16a41b22d9ae812bccfc
f350f295dd70152712162d4be5b3b5f0d12cde57
230d7d8e570e433d18ec53b6ca114e2a206e8c265c0c66d73388c49db5c91c64
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6646df0-31a7-4c5a-8148-5fe9e20f3baf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9338
x-amzn-requestid: 4ca2eb3c-eba4-43a4-b79a-89546da3d660
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQBfG7soAMF9cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa09-1b5bd53052718f620b920a00;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:41:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6pHftE0vUMqrH2NR_7DzrWlnD0yal7BkAfee7UeVG7DKZNEAYRa9HQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:45:26 GMT
age: 28137
etag: "f350f295dd70152712162d4be5b3b5f0d12cde57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 04:27:43 GMT
age: 4000
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7bcc50ecfeeca47de68cb437e966f29
e98c870fd29b56fa4c3847008bedc0f01f222744
47a82bb40ead4346323b68c886cb88528cb2162666e9549b2ab215b86a499985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8360
x-amzn-requestid: bd55219f-b8e2-4a03-a301-02cf9eab03e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLC-H0TIAMF2Uw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f212-7f1cc90d1e28f8170ce2f219;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UlO0u-eW8URZYj0kBAv35fJSQZ527l3IEUC28xUJlUVm9e7x5uaAiA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:44:49 GMT
age: 28174
etag: "e98c870fd29b56fa4c3847008bedc0f01f222744"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
widget.cleversite.ru/widget/74541/96678/
141.101.185.18200 OK 564 B URL HTTP/1.1 widget.cleversite.ru/widget/74541/96678/
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
Hash baf0236d74a13053f67e9be77853c1b8
185c874fb5e4333f4d532512bff133c25ecad6ce
69d35d6fead4d4e034c1de4e1f23f03271b6ea82950120f52242c5fe491ed08e
GET /widget/74541/96678/ HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://reftrans161.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Access-Control-Allow-Origin: *
Etag: W/"40f-EvW/+2wnppXdz12kKLG9xq5/ZzM"
X-Powered-By: Express
Content-Encoding: gzip
widget.cleversite.ru/static/clever-widget.umd.min.js
141.101.185.18200 OK 276 kB URL HTTP/1.1 widget.cleversite.ru/static/clever-widget.umd.min.js
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type Unicode text, UTF-8 text, with very long lines (62195), with CRLF, LF line terminators
Size 276 kB (276159 bytes)
Hash 3500299623bf42614ee425a1afcf86bc
64c938e20288f0de49acd0da5f1dcd9119f6117a
4117865de019af1b8b21f1a3e0b58410e1b54c2805b8438379c05ec5c2499008
GET /static/clever-widget.umd.min.js HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Content-Security-Policy: block-all-mixed-content
ETag: W/"55c53eff8729eb9efad700d860fcc16f"
Last-Modified: Thu, 29 Sep 2022 19:03:42 GMT
Vary: Origin
X-Amz-Request-Id: 171B64045F7E93A1
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
widget.cleversite.ru/config?clid=74541&site=96678&referer_main=http://reftrans161.ru/
141.101.185.18200 OK 3.3 kB URL HTTP/1.1 widget.cleversite.ru/config?clid=74541&site=96678&referer_main=http://reftrans161.ru/
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type Unicode text, UTF-8 text, with very long lines (10545)
Hash 8c5663e11643e72899fffa1911c4d030
28d98cf1989d6743769b4a8bf5d1a4e04b0f2c35
333f2b13f0c1a3572f2ba83e9cbbedf5f615ef24b49e9da1b86db3bd28236685
GET /config?clid=74541&site=96678&referer_main=http://reftrans161.ru/ HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:16 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Access-Control-Allow-Origin: *
Etag: W/"2af4-JlWo2+iaT4nBzCuKh+OajfqqOgA"
X-Powered-By: Express
Content-Encoding: gzip
widget.cleversite.ru/features?accountId=74541&billing_controllable[]=chat&billing_controllable[]=chat.file_transfer&billing_controllable[]=chat.co_browsing&billing_controllable[]=chat.rating&billing_controllable[]=chat.metrics&billing_controllable[]=chat.operators_groups&billing_controllable[]=chat.survey_form&billing_controllable[]=chat.offline_form&billing_controllable[]=chat.spy&billing_controllable[]=chat.menu_logo&billing_controllable[]=chat.user_button&billing_controllable[]=chat.visitor_detail&billing_controllable[]=chat.letter_to_director&billing_controllable[]=chat.agreement&billing_controllable[]=chat.standard_multi_button_text&billing_controllable[]=chat.social_integration&billing_controllable[]=call&billing_controllable[]=call.rating&billing_controllable[]=call.metrics&billing_controllable[]=invite&billing_controllable[]=invite.chat_invoke&billing_controllable[]=invite.call_invoke&billing_controllable[]=copyright_off
141.101.185.18200 OK 71 B URL HTTP/1.1 widget.cleversite.ru/features?accountId=74541&billing_controllable[]=chat&billing_controllable[]=chat.file_transfer&billing_controllable[]=chat.co_browsing&billing_controllable[]=chat.rating&billing_controllable[]=chat.metrics&billing_controllable[]=chat.operators_groups&billing_controllable[]=chat.survey_form&billing_controllable[]=chat.offline_form&billing_controllable[]=chat.spy&billing_controllable[]=chat.menu_logo&billing_controllable[]=chat.user_button&billing_controllable[]=chat.visitor_detail&billing_controllable[]=chat.letter_to_director&billing_controllable[]=chat.agreement&billing_controllable[]=chat.standard_multi_button_text&billing_controllable[]=chat.social_integration&billing_controllable[]=call&billing_controllable[]=call.rating&billing_controllable[]=call.metrics&billing_controllable[]=invite&billing_controllable[]=invite.chat_invoke&billing_controllable[]=invite.call_invoke&billing_controllable[]=copyright_off
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type JSON data\012- , ASCII text, with no line terminators
Hash 45c17549f4b9249d570fe66d71d06259
b9bddbfd6eeb8074ac16118d99e5e7291308ea58
6dd2a41cbebcf215a7434bdb0f2147451981f29809b356a564bc5361779f4377
GET /features?accountId=74541&billing_controllable[]=chat&billing_controllable[]=chat.file_transfer&billing_controllable[]=chat.co_browsing&billing_controllable[]=chat.rating&billing_controllable[]=chat.metrics&billing_controllable[]=chat.operators_groups&billing_controllable[]=chat.survey_form&billing_controllable[]=chat.offline_form&billing_controllable[]=chat.spy&billing_controllable[]=chat.menu_logo&billing_controllable[]=chat.user_button&billing_controllable[]=chat.visitor_detail&billing_controllable[]=chat.letter_to_director&billing_controllable[]=chat.agreement&billing_controllable[]=chat.standard_multi_button_text&billing_controllable[]=chat.social_integration&billing_controllable[]=call&billing_controllable[]=call.rating&billing_controllable[]=call.metrics&billing_controllable[]=invite&billing_controllable[]=invite.chat_invoke&billing_controllable[]=invite.call_invoke&billing_controllable[]=copyright_off HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:16 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Etag: W/"5c-ptU3xJaKOHLAno5L/D9W45/FQTE"
X-Powered-By: Express
Content-Encoding: gzip
widget.cleversite.ru/config/operator?clid=74541&site=96678&referer_main=http://reftrans161.ru/
141.101.185.18200 OK 658 B URL HTTP/1.1 widget.cleversite.ru/config/operator?clid=74541&site=96678&referer_main=http://reftrans161.ru/
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1130), with no line terminators
Hash 7605e0c1758731226d8823b5b47ba00f
1fbc342b2784b6b2d66d4702dfd673b198b99a5a
a274c839b97400a3d0b79b02d141dc487aeedde40d040b7c0b0bac1864e77e94
GET /config/operator?clid=74541&site=96678&referer_main=http://reftrans161.ru/ HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://reftrans161.ru/
Origin: http://reftrans161.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Access-Control-Allow-Origin: *
Etag: W/"51f-HOM+AJhR+i/De/E+YggwtPXHc/c"
X-Powered-By: Express
Content-Encoding: gzip
lb02.cleversite.ru/echo/info?session=e1621ae2-fe32-257a-6056-799d5e716948.96678&t=1665034464340
141.101.185.19200 OK 96 B URL HTTP/1.1 lb02.cleversite.ru/echo/info?session=e1621ae2-fe32-257a-6056-799d5e716948.96678&t=1665034464340
IP 141.101.185.19:0
ASN #204656 LLC ServiceCloud Plus
File type JSON data\012- , ASCII text, with no line terminators
Hash dc32922417f0e4f96a12aea84f1b9155
b40f3c4fb7eb72df3bffa5e3cbf0df1f47e9a226
f112de8d4fb1601af84965a3d85aa283ef81b9e7e706f4a8386922185a8d928b
GET /echo/info?session=e1621ae2-fe32-257a-6056-799d5e716948.96678&t=1665034464340 HTTP/1.1
Host: lb02.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:17 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://reftrans161.ru
Vary: Origin
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0
Content-Encoding: gzip
lb02.cleversite.ru/echo/444/n0wttjkf/websocket?session=e1621ae2-fe32-257a-6056-799d5e716948.96678
141.101.185.19101 Switching Protocols 0 B URL HTTP/1.1 lb02.cleversite.ru/echo/444/n0wttjkf/websocket?session=e1621ae2-fe32-257a-6056-799d5e716948.96678
IP 141.101.185.19:0
ASN #204656 LLC ServiceCloud Plus
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /echo/444/n0wttjkf/websocket?session=e1621ae2-fe32-257a-6056-799d5e716948.96678 HTTP/1.1
Host: lb02.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://reftrans161.ru
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VXK4v5xUjutDEisxRGs4ew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:17 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kFCfBKRWHxFc7OAuqhTJdeGsvyA=
widget.cleversite.ru/static/clever-widget.umd.min.0.js
141.101.185.18200 OK 20 kB URL HTTP/1.1 widget.cleversite.ru/static/clever-widget.umd.min.0.js
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type ASCII text, with very long lines (51938), with no line terminators
Hash 21cfb270442b96b9cc27f83880539d95
d67d2f215a89874b5c065872903fd3e42ee6f99e
e97de6ed0de5f766138743edcd54913ab523438a8f20c2163cb497c81c1962fc
GET /static/clever-widget.umd.min.0.js HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Content-Security-Policy: block-all-mixed-content
ETag: W/"3ff97646fd8d0f6ea937bdb9f2046a77"
Last-Modified: Thu, 29 Sep 2022 19:03:41 GMT
Vary: Origin
X-Amz-Request-Id: 171B6404D3EA8755
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
widget.cleversite.ru/static/clever-widget.umd.min.11.js
141.101.185.18200 OK 3.5 kB URL HTTP/1.1 widget.cleversite.ru/static/clever-widget.umd.min.11.js
IP 141.101.185.18:0
ASN #204656 LLC ServiceCloud Plus
File type ASCII text, with very long lines (20031), with no line terminators
Hash 91a988b89583346daa1de5810a2ffe87
acd52d51de7cabc5202b234a7500604a3620c5f3
514677979748e41458d6c07786a7bf87f7e8c3897752719261beb120aa76ab13
GET /static/clever-widget.umd.min.11.js HTTP/1.1
Host: widget.cleversite.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Thu, 06 Oct 2022 05:34:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=300
Content-Security-Policy: block-all-mixed-content
ETag: W/"e5b81571bd0b9397923caacd2cf33304"
Last-Modified: Thu, 29 Sep 2022 19:03:42 GMT
Vary: Origin
X-Amz-Request-Id: 171B6404D9194C77
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:28:55 GMT
expires: Thu, 05 Oct 2023 19:28:55 GMT
cache-control: public, max-age=31536000
age: 36330
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=443162123&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034466%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034466&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=443162123&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034466%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034466&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=443162123&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034466%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034466&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 158325
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:26 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:26 GMT
last-modified: Thu, 06-Oct-2022 05:34:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=820596987&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=820596987&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=820596987&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053426%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 54
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:26 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:26 GMT
last-modified: Thu, 06-Oct-2022 05:34:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=477591402&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053427%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=477591402&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053427%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=477591402&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034467%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053427%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034467&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 35450
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:27 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:27 GMT
last-modified: Thu, 06-Oct-2022 05:34:27 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=3&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=629583163&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034469%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053429%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034469&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=3&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=629583163&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034469%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053429%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034469&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=3&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=629583163&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034469%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053429%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034469&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 574
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:29 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:29 GMT
last-modified: Thu, 06-Oct-2022 05:34:29 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff35d320d-221e-46f6-ac6e-9c5b6e8ac6bc.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff35d320d-221e-46f6-ac6e-9c5b6e8ac6bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23e10c01392e4958e4a4f19573290da9
59ab1c451c388f7b57da52bf518eff15e0c584ff
ece0b872f33166fcc2816595fdf1348664d985131bc943cd4a543524dede0274
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff35d320d-221e-46f6-ac6e-9c5b6e8ac6bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12752
x-amzn-requestid: 3c32a029-08d0-4f98-a0e0-48a7e05242b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6sHXXIAMF-PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-176be5177b67ddc068060b19;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Fd-GenFshXS_4xdPngkYUddRi9jbvCOMHWmoGBHS-0hXW_DjEHYY3Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 04:38:21 GMT
etag: "59ab1c451c388f7b57da52bf518eff15e0c584ff"
content-type: image/jpeg
age: 3369
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wv-check=42200&wv-type=0&wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=598933614&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wv-check=42200&wv-type=0&wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=598933614&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wv-check=42200&wv-type=0&wmode=0&wv-part=1&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=598933614&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:30 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:30 GMT
last-modified: Thu, 06-Oct-2022 05:34:30 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=733610032&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=733610032&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=2&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=733610032&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 21
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:31 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:31 GMT
last-modified: Thu, 06-Oct-2022 05:34:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=4&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=292324650&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/67403560?wmode=0&wv-part=4&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=292324650&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/67403560?wmode=0&wv-part=4&wv-hit=547229892&page-url=http%3A%2F%2Freftrans161.ru%2F&rn=292324650&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1665034471%3Aw%3A1268x939%3Av%3A904%3Az%3A0%3Ai%3A20221006053430%3Au%3A1665034463801148409%3Avf%3Aat6op7b9z7b01ildvcz5k%3Awe%3A1%3Ast%3A1665034471&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 15
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 05:34:31 GMT
access-control-allow-origin: http://reftrans161.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:31 GMT
last-modified: Thu, 06-Oct-2022 05:34:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/67403560?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/67403560?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
GET /watch/67403560?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://reftrans161.ru
Connection: keep-alive
Referer: http://reftrans161.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /watch/67403560/1?wmode=7&page-url=http%3A%2F%2Freftrans161.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildvcz5k%3Afp%3A847%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A296106756067%3Ahid%3A547229892%3Az%3A0%3Ai%3A20221006053422%3Aet%3A1665034463%3Ac%3A1%3Arn%3A178513893%3Arqn%3A1%3Au%3A1665034463801148409%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C27%2C31%2C1%2C-6%2C0%2C%2C841%2C83%2C%2C%2C%2C965%3Ans%3A1665034461540%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665034463%3At%3A%D0%A0%D0%95%D0%A4%D0%A2%D0%A0%D0%90%D0%9D%D0%A1%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 05:34:23 GMT
access-control-allow-origin: http://reftrans161.ru
set-cookie: yandexuid=6595600691665034463; Expires=Fri, 06-Oct-2023 05:34:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6595600691665034463; Expires=Fri, 06-Oct-2023 05:34:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1773772021665034463; Path=/; SameSite=None; Secure
i=e93KFzxALtZ190HkPLJFVAXu4iWj5FkRFfUxbkeI6N5vyyndc4H8spkDGjHCGuEkHReRuryEgCGU5p8PgkboDhKxoCk=; Expires=Sun, 03-Oct-2032 05:34:22 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696570463.yrts.1665034463#1696570463.yrtsi.1665034463; Expires=Fri, 06-Oct-2023 05:34:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 05:34:23 GMT
last-modified: Thu, 06-Oct-2022 05:34:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2