GET steamcomnunilty.ru/wp-content/themes/shadink.com/css/blue.css?ver=4.9.23
200 OK 849 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/css/blue.css?ver=4.9.23
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type gzip compressed data, from Unix\012- data
Hash ffa2bd6964ebd8584bc978d1a3c71cbb
5d7160d238df5af52b5d8f989602572443dfed82
e255639b74373fe531b40b9ff005befe3a019f9cb4502a7f5b3ca2c5230073fc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/css/blue.css?ver=4.9.23 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:03 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:14 GMT
expires: Mon, 23 Oct 2023 07:36:03 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
471 B IP
Hash 8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 07:36:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
471 B IP
Hash 2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 07:36:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
200 OK 12 kB URL GET HTTP/2 fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 12276, version 1.0\012- data
Hash 964d69dfad99321462c6e739d5f71072
ab289c874c8a211c17b539f1161aec43e853c4a5
24df88e7e15c4b0b11eccc139235e04384513c803b5221485375b7acee755bac
GET /s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://steamcomnunilty.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 04:06:48 GMT
expires: Wed, 18 Sep 2024 04:06:48 GMT
cache-control: public, max-age=31536000
age: 358156
last-modified: Tue, 15 Aug 2023 18:49:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
471 B IP
Hash 2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 07:36:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET www.acint.net/aci.js
200 OK 8.4 kB IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type ASCII text, with very long lines (29844), with no line terminators
Hash d1e391ec30b1873d5ba17533864db834
4770a01d4a3d351ab6f9e0d6c7d613a1d02fcd27
9a4d4b0095f5dfd9adf1a509029b110a24bfc96c1cf3273c6d59718563e4c7db
GET /aci.js HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/x-javascript
content-length: 8387
last-modified: Tue, 13 Jun 2023 08:01:43 GMT
etag: "64882267-20c3"
content-encoding: gzip
expires: Sat, 23 Sep 2023 19:36:04 GMT
cache-control: max-age=43200
X-Firefox-Spdy: h2
GET fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUJiZTaR.woff2
200 OK 6.7 kB URL GET HTTP/2 fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUJiZTaR.woff2
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type Web Open Font Format (Version 2), TrueType, length 6720, version 1.0\012- data
Hash e8ae912f5d12b91dc36a7d9779acb579
bde87b335955557834d3d711db807c36ad1975d1
4ce5a0d95758d9c17282264426c1f0118a1e987b3f7c2e495f594db79f8dbca6
GET /s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUJiZTaR.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://steamcomnunilty.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 6720
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 18 Sep 2023 19:03:27 GMT
expires: Tue, 17 Sep 2024 19:03:27 GMT
cache-control: public, max-age=31536000
age: 390757
last-modified: Tue, 15 Aug 2023 18:56:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
471 B IP
Hash 2a9cb3694beef11368f7284821163a4d
32d723fad91ccd0c154e5d7e489266cfe596aa61
08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 07:36:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET steamcomnunilty.ru/wp-content/themes/shadink.com/js/responsive.js?ver=1.0
200 OK 66 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/js/responsive.js?ver=1.0
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with CRLF line terminators
Hash ffd315f8003b0a778b77fa4206c88dfd
22f87ab57bd8e116905d5e6bd303124a21776728
6e0b4094ad21c33f85eca2ecec7d3ab4bfd80379debc12cf7bc956d2ae8f33a2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/js/responsive.js?ver=1.0 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
content-length: 66
last-modified: Tue, 22 Feb 2022 19:24:22 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET www.acint.net/hit/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=901969&u=https%3A%2F%2Fsteamcomnunilty.ru%2F&r=&rs=1280x1024&t=Steamcomnunilty.ru%20%7C%20%D0%9C%D0%B8%D1%80%D0%BE%D0%B2%D1%8B%D0%B5%20%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&oE=1&oP=1&dT=2023-09-23T07%3A36%3A04.709&fu=595d7411-e9df-4ab6-b002-579be46f074b
200 OK 43 B URL GET HTTP/2 www.acint.net/hit/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=901969&u=https%3A%2F%2Fsteamcomnunilty.ru%2F&r=&rs=1280x1024&t=Steamcomnunilty.ru%20%7C%20%D0%9C%D0%B8%D1%80%D0%BE%D0%B2%D1%8B%D0%B5%20%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&oE=1&oP=1&dT=2023-09-23T07%3A36%3A04.709&fu=595d7411-e9df-4ab6-b002-579be46f074b
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hit/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=901969&u=https%3A%2F%2Fsteamcomnunilty.ru%2F&r=&rs=1280x1024&t=Steamcomnunilty.ru%20%7C%20%D0%9C%D0%B8%D1%80%D0%BE%D0%B2%D1%8B%D0%B5%20%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD&oE=1&oP=1&dT=2023-09-23T07%3A36%3A04.709&fu=595d7411-e9df-4ab6-b002-579be46f074b HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
GET www.acint.net/mc/?dp=10
302 Found 154 B IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /mc/?dp=10 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: text/html
content-length: 154
location: /mc/?dp=10&tc=1
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Sat, 23-Sep-23 07:46:04 GMT
aid=CkIDE2UOlWRCYCzTWBjYApaUGIqH6oh5zgbXb3kWogzIFDOj; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/empty.gif
200 OK 70 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/empty.gif
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type GIF image data, version 89a, 31 x 31\012- data
Hash 670e806c4af99e830fd4761e1bf59e0c
11b533b132f60a6b6afea5a390ed1846e512b5e5
64f181e413007885ec94514522705af3921031b28614387c7c76e8796dc30d95
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/empty.gif HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/gif
content-length: 70
last-modified: Tue, 22 Feb 2022 19:24:16 GMT
expires: Wed, 22 Nov 2023 07:36:04 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern.png
200 OK 187 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, interlaced\012- data
Hash a9e5a4fcf87ce78045e2f1edee8729a3
a9545d4565f3cf94c4278e25e60fb72af1708f2f
5a42a2f630377c4dc97e127d12f29d216b83f4ab9d513d9306ab837032e650da
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/pattern.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/png
content-length: 187
last-modified: Tue, 22 Feb 2022 19:24:18 GMT
expires: Wed, 22 Nov 2023 07:36:04 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/js/selectnav.js?ver=0.1
200 OK 1.5 kB URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/js/selectnav.js?ver=0.1
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash a4f4e54b74cff38f09ffe0d6856b88a7
67f988b9df8b03103af8ebec183603178ed5be9e
9a03f75b2b5a187cca4a557b40e3da605b9dbfe0687f676148280a559263ffbd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/js/selectnav.js?ver=0.1 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:22 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/searchform-send.png
200 OK 492 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/searchform-send.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash e33c3ec82373fd7910084c308c1c1bb6
af47e2a62dbbf243e13bf01b8a0745bab5c723f2
7074b9b38221f0391db92dbafac6d0f95aa7b4d28d84c96bb4dab1055ce2007d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/searchform-send.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/png
content-length: 492
last-modified: Tue, 22 Feb 2022 19:24:16 GMT
expires: Wed, 22 Nov 2023 07:36:04 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/icon-home.png
200 OK 593 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/icon-home.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b2371edf5a6d14d44a45c1725ab28968
2ab8cfe2b908112fce1d01736d3cee622ae005ca
c5119d32b1755662d0e22cae095475fce8eb4d7df60c45afa515d744b24b2f4f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/icon-home.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/png
content-length: 593
last-modified: Tue, 22 Feb 2022 19:24:18 GMT
expires: Wed, 22 Nov 2023 07:36:04 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET dm-eu.hybrid.ai/match?id=106&vid=0100007F64950E6599242E7B02D71D91
204 No Content 0 B URL GET HTTP/2 dm-eu.hybrid.ai/match?id=106&vid=0100007F64950E6599242E7B02D71D91
IP
ASN #58272 LeaderTelecom B.V.
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerSectigo Limited
Subject*.hybrid.ai
FingerprintBC:E6:95:A6:22:29:B6:24:D7:E6:0C:34:42:6E:CB:21:F3:F3:B3:93
ValidityMon, 26 Sep 2022 00:00:00 GMT - Tue, 26 Sep 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?id=106&vid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 07:36:04 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=a7006f933451a1659045; Expires=Sun, 22 Sep 2024 07:36:03 GMT; Domain=.hybrid.ai; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 516
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.acint.net
access-control-allow-credentials: true
server: Hybrid Web Server
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/js/menubox.js?ver=1.0
200 OK 332 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/js/menubox.js?ver=1.0
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type gzip compressed data, from Unix\012- data
Hash 5443185a5d62360766b26eda7f795d9d
588d1ace5284b2e46dbb531e49de61f86be258df
e8ee18e62865ddf4672b35aa503a024b87e04619e6be33defa7b84b8085b1377
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/js/menubox.js?ver=1.0 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:22 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern-headline.png
200 OK 149 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern-headline.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 2 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash c3d7e971ea384f70dd12bdcbd1ac3920
a350d1bcfd4329aeba61ea129261ad4aa6e9066e
b3cdf04e688eb11dbd0f53acd267e72a24eaa8b56cf2dc8a0dd46dd76efabb46
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/pattern-headline.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: image/png
content-length: 149
last-modified: Tue, 22 Feb 2022 19:24:16 GMT
expires: Wed, 22 Nov 2023 07:36:04 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET s.ccsyncuuid.net/match/5/?remote_uid=0100007F64950E6599242E7B02D71D91
302 Found 0 B URL GET HTTP/2 s.ccsyncuuid.net/match/5/?remote_uid=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectccsyncuuid.net
Fingerprint30:BF:5C:85:15:64:06:16:CF:28:48:B8:1C:30:7F:D5:A7:CD:67:7C
ValidityMon, 11 Sep 2023 06:10:10 GMT - Sun, 10 Dec 2023 06:10:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/5/?remote_uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: s.ccsyncuuid.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-length: 0
location: https://acint.net/match?dp=80&euid=bOzrQgr5q8CFEvdEcLfl
set-cookie: jcsuuid=bOzrQgr5q8CFEvdEcLfl; expires=Sun, 22 Sep 2024 07:36:05 GMT; domain=ccsyncuuid.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/icon-category.png
200 OK 125 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/icon-category.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 2a856cd27cc1129b00fb91071d595628
0fbd674ab9cd9de4e796bd6de2e585e4b317010f
8c78faf435bd78ff310bbea7f825a08132412a2025f0f663e297c98563653607
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/icon-category.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 125
last-modified: Tue, 22 Feb 2022 19:24:16 GMT
expires: Wed, 22 Nov 2023 07:36:05 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/uploads/2018/03/black-ringo.png
404 Not Found 5.4 kB URL GET HTTP/2 steamcomnunilty.ru/wp-content/uploads/2018/03/black-ringo.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type gzip compressed data, from Unix\012- data
Hash acd0216e9043c4b010f454a31beb25c5
35e20eaa45de7a74518015219a77a290e6e40275
64a99f9e64dabc3bb0c6e635cbf98cf7ca0d834595d800188519f6009b24bdd9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2018/03/black-ringo.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
link: <https://steamcomnunilty.ru/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
X-Firefox-Spdy: h2
GET s.uuidksinc.net/match/396/?remote_uid=0100007F64950E6599242E7B02D71D91
302 Found 0 B URL GET HTTP/2 s.uuidksinc.net/match/396/?remote_uid=0100007F64950E6599242E7B02D71D91
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectuuidksinc.net
Fingerprint1F:73:92:46:79:03:20:9A:6A:E0:6C:8D:59:77:57:10:54:4D:B7:10
ValiditySun, 10 Sep 2023 23:20:21 GMT - Sat, 09 Dec 2023 23:20:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/396/?remote_uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.23.2
date: Sat, 23 Sep 2023 07:36:05 GMT
content-length: 0
location: https://www.acint.net/match?dp=127&euid=FPaHH20KcF1ONhZvunOh
set-cookie: jcsuuid=FPaHH20KcF1ONhZvunOh; expires=Sun, 22 Sep 2024 07:36:05 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern-sidebar.png
200 OK 149 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/pattern-sidebar.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 2 x 7, 8-bit/color RGBA, non-interlaced\012- data
Hash ea84db828540cfc6a15aea1eea78d831
b5a13dccddbd676e16e70380d8bd9ea178d28d7b
2a58ca5b897711723eac682790362f4ce8b6cc67d18657e59c738c9811094bb0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/pattern-sidebar.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 149
last-modified: Tue, 22 Feb 2022 19:24:18 GMT
expires: Wed, 22 Nov 2023 07:36:05 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET sync.bumlam.com/?src=sap1&uid=0100007F64950E6599242E7B02D71D91
302 Moved Temporarily 0 B URL GET HTTP/1.1 sync.bumlam.com/?src=sap1&uid=0100007F64950E6599242E7B02D71D91
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Fri, 18 Sep 2043 07:36:05 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQARjlqrqoBmIgMDEwMDAwN0Y2NDk1MEU2NTk5MjQyRTdCMDJENzFEOTGiARDaXEhYWeMR7obgACWQwGR8
ETag: da5c4858-59e3-11ee-86e0-002590c0647c
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
472 B IP
Hash 2f9c3eb974eb86f38ed2188e2df38073
2e4f36f04e0bf3059dc9a9d228dacb6da27ff095
758bbed7f74931ed8a31c111c0dc601871fa245fb9ccdfdcf3d6f89062a208f3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 22 Sep 2023 14:53:30 GMT
Expires: Fri, 29 Sep 2023 14:53:29 GMT
Etag: "2e4f36f04e0bf3059dc9a9d228dacb6da27ff095"
Cache-Control: max-age=545328,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80b11d57bec3b4fa-OSL
GET pix.bumlam.com/sync/sape/check?sspuid=0100007F64950E6599242E7B02D71D91
302 Found 0 B URL GET HTTP/1.1 pix.bumlam.com/sync/sape/check?sspuid=0100007F64950E6599242E7B02D71D91
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/sape/check?sspuid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://sync.bumlam.com/?src=sape
GET sync.dmp.otm-r.com/match/sape?id=0100007F64950E6599242E7B02D71D91
204 No Content 0 B URL GET HTTP/2 sync.dmp.otm-r.com/match/sape?id=0100007F64950E6599242E7B02D71D91
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.dmp.otm-r.com
FingerprintC6:A2:9D:82:0D:D1:C1:2D:A4:ED:7F:05:13:52:5B:94:6B:10:58:D6
ValidityMon, 19 Jun 2023 10:50:51 GMT - Sat, 20 Jul 2024 10:50:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/sape?id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.17.10
date: Sat, 23 Sep 2023 07:36:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET www.acint.net/oci/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=851465&oid=7e57a625dddcba431ef5a1422e13af30
200 OK 43 B URL GET HTTP/2 www.acint.net/oci/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=851465&oid=7e57a625dddcba431ef5a1422e13af30
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /oci/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=851465&oid=7e57a625dddcba431ef5a1422e13af30 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
471 B IP
Hash 8b4e5495ed7e64a1f5e3d2d55c879658
49b4bc23f6d25786f8e8fb0a8d5096a26b5809fa
5d8fc4839dacdb40ac38657dfb621db37fc2553307f7afff60a01a807352a75f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 21 Sep 2023 12:08:50 GMT
Expires: Thu, 28 Sep 2023 12:08:49 GMT
Etag: "49b4bc23f6d25786f8e8fb0a8d5096a26b5809fa"
Cache-Control: max-age=448455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80b11d57ef2d067b-OSL
GET nr.bidderstack.com/sape/cm?user_id=0100007F64950E6599242E7B02D71D91
302 Found 0 B URL GET HTTP/1.1 nr.bidderstack.com/sape/cm?user_id=0100007F64950E6599242E7B02D71D91
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGoDaddy.com, Inc.
Subject*.bidderstack.com
Fingerprint88:0D:CE:79:C4:DA:79:3B:37:94:98:4A:1A:FA:19:D3:62:A5:B9:84
ValiditySun, 20 Nov 2022 07:16:28 GMT - Sat, 18 Nov 2023 12:58:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/cm?user_id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: nr.bidderstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
Location: /sape/cm?user_id=0100007F64950E6599242E7B02D71D91&pupa=1
Set-Cookie: pupa=4096b3dc-c011-21bb-e069-92664b67f354; domain=.bidderstack.com; path=/; expires=Sun, 22-Sep-2024 07:36:05 GMT;
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
GET sync.upravel.com/sape/sync
302 Found 0 B URL GET HTTP/2 sync.upravel.com/sape/sync
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.upravel.com
Fingerprint4C:ED:03:57:58:43:18:2C:CC:41:F3:3B:19:72:75:BD:29:C1:04:08
ValiditySat, 29 Apr 2023 07:48:21 GMT - Thu, 30 May 2024 07:48:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 0
location: https://sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
set-cookie: session_tptc=1695454565150;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
session_tptc-legacy=1695454565150;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/sidebar-ul.png
200 OK 73 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/sidebar-ul.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 1 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 8399528dd8f5b2438caa782e6602453f
09fac940aeaaccadd46f6b1dec10cc68314a29ea
1f874d5559e9d4a68f7a8e56aa53062b7162b20e653be1265d125f71c3a22451
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/sidebar-ul.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 73
last-modified: Tue, 22 Feb 2022 19:24:16 GMT
expires: Wed, 22 Nov 2023 07:36:05 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
200 OK 43 B URL GET HTTP/2 acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=14&euid=3203420A64950E658C00B28302882759 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET match.new-programmatic.com/userbind?src=sape&id=0100007F64950E6599242E7B02D71D91
204 No Content 0 B URL GET HTTP/1.1 match.new-programmatic.com/userbind?src=sape&id=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectad.ad-blast.ru
FingerprintEB:3F:C9:E9:09:C1:3A:BE:D3:34:59:A1:B8:C6:23:6E:FF:58:76:7A
ValidityTue, 11 Jul 2023 09:00:28 GMT - Mon, 09 Oct 2023 09:00:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=sape&id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.22.1
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Vary: Origin
GET match.ohmy.bid/cm?ssp=sape&redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D217%26euid%3D%7Buid%7D
302 Found 0 B URL GET HTTP/2 match.ohmy.bid/cm?ssp=sape&redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D217%26euid%3D%7Buid%7D
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectmatch.ohmy.bid
FingerprintFB:7F:6A:02:1D:10:B6:64:0D:24:21:08:EE:75:D4:22:84:72:94:DC
ValidityThu, 27 Jul 2023 14:30:40 GMT - Wed, 25 Oct 2023 14:30:39 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?ssp=sape&redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D217%26euid%3D%7Buid%7D HTTP/1.1
Host: match.ohmy.bid
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-length: 0
bidder: bid-03
location: https://www.acint.net/match?dp=217&euid=0357c0bf-89a8-42b1-9a28-20150ab93a19
set-cookie: uid=0357c0bf-89a8-42b1-9a28-20150ab93a19.650e9565.6b5e0ffe594a68d3; domain=.ohmy.bid; path=/; expires=Mon, 23-Oct-2023 07:36:05 GMT; SameSite=None; Secure;
access-control-allow-credentials: true
X-Firefox-Spdy: h2
GET ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
302 Found 74 B URL GET HTTP/2 ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.bestssp.com
Fingerprint25:15:42:2E:1C:54:0F:74:CF:89:02:5A:5E:AC:98:DA:1C:34:B3:B3
ValidityMon, 24 Jul 2023 17:15:54 GMT - Sat, 24 Aug 2024 17:15:53 GMT
File type HTML document, ASCII text
Hash 9c15e2f88111de4b390bf883015bcfca
d64da318f663f70db2934f11b2e25bdedf3753bb
46aa439ede57296901df9ce1fbbec04dafe80388f9c3c752d4b35f190f49b060
GET /sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D HTTP/1.1
Host: ssp.bestssp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.22.0
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html; charset=utf-8
content-length: 74
location: https://www.acint.net/match?dp=95&euid=LUFORASN
set-cookie: uid=LUFORASN; Expires=Tue, 20 Sep 2033 07:36:05 GMT
X-Firefox-Spdy: h2
GET acint.net/match?dp=80&euid=bOzrQgr5q8CFEvdEcLfl
302 Found 154 B URL GET HTTP/2 acint.net/match?dp=80&euid=bOzrQgr5q8CFEvdEcLfl
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /match?dp=80&euid=bOzrQgr5q8CFEvdEcLfl HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html
content-length: 154
location: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
set-cookie: cSyncDp14v4=1695454565; expires=Mon, 23-Oct-23 07:36:05 GMT; path=/; Secure; SameSite=None; domain=.acint.net
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/sidebar-li.png
200 OK 230 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/sidebar-li.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 7 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash d86761678e38bfcaa75eeb978aa77191
0ee7967f785907f2913adc49e99673fb081d6de9
d62ca5cb6c2d163a64fde0b05588990290c91a7955886157effd3403e189b242
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/sidebar-li.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 230
last-modified: Tue, 22 Feb 2022 19:24:18 GMT
expires: Wed, 22 Nov 2023 07:36:05 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET sync.gonet-ads.com/match/sape.js?id=0100007F64950E6599242E7B02D71D91
200 OK 43 B URL GET HTTP/2 sync.gonet-ads.com/match/sape.js?id=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerSectigo Limited
Subject*.gonet-ads.com
Fingerprint2B:BE:BF:75:0A:67:AA:2D:FA:0A:7F:92:F4:37:AE:9B:DD:47:68:2D
ValidityWed, 07 Jun 2023 00:00:00 GMT - Tue, 11 Jun 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /match/sape.js?id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: sync.gonet-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
GET exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
301 Moved Permanently 115 B URL GET HTTP/2 exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerSectigo Limited
Subject*.buzzoola.com
FingerprintE6:7F:94:98:CF:E4:CF:88:C7:8C:FC:16:A3:D7:D0:10:4E:EC:AB:F1
ValidityMon, 04 Sep 2023 00:00:00 GMT - Fri, 04 Oct 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash f32282a79abdf692b16d8e53af5068ff
8cd7f64637a954304d67eda9019da17364f6bd65
061be65c3cdb43ac6dc09957c1d596176a541325e0e1827401db598e8fd0a5df
GET /cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP/1.1
Host: exchange.buzzoola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html; charset=utf-8
content-length: 115
location: https://www.acint.net/match?dp=126&euid=720f5c67-6748-4c04-5487-628e3c4181b9
serverid: TODO
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/images/scroll-top.png
200 OK 251 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/images/scroll-top.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash ca591244b35a88199eef562713d46bd1
9f5dcb4c3b8daaa432e45c1be43b2a0b0f5ef27c
ae0ede64616d0a7cb38da1a540f442a524b1d8d381c1bb93796345d1c818cdcd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/images/scroll-top.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
Cookie: fid=595d7411-e9df-4ab6-b002-579be46f074b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 251
last-modified: Tue, 22 Feb 2022 19:24:18 GMT
expires: Wed, 22 Nov 2023 07:36:05 GMT
cache-control: max-age=5184000
pragma: public
accept-ranges: bytes
X-Firefox-Spdy: h2
GET www.acint.net/match?dp=129&euid=kacxsm70cr
302 Found 154 B URL GET HTTP/2 www.acint.net/match?dp=129&euid=kacxsm70cr
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /match?dp=129&euid=kacxsm70cr HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html
content-length: 154
location: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
set-cookie: cSyncDp14v4=1695454565; expires=Mon, 23-Oct-23 07:36:05 GMT; path=/; Secure; SameSite=None; domain=.acint.net
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET cs.agency2.ru/p?ssp=sp&uid=0100007F64950E6599242E7B02D71D91
301 Moved Permanently 0 B URL GET HTTP/1.1 cs.agency2.ru/p?ssp=sp&uid=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectapi.agency2.ru
Fingerprint61:82:32:09:D8:53:F1:DC:96:E3:E6:22:3A:24:85:F7:6F:1C:56:83
ValidityThu, 17 Aug 2023 23:34:39 GMT - Wed, 15 Nov 2023 23:34:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sp&uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: cs.agency2.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
Server: fasthttp
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.acint.net/match?dp=186&euid=d4d0660d-6ad5-4351-bccc-a2cddd084812
Set-Cookie: uuid=d4d0660d-6ad5-4351-bccc-a2cddd084812; expires=Fri, 13 Sep 2024 07:36:05 GMT; domain=agency2.ru; path=/; secure; SameSite=None
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
X-Host: 23.111.107.44
GET sync.programmatica.com/match/01
200 OK 43 B URL GET HTTP/2 sync.programmatica.com/match/01
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.programmatica.com
FingerprintE4:B6:ED:A7:02:18:8C:3F:D0:A3:8D:04:EE:40:21:0A:0E:83:D1:D6
ValidityThu, 15 Dec 2022 17:05:13 GMT - Tue, 16 Jan 2024 17:05:12 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /match/01 HTTP/1.1
Host: sync.programmatica.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
GET sync.adspend.space/sape?uid=0100007F64950E6599242E7B02D71D91
204 No Content 0 B URL GET HTTP/1.1 sync.adspend.space/sape?uid=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.adspend.space
FingerprintD2:A9:45:D9:7D:4F:04:B2:D9:24:CC:62:7C:3B:4A:4E:C5:5C:CD:24
ValidityTue, 29 Aug 2023 13:03:53 GMT - Mon, 27 Nov 2023 13:03:52 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape?uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: sync.adspend.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.14.1
Date: Sat, 23 Sep 2023 07:36:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: PUT, GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, authorization
Access-Control-Max-Age: 1728000
GET sync.dsp.solta.io/match/sape?id=0100007F64950E6599242E7B02D71D91
200 OK 43 B URL GET HTTP/2 sync.dsp.solta.io/match/sape?id=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.dsp.solta.io
Fingerprint6D:7F:91:92:30:E1:6A:A0:9B:86:49:7A:21:7F:5B:A4:23:8F:92:BC
ValidityWed, 02 Aug 2023 16:38:38 GMT - Mon, 02 Sep 2024 16:38:37 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /match/sape?id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: sync.dsp.solta.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
GET kimberlite.io/rtb/sync/sape2?u=0100007F64950E6599242E7B02D71D91
307 Temporary Redirect 0 B URL GET HTTP/1.1 kimberlite.io/rtb/sync/sape2?u=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.kimberlite.io
Fingerprint94:44:D9:27:EE:9B:5F:DE:36:07:ED:BA:1A:1D:62:2A:31:B6:43:72
ValidityFri, 10 Mar 2023 07:40:01 GMT - Wed, 10 Apr 2024 07:40:00 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rtb/sync/sape2?u=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: kimberlite.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: u=ZQ6VZdlZtZQ~IfP5Ezqs8uDakzJD-zazt6xSyU8; path=/; max-age=7776000; samesite=none; httponly; secure
as=OFrH4WUOlWU; max-age=604800; samesite=none; httponly; secure
f=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D243%26euid%3DZQ6VZdlZtZQ; max-age=30; samesite=none; httponly; secure
n=1; max-age=30; samesite=none; httponly; secure
location: https://sm.rtb.mts.ru/p?ssp=toptraffic&id=ZQ6VZdlZtZQ
referrer-policy: no-referrer
server-timing: app;srv=9;dur=0.0002
GET sync.bumlam.com/?src=sap1&s_data=CAIQARjlqrqoBmIgMDEwMDAwN0Y2NDk1MEU2NTk5MjQyRTdCMDJENzFEOTGiARDaXEhYWeMR7obgACWQwGR8
200 OK 0 B URL GET HTTP/1.1 sync.bumlam.com/?src=sap1&s_data=CAIQARjlqrqoBmIgMDEwMDAwN0Y2NDk1MEU2NTk5MjQyRTdCMDJENzFEOTGiARDaXEhYWeMR7obgACWQwGR8
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&s_data=CAIQARjlqrqoBmIgMDEwMDAwN0Y2NDk1MEU2NTk5MjQyRTdCMDJENzFEOTGiARDaXEhYWeMR7obgACWQwGR8 HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Fri, 18 Sep 2043 07:36:05 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
GET www.acint.net/match?dp=127&euid=FPaHH20KcF1ONhZvunOh
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=127&euid=FPaHH20KcF1ONhZvunOh
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=127&euid=FPaHH20KcF1ONhZvunOh HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET sync.bumlam.com/?src=sape
302 Moved Temporarily 0 B URL GET HTTP/1.1 sync.bumlam.com/?src=sape
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sape HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Fri, 18 Sep 2043 07:36:05 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://pix.bumlam.com/sync/sape/sync_ok?guid=da5c4858-59e3-11ee-86e0-002590c0647c
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Access-Control-Allow-Origin: https://acint.net
Access-Control-Allow-Credentials: true
GET adx.com.ru/sape-sync?uid=0100007F64950E6599242E7B02D71D91
302 Found 85 B URL GET HTTP/2 adx.com.ru/sape-sync?uid=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.adx.com.ru
FingerprintB6:86:21:C8:F9:AF:00:9E:42:EC:E3:77:AC:A3:5B:2B:E7:C4:46:B3
ValidityFri, 26 May 2023 11:44:59 GMT - Wed, 26 Jun 2024 11:44:58 GMT
File type HTML document, ASCII text
Hash 49e5f9c2a0f27a106a72ab7bb13ed514
4d5938d2fdfbe5d866b16973b1ef280bc810dc0e
9b6eb2b0759d7bade3fb858827cf71a5604eb3b2f7266c9bb22c2f399e9ab92c
GET /sape-sync?uid=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: adx.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.22.0
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html; charset=utf-8
content-length: 85
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
location: /sync?sspKey=25&sspUserID=0100007F64950E6599242E7B02D71D91
p3p: CP="adx.com.ru does not have a P3P policy"
set-cookie: user=650e9565a897d8000187fc66; Path=/; Domain=adx.com.ru; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
GET www.acint.net/match?dp=217&euid=0357c0bf-89a8-42b1-9a28-20150ab93a19
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=217&euid=0357c0bf-89a8-42b1-9a28-20150ab93a19
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=217&euid=0357c0bf-89a8-42b1-9a28-20150ab93a19 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET www.acint.net/match?dp=95&euid=LUFORASN
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=95&euid=LUFORASN
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=95&euid=LUFORASN HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
302 Moved Temporarily 142 B URL GET HTTP/1.1 ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.sape.ru
Fingerprint5B:FF:7D:F3:EA:A8:35:A6:2E:5B:8A:B6:EC:10:EE:5D:EF:84:DA:60
ValidityWed, 09 Aug 2023 01:42:20 GMT - Tue, 07 Nov 2023 01:42:19 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14 HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: sspuid=CkIDMmUOlWSDsgCMWSeIAjyr6AYuRWWIbZ0iFNI7OXkzgG5r
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
GET www.acint.net/match?dp=126&euid=720f5c67-6748-4c04-5487-628e3c4181b9
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=126&euid=720f5c67-6748-4c04-5487-628e3c4181b9
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=126&euid=720f5c67-6748-4c04-5487-628e3c4181b9 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET nr.bidderstack.com/sape/cm?user_id=0100007F64950E6599242E7B02D71D91&pupa=1
302 Found 0 B URL GET HTTP/1.1 nr.bidderstack.com/sape/cm?user_id=0100007F64950E6599242E7B02D71D91&pupa=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGoDaddy.com, Inc.
Subject*.bidderstack.com
Fingerprint88:0D:CE:79:C4:DA:79:3B:37:94:98:4A:1A:FA:19:D3:62:A5:B9:84
ValiditySun, 20 Nov 2022 07:16:28 GMT - Sat, 18 Nov 2023 12:58:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/cm?user_id=0100007F64950E6599242E7B02D71D91&pupa=1 HTTP/1.1
Host: nr.bidderstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Length: 0
Connection: keep-alive
Location: https://sync.dmp.otm-r.com/match/hyper?id={UID}4096b3dc-c011-21bb-e069-92664b67f354
Set-Cookie: pupa=4096b3dc-c011-21bb-e069-92664b67f354; domain=.bidderstack.com; path=/; expires=Sun, 22-Sep-2024 07:36:05 GMT;
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
GET sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
302 Found 0 B URL GET HTTP/2 sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.upravel.com
Fingerprint4C:ED:03:57:58:43:18:2C:CC:41:F3:3B:19:72:75:BD:29:C1:04:08
ValiditySat, 29 Apr 2023 07:48:21 GMT - Thu, 30 May 2024 07:48:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0 HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: session_tptc=1695454565150
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/png
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: user_id=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
location: https://www.acint.net/match?dp=71&euid=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
GET ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
302 Moved Temporarily 142 B URL GET HTTP/1.1 ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.sape.ru
Fingerprint5B:FF:7D:F3:EA:A8:35:A6:2E:5B:8A:B6:EC:10:EE:5D:EF:84:DA:60
ValidityWed, 09 Aug 2023 01:42:20 GMT - Tue, 07 Nov 2023 01:42:19 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rmatch?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D&dp=14 HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: sspuid=CkIDMmUOlWSDsgCMWSeIAjyr6AYuRWWIbZ0iFNI7OXkzgG5r
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
GET www.acint.net/match?dp=186&euid=d4d0660d-6ad5-4351-bccc-a2cddd084812
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=186&euid=d4d0660d-6ad5-4351-bccc-a2cddd084812
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=186&euid=d4d0660d-6ad5-4351-bccc-a2cddd084812 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET pix.bumlam.com/sync/sape/sync_ok?guid=da5c4858-59e3-11ee-86e0-002590c0647c
302 Found 0 B URL GET HTTP/1.1 pix.bumlam.com/sync/sape/sync_ok?guid=da5c4858-59e3-11ee-86e0-002590c0647c
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/sape/sync_ok?guid=da5c4858-59e3-11ee-86e0-002590c0647c HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 23 Sep 2023 07:36:05 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://da5c4858-59e3-11ee-86e0-002590c0647c.n3.sync.bumlam.com/?src=sape
GET adx.com.ru/sync?sspKey=25&sspUserID=0100007F64950E6599242E7B02D71D91
302 Found 231 B URL GET HTTP/2 adx.com.ru/sync?sspKey=25&sspUserID=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.adx.com.ru
FingerprintB6:86:21:C8:F9:AF:00:9E:42:EC:E3:77:AC:A3:5B:2B:E7:C4:46:B3
ValidityFri, 26 May 2023 11:44:59 GMT - Wed, 26 Jun 2024 11:44:58 GMT
File type HTML document, ASCII text
Hash bf1112cfd1b3eb0aca55daea16597c7a
1faeadb8c8f08023b3443b95471c0e1a453b6850
83fb48ffc0cd1865315f90be55dbea219eb5aee6a388dd8a871ec8f483a3b25c
GET /sync?sspKey=25&sspUserID=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: adx.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: user=650e9565a897d8000187fc66
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.22.0
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: text/html; charset=utf-8
content-length: 231
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fadx.com.ru%2Fweborama-sync%3Furl%3Dhttps%253A%252F%252Fprodmp.ru%252Fyabbi.gif%253Fuid%253D650e9565a897d8000187fc66%2526r%253D%26webouid%3D{WEBO_CID}
p3p: CP="adx.com.ru does not have a P3P policy"
X-Firefox-Spdy: h2
GET acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
200 OK 43 B URL GET HTTP/2 acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=14&euid=3203420A64950E658C00B28302882759 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET www.acint.net/match?dp=71&euid=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0
200 OK 43 B URL GET HTTP/2 www.acint.net/match?dp=71&euid=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=71&euid=5a408b4e-6d69-4e2f-8e35-0c6c40f1e0f0 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
200 OK 43 B URL GET HTTP/2 acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=14&euid=3203420A64950E658C00B28302882759 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:05 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET sync.dmp.otm-r.com/match/hyper?id={UID}4096b3dc-c011-21bb-e069-92664b67f354
204 No Content 0 B URL GET HTTP/2 sync.dmp.otm-r.com/match/hyper?id={UID}4096b3dc-c011-21bb-e069-92664b67f354
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.dmp.otm-r.com
FingerprintC6:A2:9D:82:0D:D1:C1:2D:A4:ED:7F:05:13:52:5B:94:6B:10:58:D6
ValidityMon, 19 Jun 2023 10:50:51 GMT - Sat, 20 Jul 2024 10:50:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/hyper?id={UID}4096b3dc-c011-21bb-e069-92664b67f354 HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx/1.17.10
date: Sat, 23 Sep 2023 07:36:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
GET da5c4858-59e3-11ee-86e0-002590c0647c.n3.sync.bumlam.com/?src=sape
302 Found 0 B URL GET HTTP/2 da5c4858-59e3-11ee-86e0-002590c0647c.n3.sync.bumlam.com/?src=sape
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.n0.sync.bumlam.com
Fingerprint99:77:61:BD:7C:71:52:75:4C:35:19:FA:21:42:A9:2E:BF:93:81:BF
ValidityTue, 19 Sep 2023 05:05:41 GMT - Mon, 18 Dec 2023 05:05:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sape HTTP/1.1
Host: da5c4858-59e3-11ee-86e0-002590c0647c.n3.sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.24.0
date: Sat, 23 Sep 2023 07:36:06 GMT
content-length: 0
location: https://pix.bumlam.com/sync/sape/done
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
X-Firefox-Spdy: h2
GET pix.bumlam.com/sync/sape/done
200 OK 43 B URL GET HTTP/1.1 pix.bumlam.com/sync/sape/done
IP
ASN #44066 diva-e Datacenters GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.bumlam.com
FingerprintD1:BD:EE:74:87:29:DC:B3:E7:BE:D3:6E:5B:B4:64:E8:11:7F:53:5D
ValidityMon, 24 Jul 2023 05:35:03 GMT - Sun, 22 Oct 2023 05:35:02 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /sync/sape/done HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: suuid3=IiRkYTVjNDg1OC01OWUzLTExZWUtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Sep 2023 07:36:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
GET acint.net/match?dp=110&euid=cd354fb4783149878ede4f757cd7ead6
200 OK 43 B URL GET HTTP/2 acint.net/match?dp=110&euid=cd354fb4783149878ede4f757cd7ead6
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=110&euid=cd354fb4783149878ede4f757cd7ead6 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:06 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/uploads/2018/03/address_book.png
404 Not Found 4.9 kB URL GET HTTP/2 steamcomnunilty.ru/wp-content/uploads/2018/03/address_book.png
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type gzip compressed data, from Unix\012- data
Hash 5ca152a21e6d7266c1246c69f0374e76
9ec668b5800adeb193130d523fc6e6ea23120fc7
f692ef6060cf9e88fd6e3622eb1e1b73c14064e1d9ed9617bf58698561f289c3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2018/03/address_book.png HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: fid=595d7411-e9df-4ab6-b002-579be46f074b; _ac_oid=7e57a625dddcba431ef5a1422e13af30%3A1695458165247
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 23 Sep 2023 07:36:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
link: <https://steamcomnunilty.ru/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
X-Firefox-Spdy: h2
GET www.acint.net/mc/?dp=10&tc=1
200 OK 5.5 kB URL GET HTTP/2 www.acint.net/mc/?dp=10&tc=1
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5718), with no line terminators
Hash ccec48f9df5a58cd790fdeade1e1972b
eb6aed2389f0011eb8064bfc437d0f9f09ab22ae
c20bb53378ddc207813eb371951de165195dfde6733b30e6c33315eca64a579f
GET /mc/?dp=10&tc=1 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://steamcomnunilty.ru/
DNT: 1
Connection: keep-alive
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: text/html
set-cookie: cSyncDp14v5=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp17=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp45v4=1695454564; expires=Sun, 24-Sep-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp53v4=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp62=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp67v2=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp68=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp71=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp80=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp85=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp95v3=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp98v2=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp104v2=1695454564; expires=Sat, 07-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp107v1=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp110v2=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp125v3=1695454564; expires=Sun, 08-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp126=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp127=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp129=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp136v2=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp146=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp148v1=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp149v2=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp151=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp178=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp186=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp217=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp221=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp235v1=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp239=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp243=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp260=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp244=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp248=1695454564; expires=Mon, 23-Oct-23 07:36:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
content-encoding: gzip
X-Firefox-Spdy: h2
GET www.acint.net/ping/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=007196&dT=2023-09-23T07%3A36%3A07.715
200 OK 43 B URL GET HTTP/2 www.acint.net/ping/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=007196&dT=2023-09-23T07%3A36%3A07.715
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /ping/?v=0.6.0&uid=7f2b2313-de44-4c63-b37d-3be3e5c662a2&dp=10&tz=%2B00%3A00&nc=007196&dT=2023-09-23T07%3A36%3A07.715 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Cookie: aid=fwAAAWUOlWR7LiSZkR3XApZ563ak22Yf6nIr/LKrGHNWpE7M; test_cookie=CheckForPermission; cSyncDp14v5=1695454564; cSyncDp17=1695454564; cSyncDp45v4=1695454564; cSyncDp53v4=1695454564; cSyncDp62=1695454564; cSyncDp67v2=1695454564; cSyncDp68=1695454564; cSyncDp71=1695454564; cSyncDp80=1695454564; cSyncDp85=1695454564; cSyncDp95v3=1695454564; cSyncDp98v2=1695454564; cSyncDp104v2=1695454564; cSyncDp107v1=1695454564; cSyncDp110v2=1695454564; cSyncDp125v3=1695454564; cSyncDp126=1695454564; cSyncDp127=1695454564; cSyncDp129=1695454564; cSyncDp136v2=1695454564; cSyncDp146=1695454564; cSyncDp148v1=1695454564; cSyncDp149v2=1695454564; cSyncDp151=1695454564; cSyncDp178=1695454564; cSyncDp186=1695454564; cSyncDp217=1695454564; cSyncDp221=1695454564; cSyncDp235v1=1695454564; cSyncDp239=1695454564; cSyncDp243=1695454564; cSyncDp260=1695454564; cSyncDp244=1695454564; cSyncDp248=1695454564; cSyncDp14v4=1695454565
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
200 OK 38 kB URL User Request GET HTTP/2 IP
ASN #35196 Ihor Hosting LLC
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
link: <https://steamcomnunilty.ru/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: MISS
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
GET ads.adlook.me/csync?pid=sape&uid=0100007F64950E6599242E7B02D71D91&url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
302 Found 43 B URL GET HTTP/2 ads.adlook.me/csync?pid=sape&uid=0100007F64950E6599242E7B02D71D91&url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
IP
ASN #48096 Enterprise Cloud Ltd.
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGlobalSign nv-sa
Subject*.adlook.me
FingerprintBB:74:3B:09:F5:13:79:CE:CF:22:44:22:AD:AF:A7:74:23:4F:98:32
ValidityTue, 06 Jun 2023 15:02:11 GMT - Sun, 07 Jul 2024 15:02:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /csync?pid=sape&uid=0100007F64950E6599242E7B02D71D91&url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://acint.net/match?dp=110&euid=cd354fb4783149878ede4f757cd7ead6
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=cd354fb4783149878ede4f757cd7ead6; expires=Sat, 21 Sep 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=none
adlk_cmatch=sape%3A0100007F64950E6599242E7B02D71D91; expires=Fri, 31 Dec 9999 20:59:59 GMT; path=/; SameSite=None; secure; samesite=none
date: Sat, 23 Sep 2023 07:36:05 GMT
X-Firefox-Spdy: h2
GET ssp.bidvol.com/usersync?dspcsid=8&redirect=1
302 Found 43 B URL GET HTTP/2 ssp.bidvol.com/usersync?dspcsid=8&redirect=1
IP
ASN #24940 Hetzner Online GmbH
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subjectssp.bidvol.com
FingerprintD6:6B:CC:A2:EB:27:40:A7:8A:E7:32:6A:ED:DC:A4:D1:5E:20:61:89
ValidityFri, 28 Jul 2023 13:50:10 GMT - Thu, 26 Oct 2023 13:50:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usersync?dspcsid=8&redirect=1 HTTP/1.1
Host: ssp.bidvol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.22.0
date: Sat, 23 Sep 2023 07:36:05 GMT
x-request-id: c54a8efb-fc49-4ee6-887b-a13367d1c7ab
set-cookie: bvuid=kacxsm70cr; Max-Age=2147483647; Domain=.bidvol.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None
bvuid2=kacxsm70cr; Max-Age=2147483647; Domain=.bidvol.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
location: https://www.acint.net/match?dp=129&euid=kacxsm70cr
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-includes/js/wp-emoji-release.min.js?ver=4.9.23
200 OK 12 kB URL GET HTTP/2 steamcomnunilty.ru/wp-includes/js/wp-emoji-release.min.js?ver=4.9.23
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (9063)
Hash fe0575b66568074463f12485d90f6d4c
aeedd9ab3b7874e63f647042963cb1301a38b391
647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.23 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Feb 2021 01:07:44 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-includes/js/wp-embed.min.js?ver=4.9.23
200 OK 1.4 kB URL GET HTTP/2 steamcomnunilty.ru/wp-includes/js/wp-embed.min.js?ver=4.9.23
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (1486), with no line terminators
Hash 61a3ac58ecaf63ac4b2cfdc2c97ed95a
ab002741cbaa650030d6ac4b4446550976f63dbd
d6b5f289be3df43ef051b4fa5c872e3ef535739d345b4076d6731e996a2c973b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=4.9.23 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 07 Aug 2023 12:25:48 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET fonts.googleapis.com/css?family=Oswald&subset=latin%2Clatin-ext&ver=4.9.23
200 OK 1.7 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Oswald&subset=latin%2Clatin-ext&ver=4.9.23
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT
File type ASCII text, with very long lines (1780), with no line terminators
Hash d7dab9489e9d4b37f3b45782b5259a24
44415d6f0ecbe1386825dee503878838fa1725e8
19963bbfddbfbe9960dab935da5fccdb801363dbc6d4f03f0f647cf5666cc5d3
GET /css?family=Oswald&subset=latin%2Clatin-ext&ver=4.9.23 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 07:36:04 GMT
date: Sat, 23 Sep 2023 07:36:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-includes/js/jquery/jquery.js?ver=1.12.4
200 OK 97 kB URL GET HTTP/2 steamcomnunilty.ru/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (31997)
Hash dc5ba5044fccc0297be7b262ce669a7c
f137ff98ae379e35b0702967d3b6866a0a40e3be
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 04 Sep 2019 18:45:34 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
200 OK 10 kB URL GET HTTP/2 steamcomnunilty.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (9959)
Hash 7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 20 May 2016 03:11:28 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/js/scroll-to-top.js?ver=1.0
200 OK 514 B URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/js/scroll-to-top.js?ver=1.0
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (585), with no line terminators
Hash 5a5329c23937c61e837db662dca2869c
fff134dbb827fcc742a5282bbb9302afb4a68652
c6ec495a4d761397bf9038677ab8fb3283e17ea790568c6329121741a55d9428
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/js/scroll-to-top.js?ver=1.0 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:22 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
302 Moved Temporarily 43 B URL GET HTTP/1.1 ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerLet's Encrypt
Subject*.sape.ru
Fingerprint5B:FF:7D:F3:EA:A8:35:A6:2E:5B:8A:B6:EC:10:EE:5D:EF:84:DA:60
ValidityWed, 09 Aug 2023 01:42:20 GMT - Tue, 07 Nov 2023 01:42:19 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sat, 23 Sep 2023 07:36:04 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=3203420A64950E658C00B28302882759
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=CkIDMmUOlWSDsgCMWSeIAjyr6AYuRWWIbZ0iFNI7OXkzgG5r; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None
GET steamcomnunilty.ru/wp-content/themes/shadink.com/js/placeholders.js?ver=2.1.0
200 OK 4.0 kB URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/js/placeholders.js?ver=2.1.0
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (4100), with no line terminators
Hash 10fc9111e0a2667b563c402699da79fe
c20398b63e00a2c67d4c52b928ef80f37f6d7452
b5aaad7156808a8aa5b84a09eb113e6bd1aaa8bea851b93375cfc5b979ee98a8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/js/placeholders.js?ver=2.1.0 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:22 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET a.utraff.com/sync?ssp=8&id=0100007F64950E6599242E7B02D71D91
204 No Content 0 B URL GET HTTP/2 a.utraff.com/sync?ssp=8&id=0100007F64950E6599242E7B02D71D91
IP
Requested by https://www.acint.net/mc/?dp=10&tc=1
Certificate IssuerGoogle Trust Services LLC
Subjectutraff.com
FingerprintC7:88:D1:2A:F6:AD:0D:49:1A:01:97:A2:B5:AF:8E:D2:5F:25:74:B1
ValidityMon, 14 Aug 2023 03:54:04 GMT - Sun, 12 Nov 2023 03:54:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=8&id=0100007F64950E6599242E7B02D71D91 HTTP/1.1
Host: a.utraff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: text/plain
set-cookie: preutid=1; Expires=Mon, 23 Oct 2023 09:36:04 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/
preutid=1; Expires=Mon, 23 Oct 2023 09:36:04 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WLxpkdVMj8ADV8YxANu2tjz8JXg018XOSGw8aJ2fIJMe7QmjM9BGDULmOw9OHTSFIhR2uZqe3TbXuThd4ahKqof4wFwbq4%2B4Fe70GTXJnwhSxOZY%2BEenLO4ZYALXDUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b11d55799a5689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
200 OK 37 kB URL GET HTTP/2 steamcomnunilty.ru/wp-content/themes/shadink.com/style.css?ver=4.9.23
IP
ASN #35196 Ihor Hosting LLC
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subjectsteamcomnunilty.ru
Fingerprint6B:B4:03:55:AB:BA:13:9B:49:82:FF:CB:7A:CC:E6:C2:AE:45:E4:A0
ValidityThu, 24 Aug 2023 02:59:28 GMT - Wed, 22 Nov 2023 02:59:27 GMT
File type ASCII text, with very long lines (631), with CRLF line terminators
Hash c415b686dae4d58ddadeb61efd923840
b9cfd8e0a3a38ff5d430deb31fb0d505200e8f2b
c9212c663984675a11f5191bbac3cb3875456eeb82968eb4c858180564584997
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/shadink.com/style.css?ver=4.9.23 HTTP/1.1
Host: steamcomnunilty.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 22 Feb 2022 19:24:10 GMT
expires: Mon, 23 Oct 2023 07:36:04 GMT
cache-control: max-age=2592000
pragma: public
content-encoding: gzip
X-Firefox-Spdy: h2
GET www.acint.net/oci.js?t=1695454564715
200 OK 32 kB URL GET HTTP/2 www.acint.net/oci.js?t=1695454564715
IP
Requested by https://steamcomnunilty.ru/
Certificate IssuerLet's Encrypt
Subject*.acint.net
FingerprintB8:F0:FC:C7:37:EC:45:14:38:CF:C1:E7:EA:4C:22:2A:D1:98:EE:DB
ValiditySat, 12 Aug 2023 02:11:54 GMT - Fri, 10 Nov 2023 02:11:53 GMT
File type ASCII text, with very long lines (32168)
Hash c3fa5133b6899a2abb39fb79ed94300f
dc1d5c75420b38cd7509a783ed09345d0ff78ac4
66b141eb9ae44c86efc510844a71cf208c02d02abe03af3a7d8cc26736d3e19c
GET /oci.js?t=1695454564715 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://steamcomnunilty.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Sat, 23 Sep 2023 07:36:04 GMT
content-type: application/x-javascript
last-modified: Mon, 09 Jan 2023 08:01:14 GMT
etag: W/"63bbc9ca-7dac"
content-encoding: gzip
X-Firefox-Spdy: h2
94.142.141.150
31.172.81.172
37.230.131.21
172.67.203.165
104.18.15.101
188.42.105.236