protuor.ru/
301 Moved Permanently 179 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2e80ba8bff71b4ebd5dd91a33801ec28
890ebf3f1d92bd251109723245c3c2c91654f04b
e229871f7c4a5d8d85827f811549a3e72246c75a5580b80084795794655741d8
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx-reuseport/1.21.1
Date: Mon, 05 Dec 2022 20:24:03 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://protuor.ru/
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8077
Expires: Mon, 05 Dec 2022 22:38:40 GMT
Date: Mon, 05 Dec 2022 20:24:03 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1325
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:04 GMT
Last-Modified: Mon, 05 Dec 2022 20:01:59 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 20:18:30 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 334
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6923
Expires: Mon, 05 Dec 2022 22:19:27 GMT
Date: Mon, 05 Dec 2022 20:24:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bZlwbmwXuccBNDSMJgv5wGlbl+7LPeO/nLUcXRBdHPUUb0G4O7vk8TMZv0X1bvOKANZk30GGMj2Kz2+/l1Cdkw==
x-amz-request-id: 3YW9K12E7YVT9DXA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 19:46:48 GMT
age: 2236
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd2829a5cb87ee166979a9a486eecffd
09907f3461ef95a53ba99bbe97a6f6ad5c630319
e4056b4d8f0d8031dabb5fa073b351d7db31bbd6e8aeb429aa2f3e54b42385ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4056B4D8F0D8031DABB5FA073B351D7DB31BBD6E8AEB429AA2F3E54B42385ED"
Last-Modified: Mon, 05 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21546
Expires: Tue, 06 Dec 2022 02:23:10 GMT
Date: Mon, 05 Dec 2022 20:24:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 20:08:58 GMT
cache-control: public,max-age=3600
age: 906
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=133482
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:04 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:28:46 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UKVMm1c4k/s/y9jib/X0pQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FVwbtGGZrQa/ioDLhvZDNDmv1vc=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
protuor.ru/wp-content/bs-booster-cache/83093e7b2a92368442122ee15733b1fd.css
200 OK 96 kB URL HTTP/2 protuor.ru/wp-content/bs-booster-cache/83093e7b2a92368442122ee15733b1fd.css
IP
Hash a17355b241271e9519d9a2b61693f8ef
38bdfdf8d8f5abad37cd2d8a7a184cfb1b9019ad
ff171203ab6e20ca7815f1487706c5b89cd7c5d04d5811b4a795e58ba885be53
GET /wp-content/bs-booster-cache/83093e7b2a92368442122ee15733b1fd.css HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Sat, 03 Dec 2022 14:39:54 GMT
vary: Accept-Encoding
etag: W/"638b5fba-9e702"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
200 OK 1.5 kB URL HTTP/2 protuor.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP
Hash 4383db1db33f32e00c6939841d8b46e9
bc4eb909aac1def812e797b501cfb5fc582c76f6
266d9881dcde1cab8a12963d5a8a878528b06a75449c3e096ad52dc99a932276
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Wed, 19 Oct 2022 14:35:38 GMT
vary: Accept-Encoding
etag: W/"63500b3a-aab"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf9fce78e264033c1826459e61e66d8f
984a8034de7da3a692e8642f7e96d75db5745df6
fe3f2b4ba8ba7d32ac7ec3047a7634c7ab98c000d7f9e377fbf0410aac89b6c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE3F2B4BA8BA7D32AC7EC3047A7634C7AB98C000D7F9E377FBF0410AAC89B6C3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4260
Expires: Mon, 05 Dec 2022 21:35:05 GMT
Date: Mon, 05 Dec 2022 20:24:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf9fce78e264033c1826459e61e66d8f
984a8034de7da3a692e8642f7e96d75db5745df6
fe3f2b4ba8ba7d32ac7ec3047a7634c7ab98c000d7f9e377fbf0410aac89b6c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE3F2B4BA8BA7D32AC7EC3047A7634C7AB98C000D7F9E377FBF0410AAC89B6C3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4260
Expires: Mon, 05 Dec 2022 21:35:05 GMT
Date: Mon, 05 Dec 2022 20:24:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 178fa94199a2216102fc08916df666d9
a5e3d5287148cfcc5c87712664c64ad48f9b7a74
c9ab0085577815eef9e12e342ed1c063c62b9240dec07dce61461c1130724c87
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9AB0085577815EEF9E12E342ED1C063C62B9240DEC07DCE61461C1130724C87"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10730
Expires: Mon, 05 Dec 2022 23:22:55 GMT
Date: Mon, 05 Dec 2022 20:24:05 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
protuor.ru/wp-content/uploads/2018/09/protur.ru1_.jpg
301 Moved Permanently 179 B URL HTTP/1.1 protuor.ru/wp-content/uploads/2018/09/protur.ru1_.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2e80ba8bff71b4ebd5dd91a33801ec28
890ebf3f1d92bd251109723245c3c2c91654f04b
e229871f7c4a5d8d85827f811549a3e72246c75a5580b80084795794655741d8
GET /wp-content/uploads/2018/09/protur.ru1_.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx-reuseport/1.21.1
Date: Mon, 05 Dec 2022 20:24:05 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://protuor.ru/wp-content/uploads/2018/09/protur.ru1_.jpg
protuor.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
200 OK 4.1 kB URL HTTP/2 protuor.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP
Hash abc037b425bd7eb6166d6acb5a3cb675
aa328818e58d820e722584614f27b0cae9433caf
ea7c7540090a9850841f3812f0a223f8714818f1d91cd2323249ad7212b794e7
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Wed, 19 Oct 2022 14:35:38 GMT
vary: Accept-Encoding
etag: W/"63500b3a-3016"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 941b19b7f3292bfb71324e00ca98addd
8fbe5d5b3569e0e18b9960905bfad5d0a1b2d14f
41ed8808c8eb8ca8244a6ca4a1ff8387f08f26693815fd351bf97478f4369f58
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115628
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638d6b84-1d7"
Expires: Wed, 07 Dec 2022 04:31:14 GMT
Last-Modified: Mon, 05 Dec 2022 03:54:44 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 419f3eb3d74bedebbef6fc91b3f54a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: hXSi5-jC42uYwCg6Ihci4cxDCVvi_rKifQ54gepfSs2tN7AARermOA==
Age: 2190
protuor.ru/wp-content/themes/publisher/includes/libs/better-framework/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
200 OK 77 kB URL HTTP/2 protuor.ru/wp-content/themes/publisher/includes/libs/better-framework/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/publisher/includes/libs/better-framework/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://protuor.ru/wp-content/bs-booster-cache/83093e7b2a92368442122ee15733b1fd.css
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/font-woff2
content-length: 77160
last-modified: Sun, 16 Sep 2018 11:18:46 GMT
etag: "5b9e3c16-12d68"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tp.media/content?promo_id=2717&shmarker=22147&campaign_id=81&locale=ru
200 OK 36 kB URL HTTP/2 tp.media/content?promo_id=2717&shmarker=22147&campaign_id=81&locale=ru
IP
File type Unicode text, UTF-8 text, with very long lines (33686), with CRLF, LF line terminators
Hash 6096c5509b9b404fd75a3844aa44c191
f5f63a494c6e62f7e612ced62f9e16e4cbbe1db2
d78bbabbb3ca358837d25ad217162af6eb4850c55f6b7873073a456dc5f8a93d
GET /content?promo_id=2717&shmarker=22147&campaign_id=81&locale=ru HTTP/1.1
Host: tp.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/javascript
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 2717
x-request-id: 312d551b7f20fc2911209f7f5e810cb7
x-robots-tag: noindex
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:22 GMT
expires: Fri, 01 Dec 2023 12:29:22 GMT
cache-control: public, max-age=31536000
age: 374084
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
protuor.ru/wp-content/uploads/2018/09/protur.ru1_.jpg
200 OK 51 kB URL HTTP/2 protuor.ru/wp-content/uploads/2018/09/protur.ru1_.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2017:12:01 14:15:23], baseline, precision 8, 500x130, components 3\012- data
Hash 57238e6f4c02828b63facc5fc7a1430f
098cb8548acc39996713149f26dc84c421377dd3
a909398d98e8afcdceaa55811bd5d7865357af0e8c3f0cc319c351e087a6dda4
GET /wp-content/uploads/2018/09/protur.ru1_.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 51213
last-modified: Wed, 19 Sep 2018 06:16:14 GMT
etag: "5ba1e9ae-c80d"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8673
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
protuor.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
200 OK 15 kB URL HTTP/2 protuor.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
Hash 3281776b90387eb5421f9c7b6d08d52f
da214ab7bb128ee5d22f422ce46fa9adcc48f801
6ae97d1ea3751cf65c9107f481313b54cebb60e3cda2cd7adef8fc8b5e638e4e
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Wed, 25 May 2022 17:20:55 GMT
vary: Accept-Encoding
etag: W/"628e6577-48b9"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 435010
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:49:44 GMT
age: 81262
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2018/09/fon1.jpg
200 OK 123 kB URL HTTP/2 protuor.ru/wp-content/uploads/2018/09/fon1.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2018:09:21 17:52:42], progressive, precision 8, 1500x1368, components 3\012- data
Size 123 kB (122982 bytes)
Hash 4ea12456336d36111bddc2bb01218972
3b3ad0d61eda43539c02740f6c46df002c258cc4
456235bf1d7e109d92caa58d1c705465c0ccfe42337942b215c2cb9a2622f085
GET /wp-content/uploads/2018/09/fon1.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 122982
last-modified: Fri, 21 Sep 2018 14:53:04 GMT
etag: "5ba505d0-1e066"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
c81.travelpayouts.com/content?promo_id=3787&shmarker=22147&type=init
200 OK 72 kB URL HTTP/2 c81.travelpayouts.com/content?promo_id=3787&shmarker=22147&type=init
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x600, components 3\012- data
Hash a6360cb9986f9410ad3eeddcedd87e88
e69463d3df8212c38690c3afd83d8ae0175d6f06
e1ee823ee81b68b5ac9765abef8c0b6e9436f57f3ea0044919a31a6f19d79a08
GET /content?promo_id=3787&shmarker=22147&type=init HTTP/1.1
Host: c81.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpg
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 3787
x-request-id: 7bda694e32519e16f92cdadb4fdfcfa7
x-robots-tag: noindex
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kmki-SBINSx1kbiIkaSGebdCLrnDeHVhYeotAWzE__CevkNDdfzRGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:44:05 GMT
age: 81601
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8673
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash e0b95648fd5cba12a97cfa47b31139d6
2a6d38f4f4b8d6d31cf1f81e6b00790702a4204a
a95dd369eef5ca96f036b195cdcaf32bf71caff21168a1312a2617a209e78499
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2603
Cache-Control: max-age=141952
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638dd0bb-117"
Expires: Wed, 07 Dec 2022 11:49:58 GMT
Last-Modified: Mon, 05 Dec 2022 11:06:35 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:09:54 GMT
age: 80052
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
200 OK 9.8 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Hash 7b08b9e11fc6b8a8a1398b357e874144
4b5fb5790fae1c96655aaa7a426b697f5ab986d0
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:41:49 GMT
expires: Thu, 30 Nov 2023 19:41:49 GMT
cache-control: public, max-age=31536000
age: 434537
last-modified: Wed, 11 May 2022 19:24:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 11:06:22 GMT
age: 33464
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 1245db08bc06bdc452fdb41b8e959f26
ba2fa041fbea0e124b6fd418724a46225fac0089
d591926f6495b722a0b545d292f16a342cba87889fd7d4f5ca448c3613760be6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5958
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Last-Modified: Mon, 05 Dec 2022 18:44:48 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8673
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js
200 OK 19 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash e41355b29f7257c5a08f7a0ce74b4659
617407db8c31c03cfb2dc6a37aa85d0c53c03a82
7b3fb380b15e6583021e7b9465312d398b8e9db79f7ebcf163fa5ae73ff3f89a
GET /ajax/libs/rollbar.js/2.14.4/rollbar.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 18862
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fc1-112f9"
last-modified: Mon, 04 May 2020 16:16:01 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15712288
expires: Sat, 25 Nov 2023 20:24:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8J0fX7Z7imgNeI5VELf%2Bj23%2B4%2BFd%2FRFbmGEe4sZBNYrJw3DUyuiYjnYBp0ymDZwVYB1o8dugvkkQFiWGV%2BdqcbPhWFt8sOC%2FHKiuPuplhEz0koxCcIvNS38tsOs%2BkGXt%2B5sFQ7v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 774f80df6ac3b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8673
Expires: Mon, 05 Dec 2022 22:48:39 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:42:39 GMT
age: 81687
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 79c225db327a78b782f5a9512b07eaf0
398a1be3a70264d959146d6670d2ca54cdf4e91a
8539ea44d81775448ae8c6179d54d8a397c559b112291fa78abcf6ac6c480815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kf_hcK2d2YFhladZn1S4cyGq7vLTSKdWgPUTNT0M9LwHXuOV-nlgGw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 81119
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash e0b95648fd5cba12a97cfa47b31139d6
2a6d38f4f4b8d6d31cf1f81e6b00790702a4204a
a95dd369eef5ca96f036b195cdcaf32bf71caff21168a1312a2617a209e78499
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2603
Cache-Control: max-age=141952
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638dd0bb-117"
Expires: Wed, 07 Dec 2022 11:49:58 GMT
Last-Modified: Mon, 05 Dec 2022 11:06:35 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 278 B IP
Hash 1245db08bc06bdc452fdb41b8e959f26
ba2fa041fbea0e124b6fd418724a46225fac0089
d591926f6495b722a0b545d292f16a342cba87889fd7d4f5ca448c3613760be6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5958
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Last-Modified: Mon, 05 Dec 2022 18:44:48 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 280 B IP
Hash e896eb37f13bc45df9bd7aa31625b2df
afe68c0511abcae25f170b27ac14527f04c7e042
78c38bf4b8a122fb1c56b5129a0cfa4597eeec5df1798a47f7aeed7920237dc5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2702
Cache-Control: max-age=92008
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638d0d40-118"
Expires: Tue, 06 Dec 2022 21:57:34 GMT
Last-Modified: Sun, 04 Dec 2022 21:12:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a542f5ba11ac7259f42527923bd9e97a
2871d12a936867ba888acba75c62a929efe59e24
2586468bbfbf088bdbf44dcd1299e9db9a4b76f9155344fdc3dd0f84b6cde9e8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2586468BBFBF088BDBF44DCD1299E9DB9A4B76F9155344FDC3DD0F84B6CDE9E8"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14590
Expires: Tue, 06 Dec 2022 00:27:16 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 455a407877eb494f31a913ed24a09919
abe8f6b90799b2fa99470d1a01163e8bb70a34f0
0f36158d103e20471ddc21ccd238125a8b8fa53417e2355947659dcc5d16d7bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F36158D103E20471DDC21CCD238125A8B8FA53417E2355947659DCC5D16D7BC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18579
Expires: Tue, 06 Dec 2022 01:33:45 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 455a407877eb494f31a913ed24a09919
abe8f6b90799b2fa99470d1a01163e8bb70a34f0
0f36158d103e20471ddc21ccd238125a8b8fa53417e2355947659dcc5d16d7bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F36158D103E20471DDC21CCD238125A8B8FA53417E2355947659DCC5D16D7BC"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19149
Expires: Tue, 06 Dec 2022 01:43:15 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
www.acint.net/aci.js
200 OK 7.5 kB IP
File type ASCII text, with very long lines (1408)
Hash ae0aab6c5a2ae2e1168e74f6e6ae4741
2c00f69ee4bbe2ec96c0f7bb33b5f827a6195af8
a47a88a9b6c7635e5074c25c6e3c92f399fdf8772376e94f077167241e59f9de
GET /aci.js HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/x-javascript
content-length: 7461
last-modified: Tue, 25 Oct 2022 14:21:14 GMT
etag: "6357f0da-1d25"
content-encoding: gzip
expires: Tue, 06 Dec 2022 08:24:06 GMT
cache-control: max-age=43200
X-Firefox-Spdy: h2
vifog.com/player/
200 OK 39 kB IP
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with very long lines (32032)
Hash f39392d1292d7cbb0826527b72d6b736
988fc8817f6e35581d161dac85aee88213fb62ee
6f5a026fbc6c0392221fe4f7dd343fdc33a159a31427d72955c2d944ea86a7c6
GET /player/ HTTP/1.1
Host: vifog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:06 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
ETag: W/"1f6fb-oLFgxZM8JBoJf0mcnuC5Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash dd9bc171c318dc5fc02214acfa0641f1
8c923f7582a2170a0c2d5241da931e66aaa843a9
86725803f214279d651cbce8785cf8eae0e8ad99650bce7e17a0b3efcf3f3d5d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110930
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638d57d9-1d7"
Expires: Wed, 07 Dec 2022 03:12:56 GMT
Last-Modified: Mon, 05 Dec 2022 02:30:49 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 419f3eb3d74bedebbef6fc91b3f54a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: yxItnhU4qA6zyiqx1mGk1vUuKJ39Rv5lj3CiaIMVFQ3gIbcaMELbYQ==
Age: 2528
vifog.com/player/
304 Not Modified 0 B IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /player/ HTTP/1.1
Host: vifog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-None-Match: W/"1f6fb-oLFgxZM8JBoJf0mcnuC5Iw"
HTTP/1.1 304 Not Modified
Server: nginx
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
ETag: W/"1f6fb-oLFgxZM8JBoJf0mcnuC5Iw"
tp.media/cascoon/common.ba6be75774e49a356341.js
200 OK 94 kB URL HTTP/2 tp.media/cascoon/common.ba6be75774e49a356341.js
IP
File type Unicode text, UTF-8 text, with very long lines (65310)
Hash 75e2ed16a5a11f76bc399cc5b2cbe393
1e25dfca6298a23b7cbbb06cc244bdaf6297eb72
6e40c4e4fd4ae7daa1b21fdf9c40049d529e43b78b2243ba4686bcd703a0737d
GET /cascoon/common.ba6be75774e49a356341.js HTTP/1.1
Host: tp.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 06:34:48 GMT
etag: W/"637dbf08-691f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
content-encoding: br
X-Firefox-Spdy: h2
www.acint.net/hit/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=71775429&u=https%3A%2F%2Fprotuor.ru%2F&r=&rs=1280x1024&t=%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&oE=1&oP=1&dT=2022-12-05T20%3A24%3A03.847&fu=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
200 OK 43 B URL HTTP/2 www.acint.net/hit/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=71775429&u=https%3A%2F%2Fprotuor.ru%2F&r=&rs=1280x1024&t=%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&oE=1&oP=1&dT=2022-12-05T20%3A24%3A03.847&fu=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hit/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=71775429&u=https%3A%2F%2Fprotuor.ru%2F&r=&rs=1280x1024&t=%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&oE=1&oP=1&dT=2022-12-05T20%3A24%3A03.847&fu=be3d15ec-fa19-41e2-b43a-6cce0b6579fd HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
www.acint.net/mc/?dp=10
302 Found 154 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /mc/?dp=10 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: text/html
content-length: 154
location: /mc/?dp=10&tc=1
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Mon, 05-Dec-22 20:34:06 GMT
aid=fwAAAWOOU2Y02gN1r1f6AiZkXA3LK117/PSoBADS3mgozviP; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e896eb37f13bc45df9bd7aa31625b2df
afe68c0511abcae25f170b27ac14527f04c7e042
78c38bf4b8a122fb1c56b5129a0cfa4597eeec5df1798a47f7aeed7920237dc5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2702
Cache-Control: max-age=92008
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Etag: "638d0d40-118"
Expires: Tue, 06 Dec 2022 21:57:34 GMT
Last-Modified: Sun, 04 Dec 2022 21:12:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e5508cf231a2a6a699d1c3b472b62d60
dfeb5eb47e39457662cc6233c83b7e325e18ab4a
370f89f5ac84066c764a43dbc6a8a8444708f0ae313c06712323ae8d3d388331
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370F89F5AC84066C764A43DBC6A8A8444708F0AE313C06712323AE8D3D388331"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4078
Expires: Mon, 05 Dec 2022 21:32:04 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
vifog.com/video.css
200 OK 5.6 kB IP
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with very long lines (26752), with no line terminators
Hash 54b38b7e217b1a5851c983da29a3d3ec
705b0b31f186e84308b28f0362aa8813666a2d18
dcaf3be3c1a10b188e9e9275f8cb7129e5ce91cd3b60ee6db2594b772d1afbb6
GET /video.css HTTP/1.1
Host: vifog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:06 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
ETag: W/"6880-RDTxBS6yd/5+PUUx6gkLSA"
Vary: Accept-Encoding
Content-Encoding: gzip
avsplow.com/a/j
200 OK 2 B IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /a/j HTTP/1.1
Host: avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2303
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: nuid=8b0745de-1d2a-41e7-9ca4-49800d609718; Expires=Tue, 05 Dec 2023 20:24:06 GMT; Domain=avsplow.com; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT CAO"
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-57015589-1&l=viboomGa
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-57015589-1&l=viboomGa
IP
File type ASCII text, with very long lines (1921)
Hash dbfc22c830aa130efb2a04e794ea99b8
75e2a5194d2c8de122d88fd15216e3a99b12d417
ed0d2e40642cf1439fc7e425f432ab047aca2f74c14cea5f20a569915e8ea8e3
GET /gtag/js?id=UA-57015589-1&l=viboomGa HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 20:24:06 GMT
expires: Mon, 05 Dec 2022 20:24:06 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a247c40389781bc88da94d3ca9df9d65
40f8c88b8ab3cd54ae00015f260d2d02f3b7d33e
ea0cba71930b78d4639908087147f737402ab8df4ba3552625ab0ed7539777b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA0CBA71930B78D4639908087147F737402AB8DF4BA3552625AB0ED7539777B8"
Last-Modified: Sat, 03 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13537
Expires: Tue, 06 Dec 2022 00:09:43 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
a.utraff.com/sync?ssp=sape
204 No Content 0 B URL HTTP/2 a.utraff.com/sync?ssp=sape
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=sape HTTP/1.1
Host: a.utraff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: text/plain
set-cookie: preutid=1; Expires=Wed, 04 Jan 2023 23:24:06 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/
preutid=1; Expires=Wed, 04 Jan 2023 23:24:06 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f0gM4dUdNPXxrggYCyU61wnfsrG7Y%2FK0U4WfNPnzsM%2Bcuk3TF%2FPWy573klNjoE%2BFK3Fm6BgG9S9U4naKPXvoJ6Q8n2ghsbcYh63uUOKtKXgZdUrOq8MGnh7Q6IBHUvU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774f80e2ecfeb505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 225da42695f3dc6a1f9930fda2b21286
4078c0a3017b771a5456ee5878945a318245e14b
3d78a90f4033e3661a4b7636a63c8b27835d2ad289f40901446a4b65d818b538
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D78A90F4033E3661A4B7636A63C8B27835D2AD289F40901446A4B65D818B538"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14800
Expires: Tue, 06 Dec 2022 00:30:46 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
protuor.ru/wp-content/uploads/2022/10/turbiz.jpg
200 OK 20 kB URL HTTP/2 protuor.ru/wp-content/uploads/2022/10/turbiz.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 496x329, components 3\012- data
Hash c815aefcca815b98e36e97541ff48280
5bd839cdf876e1360d8a425730fa1c45925fe5bf
8eb4b37776126f2b985f5a6236adf0a13828a50c0d3b61fef661a0ed46ba0c02
GET /wp-content/uploads/2022/10/turbiz.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 19881
last-modified: Sun, 30 Oct 2022 20:06:01 GMT
etag: "635ed929-4da9"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b95fe9821c389eba2d2098a6d7948cf3
45993c9e4443423f19ce01f8b1e975bc092da80b
9fd6e1996f8b6371fc517b3c2826f5696e4a27be65fe1510c2132700d2827bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FD6E1996F8B6371FC517B3C2826F5696E4A27BE65FE1510C2132700D2827BC1"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7953
Expires: Mon, 05 Dec 2022 22:36:39 GMT
Date: Mon, 05 Dec 2022 20:24:06 GMT
Connection: keep-alive
dm-eu.hybrid.ai/match?id=106&vid=0100007F66538E637503DA3402FA57AF
204 No Content 0 B URL HTTP/2 dm-eu.hybrid.ai/match?id=106&vid=0100007F66538E637503DA3402FA57AF
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?id=106&vid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 05 Dec 2022 20:24:06 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=cf6778d026045e988343; Expires=Tue, 05 Dec 2023 20:24:06 GMT; Domain=.hybrid.ai; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 526
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.acint.net
access-control-allow-credentials: true
server: Hybrid Web Server
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2020/03/rzhd-279x220.jpg
200 OK 6.5 kB URL HTTP/2 protuor.ru/wp-content/uploads/2020/03/rzhd-279x220.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 279x220, components 3\012- data
Hash 542c64cd28351f6fe361e2df7223b6c9
95455ea656aa853e2c4597ea506ad4b1cfea508a
f6c1c445fee49c436333358dd064203899f2216aea07cc0f9ac505b4c0295fa9
GET /wp-content/uploads/2020/03/rzhd-279x220.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 6522
last-modified: Sat, 28 Mar 2020 18:41:18 GMT
etag: "5e7f9a4e-197a"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2022/11/121-8.jpg
200 OK 11 kB URL HTTP/2 protuor.ru/wp-content/uploads/2022/11/121-8.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 259x194, components 3\012- data
Hash 3cf61853a70ae79f2e24987bf54464f1
1d9ae13fcddbd7b1095913d6e90800af5efcf715
c44718b3ffcda3cd79578bbfd522300b125fe61f3bff75a57f173555645188f6
GET /wp-content/uploads/2022/11/121-8.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 10927
last-modified: Wed, 09 Nov 2022 23:21:17 GMT
etag: "636c35ed-2aaf"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2022/10/turbiz-279x220.jpg
200 OK 14 kB URL HTTP/2 protuor.ru/wp-content/uploads/2022/10/turbiz-279x220.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 279x220, components 3\012- data
Hash 7c7ccb3fca756f4f8480049a8689f9d4
3fd1f08948f3dcffed9156a19c70222bad964736
8dab714389580f29d2d1e6b1a92e6e914df1a8cfce5533ed9189b7ff5deed6fb
GET /wp-content/uploads/2022/10/turbiz-279x220.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 13707
last-modified: Sun, 30 Oct 2022 20:06:01 GMT
etag: "635ed929-358b"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2022/11/121-7-210x136.jpg
200 OK 5.2 kB URL HTTP/2 protuor.ru/wp-content/uploads/2022/11/121-7-210x136.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x136, components 3\012- data
Hash 24f64f6fa5887284ee0603af2091340b
116d25ddd06d3ffeda641bf3ed9feae8fa5a0459
e0bc0c9979f14620652d624aa91f66b6dfbc7f4f0bf1c9672c0e2d6617d786b1
GET /wp-content/uploads/2022/11/121-7-210x136.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 5189
last-modified: Tue, 08 Nov 2022 21:51:39 GMT
etag: "636acf6b-1445"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3397016e2425e2a0b388d166257f693a
5f25e9a847c92040894151e0929000dbe884308d
faa57a8516426835f3fde716ba9693664e82896c3102ba4324c5f37ea8e9f827
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAA57A8516426835F3FDE716BA9693664E82896C3102BA4324C5F37EA8E9F827"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14822
Expires: Tue, 06 Dec 2022 00:31:09 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
static.avck.ws/js/widgets/travelata/taf.js
200 OK 59 kB URL HTTP/1.1 static.avck.ws/js/widgets/travelata/taf.js
IP
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (2030)
Hash dd07b29fa848f1d1449919d221ce0b56
9567c7c9565a07bbad71be1c70e3953873b07fef
00bed86c1e2ccae6a843abe276f63146c492db33c56ca7a66d61eb1833e88d36
GET /js/widgets/travelata/taf.js HTTP/1.1
Host: static.avck.ws
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:06 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 59291
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 12:01:46 GMT
ETag: "638dddaa-e79b"
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Accept-Ranges: bytes
Strict-Transport-Security: max-age=15724800; includeSubDomains
protuor.ru/wp-content/uploads/2022/10/turbiz-210x136.jpg
200 OK 11 kB URL HTTP/2 protuor.ru/wp-content/uploads/2022/10/turbiz-210x136.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 210x136, components 3\012- data
Hash e80bddc87f71b53fa7cb3da2c7010ca7
e16089c6e3a76032fc62255f43b48f965e60df52
03754b020534d7f8af12b04c035a82cd12ebdb74ca664b6af77a85cedc0c4027
GET /wp-content/uploads/2022/10/turbiz-210x136.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/jpeg
content-length: 10600
last-modified: Sun, 30 Oct 2022 20:06:01 GMT
etag: "635ed929-2968"
expires: Wed, 04 Jan 2023 20:24:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF
302 Found 0 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:07 GMT
content-length: 0
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=c4b2ad13-74da-11ed-8ff0-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Tue, 05 Dec 2023 20:24:07 GMT; SameSite=None; Secure
uid-legacy=c4b2ad13-74da-11ed-8ff0-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Tue, 05 Dec 2023 20:24:07 GMT
location: /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF&cs=1
X-Firefox-Spdy: h2
ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
302 Moved Temporarily 142 B URL HTTP/1.1 ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=2103420A67538E63A500CF39020F3B12
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=CkIDIWOOU2c5zwClEjsPAk6ukeGBq6z3EhuQbDiMGwIFmmMe; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None
sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF&cs=1
200 OK 35 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF&cs=1
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007F66538E637503DA3402FA57AF&cs=1 HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: uid=c4b2ad13-74da-11ed-8ff0-f832e4719dd9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 35
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=c4b2ad13-74da-11ed-8ff0-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Tue, 05 Dec 2023 20:24:07 GMT; SameSite=None; Secure
uid-legacy=c4b2ad13-74da-11ed-8ff0-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Tue, 05 Dec 2023 20:24:07 GMT
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash eb983cf198bf011f4dcc68ce2ba8bf15
b0ee4e3329770fd526c5ddecc50df7d30fd513b4
c0ca8ef1172b08e8cf4383d72f3c0d1e99dd0e627b002b7bf0a3555ff35bc021
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 09 Dec 2022 18:46:26 GMT
ETag: "b0ee4e3329770fd526c5ddecc50df7d30fd513b4"
Last-Modified: Mon, 05 Dec 2022 18:46:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 535
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e43ace1c06-OSL
ocsp.globalsign.com/gseccovsslca2018
200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash c6a19b7c2da837c8c3d4039690fdfd8d
d22901b64e6e3885697a6ff9e9700f2d6353898f
1a91cd29c007d75a6b4254dbb94e7f508c730de4517209fa7278d7f86a04bede
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:40:13 GMT
ETag: "d22901b64e6e3885697a6ff9e9700f2d6353898f"
Last-Modified: Mon, 05 Dec 2022 16:40:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2710
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e439abb4fa-OSL
ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
302 Found 0 B URL HTTP/1.1 ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D HTTP/1.1
Host: ssp.bestssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.16.1
Date: Mon, 05 Dec 2022 20:24:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.acint.net/match?dp=95&euid=MOWNHDEO
Set-Cookie: uid=MOWNHDEO; Expires=Mon, 05 Dec 2032 00:00:00 GMT; mf2=1; Expires=Wed, 04 Jan 2023 00:00:00 GMT;
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d704971050b7e3daf1f1b971728cab57
95ea98bd7655df95b08bbfcf249060166d494284
5b2633a7a53d3a03f9450b985491689087577cb5ac2c8755bcdddd33122b0c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B2633A7A53D3A03F9450B985491689087577CB5AC2C8755BCDDDD33122B0C30"
Last-Modified: Mon, 05 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17115
Expires: Tue, 06 Dec 2022 01:09:22 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
www.acint.net/match?dp=129&euid=pv688eiwl2
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=129&euid=pv688eiwl2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=129&euid=pv688eiwl2 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash d790c34c01ac3fcb6c4d0c9c818ef5c4
7e725aaea86b3d5f4adc6892fc8c48e6b6f593e7
223af53f80dcfd913a1dd5f699334ddfd049680ac823e222fc52def84e31da1d
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Fri, 09 Dec 2022 18:32:24 GMT
ETag: "7e725aaea86b3d5f4adc6892fc8c48e6b6f593e7"
Last-Modified: Mon, 05 Dec 2022 18:32:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3587
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e46b011c06-OSL
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 5379131910cef2b452355b06bd5f93f1
0293735f9700ccc5065cfd04e0faa65439676cf9
428a17e1276cfef1d28ff7401c9893f5296459d99d08b6250f871bbdf7cd2a86
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 09 Dec 2022 19:30:18 GMT
ETag: "0293735f9700ccc5065cfd04e0faa65439676cf9"
Last-Modified: Mon, 05 Dec 2022 19:30:19 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1875
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e47a66b4ff-OSL
www.acint.net/match?dp=95&euid=MOWNHDEO
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=95&euid=MOWNHDEO
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=95&euid=MOWNHDEO HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 643ed93fd38095546076cac135bea585
9ee0bdf8ff87fd41647c0ef69cb1b6750592dd7e
3cb621fd982b073f2bcda5967b77523eaf5ec074b2b14e6fbb6c8d941296cf60
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3CB621FD982B073F2BCDA5967B77523EAF5EC074B2B14E6FBB6C8D941296CF60"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1430
Expires: Mon, 05 Dec 2022 20:47:57 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
www.acint.net/mc/?dp=10&tc=1
200 OK 1.5 kB URL HTTP/2 www.acint.net/mc/?dp=10&tc=1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 7f6fd9b3626e77e989555c483341286f
7d01ffd20bcd940433d2f985ec33553f4c4cb2df
944059fa8b43fd3f38bcb51cecab6e2e9dc523eae86f9f672c6b49fd2f0127de
GET /mc/?dp=10&tc=1 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://protuor.ru/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y02gN1r1f6AiZkXA3LK117/PSoBADS3mgozviP; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: text/html
set-cookie: cSyncDp7v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp14v3=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp17=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp32=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp45v3=1670271846; expires=Tue, 06-Dec-22 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp53=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp54v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp62=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp67v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp68=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp71=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp77=1670271846; expires=Mon, 19-Dec-22 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp84=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp85=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp95v3=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp101=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp104v2=1670271846; expires=Mon, 19-Dec-22 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp107=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp110=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp111v2=1670271846; expires=Mon, 19-Dec-22 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp112v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp125v2=1670271846; expires=Tue, 20-Dec-22 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp126=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp127=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp129=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp136v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp138=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp146=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp148=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp149v2=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp151=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp178=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp179=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp186=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp221=1670271846; expires=Wed, 04-Jan-23 20:24:06 GMT; path=/; Secure; SameSite=None; domain=.acint.net
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
content-encoding: gzip
X-Firefox-Spdy: h2
acint.net/match?dp=14&euid=2103420A67538E63A500CF39020F3B12
200 OK 43 B URL HTTP/2 acint.net/match?dp=14&euid=2103420A67538E63A500CF39020F3B12
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=14&euid=2103420A67538E63A500CF39020F3B12 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash d790c34c01ac3fcb6c4d0c9c818ef5c4
7e725aaea86b3d5f4adc6892fc8c48e6b6f593e7
223af53f80dcfd913a1dd5f699334ddfd049680ac823e222fc52def84e31da1d
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Fri, 09 Dec 2022 18:32:24 GMT
ETag: "7e725aaea86b3d5f4adc6892fc8c48e6b6f593e7"
Last-Modified: Mon, 05 Dec 2022 18:32:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3587
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e4ba98b4fa-OSL
ocsp.digicert.com/
200 OK 280 B IP
Hash dee9b2030affe82ae58620ee1a3c2e7e
874c852a547740837e35a27ab804b7abfdd8a862
a289cb0d2c8cf44cc43098e5045790510bf8de29c521c9ff87478f8676fed317
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5059
Cache-Control: max-age=101578
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:07 GMT
Etag: "638d296e-118"
Expires: Wed, 07 Dec 2022 00:37:05 GMT
Last-Modified: Sun, 04 Dec 2022 23:12:46 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 25fa4050586359401bc3e2691d320d83
2bc936e0f52a078b9f5222e7c3d8cf8efcdf21e9
90687cf991acefbc24003f5c48a29cf9ca2fbb553b761eae58b301fb636cbcc0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90687CF991ACEFBC24003F5C48A29CF9CA2FBB553B761EAE58B301FB636CBCC0"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4825
Expires: Mon, 05 Dec 2022 21:44:32 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
sync.dmp.otm-r.com/match/sape?id=0100007F66538E637503DA3402FA57AF
204 No Content 0 B URL HTTP/2 sync.dmp.otm-r.com/match/sape?id=0100007F66538E637503DA3402FA57AF
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/sape?id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.17.4
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.smartredirect.de/st/?h=5u7h63Dv
200 OK 54 B URL HTTP/2 js.smartredirect.de/st/?h=5u7h63Dv
IP
File type ASCII text, with no line terminators
Hash 2957b69e86482171bc6c59bd3d3c4ee9
2dcaec9986bc45a9d0cb46b1fca27311a4bda949
e8e7a9cd3296a3f4fa6704d574ee9fcb98995371b3b9be5410c9af82f591254a
GET /st/?h=5u7h63Dv HTTP/1.1
Host: js.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/x-javascript; charset=UTF-8
expires: Mon, 05 Dec 2022 22:24:06
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwajyx1hVcQ9vn9dYPUqXxrz6nzERXZJb%2BctzRd%2FNSGbwRtJMxYEUP0Pbc2yush%2BkQYhnmQUYYp2mY8bWo96ReAzmmSmtY%2BNcTgQqL0w%2Fl04Pt2zT4bYu5HQGY%2FpSmEsTYuoXAyt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774f80e019890b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b47c0c89cacbd9d2c00c5afd2714385
9b7e464b367352229f3b88208eead3aa2cdbdf31
3460bf43303cf17b67ae0bfb950082170f0cf29c501a3142d49661f653501154
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3460BF43303CF17B67AE0BFB950082170F0CF29C501A3142D49661F653501154"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10245
Expires: Mon, 05 Dec 2022 23:14:52 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
stat.adlabs.ru/merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF
302 Found 0 B URL HTTP/2 stat.adlabs.ru/merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF
IP
ASN #201009 Centre of server systems Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: stat.adlabs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:10:02 GMT
content-length: 0
location: //adlmerge.com/merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF
X-Firefox-Spdy: h2
s.uuidksinc.net/match/396/?remote_uid=0100007F66538E637503DA3402FA57AF
302 Found 0 B URL HTTP/2 s.uuidksinc.net/match/396/?remote_uid=0100007F66538E637503DA3402FA57AF
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/396/?remote_uid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Mon, 05 Dec 2022 20:24:07 GMT
content-length: 0
location: https://www.acint.net/match?dp=127&euid=BrsY7onGOsKNN4u7WNsA
set-cookie: jcsuuid=BrsY7onGOsKNN4u7WNsA; expires=Tue, 05 Dec 2023 20:24:07 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b47c0c89cacbd9d2c00c5afd2714385
9b7e464b367352229f3b88208eead3aa2cdbdf31
3460bf43303cf17b67ae0bfb950082170f0cf29c501a3142d49661f653501154
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3460BF43303CF17B67AE0BFB950082170F0CF29C501A3142D49661F653501154"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10245
Expires: Mon, 05 Dec 2022 23:14:52 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf397beeea078b8113e466a479dea6fa
b9f887309c84a109ac0eb960f1306f46429a1885
a1038bd010cc6208aae9f5ce445c679df4de74161f1648d8c198668bb1aede4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1038BD010CC6208AAE9F5CE445C679DF4DE74161F1648D8C198668BB1AEDE4E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3442
Expires: Mon, 05 Dec 2022 21:21:29 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
pix.bumlam.com/sync/sape/check?sspuid=0100007F66538E637503DA3402FA57AF
302 Found 0 B URL HTTP/1.1 pix.bumlam.com/sync/sape/check?sspuid=0100007F66538E637503DA3402FA57AF
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/sape/check?sspuid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://sync.bumlam.com/?src=sape
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 2ed41f7a45fe55babb4dcef237501ba5
50fa9562fc8a050ada828e5d524848a4c712d9d4
9ddcdc8c4f211a82df3923e205789cca14127b02adfb5b516bbffffb5762b76d
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 18:42:38 GMT
ETag: "50fa9562fc8a050ada828e5d524848a4c712d9d4"
Last-Modified: Mon, 05 Dec 2022 18:42:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2114
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e53be71c06-OSL
mc.yandex.ru/metrika/watch.js
200 OK 58 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (553)
Hash 69d8fb977b5f11ff2f42caaf9acae0f5
c68a1a8a921d9ca906a20a838458b48d33f0a6b1
197becd55ad37f6cdbdd1b1fc334a34a795359b805639f8311d42ac0abeedf34
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 57635
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: *
etag: "6388ac0c-e123"
expires: Mon, 05 Dec 2022 21:24:07 GMT
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
sync.bumlam.com/?src=sap1&uid=0100007F66538E637503DA3402FA57AF
302 Moved Temporarily 0 B URL HTTP/1.1 sync.bumlam.com/?src=sap1&uid=0100007F66538E637503DA3402FA57AF
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&uid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Sun, 30 Nov 2042 20:24:07 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQARjnprmcBmIgMDEwMDAwN0Y2NjUzOEU2Mzc1MDNEQTM0MDJGQTU3QUaiARDE1TwYdNoR7aHEACWQyCQ3
ETag: c4d53c18-74da-11ed-a1c4-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
st.avsplow.com/19.18.12/sp.js
200 OK 14 kB URL HTTP/2 st.avsplow.com/19.18.12/sp.js
IP
File type C source, ASCII text, with very long lines (42460), with no line terminators
Hash 5b4d693de5da377343436de74fd49d25
4ab099a16791d496ff49f1f4ec2bb6b6b6432fe7
d082ccd737054595cd8e4479c3e2ba53056bd3f3d678ed5de90784fdba897c98
GET /19.18.12/sp.js HTTP/1.1
Host: st.avsplow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/x-javascript
cache-control: public, max-age=86400
cf-bgj: minify
cf-polished: origSize=42670
etag: W/"19ae50cc8f44735f712dc77bd3c22064"
last-modified: Mon, 11 Jul 2022 06:29:07 GMT
cf-cache-status: HIT
age: 52139
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svO0mj0zmp53c73Uk469Ba8XBd9dDbMtKyMcv3zeGWFAdP9OHbMj%2BYPQVigFXE92fJ4FGi85zK8qGX%2FRpLBJQbY7M6KrrQhY%2FvFNzVRMde1FpKChDIUNgR3%2BoYAghEDL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774f80df5868b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 948fe44693cfebb81a1cf9a38bbff366
99f388de175a9e1e9ac4f8dc4dd3356f9a87ac0f
45cc07ec7237c70f1ebc27f3a84cf154af0d19d3a3901171a06de874891ba5de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45CC07EC7237C70F1EBC27F3A84CF154AF0D19D3A3901171A06DE874891BA5DE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14644
Expires: Tue, 06 Dec 2022 00:28:11 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
www.acint.net/match?dp=127&euid=BrsY7onGOsKNN4u7WNsA
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=127&euid=BrsY7onGOsKNN4u7WNsA
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=127&euid=BrsY7onGOsKNN4u7WNsA HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash a4567a1e52f99c2b3870f58375ec8cac
dbfc795e71fc19f7e45e8637abc4ac770f639a48
2b13b5716855040bd9a08972b0e61369e50c6daa402ed937e18f6795f82429c8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73266
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: *
etag: "6388ac0c-11e32"
expires: Mon, 05 Dec 2022 21:24:07 GMT
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0100007f66538e637503da3402fa57af-sp.ops.beeline.ru/p?ssp=sp&id=0100007F66538E637503DA3402FA57AF
301 Moved Permanently 0 B URL HTTP/2 0100007f66538e637503da3402fa57af-sp.ops.beeline.ru/p?ssp=sp&id=0100007F66538E637503DA3402FA57AF
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sp&id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: 0100007f66538e637503da3402fa57af-sp.ops.beeline.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 05 Dec 2022 20:24:07 GMT
content-length: 0
location: https://www.acint.net/match?dp=111&euid=76d32626-02ee-4128-becf-abe0a936ac74
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: BeeAID=76d32626-02ee-4128-becf-abe0a936ac74; expires=Sun, 26 Nov 2023 20:24:07 GMT; domain=ops.beeline.ru; path=/; secure; SameSite=None
access-control-allow-credentials: true, true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
x-route: http://upstream_cookiesync
x-host: 192.168.152.35
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 81443e1348affe30cdd617a924139458
878440cc6b7e83189395b78eabad232c23d8f817
d92b2a640575c0761dc4f5802f42f78da30309f1e2143411c071e78d1b002f14
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 09 Dec 2022 17:43:32 GMT
ETag: "878440cc6b7e83189395b78eabad232c23d8f817"
Last-Modified: Mon, 05 Dec 2022 17:43:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3547
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e5ac5bb4ff-OSL
cs.agency2.ru/p?ssp=sp&uid=0100007F66538E637503DA3402FA57AF
301 Moved Permanently 0 B URL HTTP/1.1 cs.agency2.ru/p?ssp=sp&uid=0100007F66538E637503DA3402FA57AF
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sp&uid=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: cs.agency2.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Length: 0
Connection: keep-alive
Server: fasthttp
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.acint.net/match?dp=186&euid=d6e3f613-62d2-44a7-a24d-7f95f1831e2e
Set-Cookie: uuid=d6e3f613-62d2-44a7-a24d-7f95f1831e2e; expires=Sun, 26 Nov 2023 20:24:07 GMT; domain=agency2.ru; path=/; secure; SameSite=None
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
X-Host: 23.111.107.44
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 81443e1348affe30cdd617a924139458
878440cc6b7e83189395b78eabad232c23d8f817
d92b2a640575c0761dc4f5802f42f78da30309f1e2143411c071e78d1b002f14
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 09 Dec 2022 17:43:32 GMT
ETag: "878440cc6b7e83189395b78eabad232c23d8f817"
Last-Modified: Mon, 05 Dec 2022 17:43:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3547
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e5bc6fb4ff-OSL
counter.yadro.ru/hit?r;s1280*1024*24;uhttps%3A//protuor.ru/;h%u041A%u043E%u0440%u043E%u043D%u0430%u0432%u0438%u0440%u0443%u0441%20%u0432%20%u0420%u043E%u0441%u0441%u0438%u0438%20%7C%20%u041F%u0443%u0442%u0435%u0448%u0435%u0441%u0442%u0432%u0438%u044F;0.4800258577291854
200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit?r;s1280*1024*24;uhttps%3A//protuor.ru/;h%u041A%u043E%u0440%u043E%u043D%u0430%u0432%u0438%u0440%u0443%u0441%20%u0432%20%u0420%u043E%u0441%u0441%u0438%u0438%20%7C%20%u041F%u0443%u0442%u0435%u0448%u0435%u0441%u0442%u0432%u0438%u044F;0.4800258577291854
IP
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?r;s1280*1024*24;uhttps%3A//protuor.ru/;h%u041A%u043E%u0440%u043E%u043D%u0430%u0432%u0438%u0440%u0443%u0441%20%u0432%20%u0420%u043E%u0441%u0441%u0438%u0438%20%7C%20%u041F%u0443%u0442%u0435%u0448%u0435%u0441%u0442%u0432%u0438%u044F;0.4800258577291854 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Sat, 04 Dec 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 18:41:08 GMT
expires: Mon, 05 Dec 2022 20:41:08 GMT
cache-control: public, max-age=7200
age: 6179
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.upravel.com/sape/sync
302 Found 0 B URL HTTP/2 sync.upravel.com/sape/sync
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/png
content-length: 0
location: https://sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
set-cookie: session_tptc=1670271847319;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
session_tptc-legacy=1670271847319;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 720895a06c8cbbbe631168c1c6646f91
5ab8d8b901d13737dc13870622f689b100eaff63
e47cd53c5986056db0f51c6a75d3be8991c1f71622d3f54b1d743b7c075eb990
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E47CD53C5986056DB0F51C6A75D3BE8991C1F71622D3F54B1D743B7C075EB990"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2831
Expires: Mon, 05 Dec 2022 21:11:18 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
informer.yandex.ru/informer/46860633/2_0_FFFFFFFF_EFEFEFFF_0_pageviews
200 OK 1.5 kB URL HTTP/2 informer.yandex.ru/informer/46860633/2_0_FFFFFFFF_EFEFEFFF_0_pageviews
IP
File type PNG image data, 80 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash af75461bfd428edfd1b0e6b5a2222135
3f846c738ba593a0c4bcc626c974161451b8ea1f
d866d21c7adbea913aae4449c6803e08b258bfe586d7b18304adc3e3a264058e
GET /informer/46860633/2_0_FFFFFFFF_EFEFEFFF_0_pageviews HTTP/1.1
Host: informer.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 1507
last-modified: Mon, 05-Dec-2022 20:24:07 GMT
content-type: image/png
pragma: no-cache
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:07 GMT
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
200 OK 3.0 kB URL HTTP/2 protuor.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP
Hash 252d6b45bbc279e4553c4693e6b3cf5a
1d601ef3a55a3de19dc016b73b2f2b7c35d21439
d9c05a6fba7f611fe6a7d20a609ae5203dd7c6f9fa7b7b1305f9596cd725a071
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Wed, 19 Oct 2022 14:35:38 GMT
vary: Accept-Encoding
etag: W/"63500b3a-26d1"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
sync.bumlam.com/?src=sape
302 Moved Temporarily 0 B URL HTTP/1.1 sync.bumlam.com/?src=sape
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sape HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Sun, 30 Nov 2042 20:24:07 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://pix.bumlam.com/sync/sape/sync_ok?guid=c4d53c18-74da-11ed-a1c4-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Access-Control-Allow-Origin: https://acint.net
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ebb91c53a3aff73368b95f98b37f8729
ae4976f99ec1df4c597c8c8247c0047dc528c608
dd17f7bf13acb7b75668a1692dd48bfb98309b3773930da71cda5dd280144819
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD17F7BF13ACB7B75668A1692DD48BFB98309B3773930DA71CDA5DD280144819"
Last-Modified: Sun, 04 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14477
Expires: Tue, 06 Dec 2022 00:25:24 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash e15176433ab00b65892fc45abf22bd0b
4ad8d801f1b03266ea777ce3dcc83ad3c3a1d065
7b531efcc72507d89789145da9dc39062fdb9d574c97dc0d5834fbd84dc19c45
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 03:41:03 GMT
Expires: Sat, 10 Dec 2022 03:41:02 GMT
Etag: "4ad8d801f1b03266ea777ce3dcc83ad3c3a1d065"
Cache-Control: max-age=371214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f80e4ec72b4eb-OSL
level1cdn.com/uid/?uid=false
200 OK 34 B URL HTTP/1.1 level1cdn.com/uid/?uid=false
IP
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with no line terminators
Hash de8eb774b3b843f8bdd85b48db13cffa
1e025c2f7e1b4206f889880efae217c6e0636f00
136004de287f8bb32011b16e08d99d05a4fef43157cc19ae034fa60ea5b698b4
GET /uid/?uid=false HTTP/1.1
Host: level1cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 34
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
Access-Control-Allow-Origin: https://protuor.ru
Access-Control-Allow-Credentials: true
Set-Cookie: UID=bd67fc34b7aaaae26190de984d4a94a5; Max-Age=16070400; Path=/; Expires=Fri, 09 Jun 2023 20:24:07 GMT; HttpOnly
ETag: W/"22-3o63dLO4Q/i92FtI2xPP+g"
Vary: Accept-Encoding
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fac132f9b86bfca5ad52e5786b0bbccd
4e2e153572e1526d09c29c5ea9f1bba45b1f66b6
27dfd487ce832a5ac8c07554197d1cf71e4e97ac6bd00dee86764ca87fdcc389
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27DFD487CE832A5AC8C07554197D1CF71E4E97AC6BD00DEE86764CA87FDCC389"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8874
Expires: Mon, 05 Dec 2022 22:52:01 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
301 Moved Permanently 115 B URL HTTP/2 exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
IP
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 93152f61e5ce44c3bcc5d60a752e70dd
26fb92a07a45a938e5c3fd3c90709d8801f1a67d
4e0f02b8071fd05ae913d0a2bbf25b7c30ad9dcca54f3f337f7be3c3b2cf7ece
GET /cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP/1.1
Host: exchange.buzzoola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 05 Dec 2022 20:24:00 GMT
content-type: text/html; charset=utf-8
content-length: 115
location: https://www.acint.net/match?dp=126&euid=618dd28e-7da9-4a05-6a94-e5da5799db17
serverid: TODO
X-Firefox-Spdy: h2
acint.net/match?dp=110&euid=26938ada26b34e128e8b612c2b1da365
200 OK 43 B URL HTTP/2 acint.net/match?dp=110&euid=26938ada26b34e128e8b612c2b1da365
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=110&euid=26938ada26b34e128e8b612c2b1da365 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash be1e9b26356927c1711531cf1b822bba
1f602e59e0eed075489df23941a49ca66e0db31e
24c8dd80f697ad513c092e2dbdc4f5a09c2783d68fc375e33b2ca9b8351f6113
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:07:13 GMT
ETag: "1f602e59e0eed075489df23941a49ca66e0db31e"
Last-Modified: Mon, 05 Dec 2022 16:07:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2632
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e74e7fb4fa-OSL
sync.bumlam.com/?src=sap1&s_data=CAIQARjnprmcBmIgMDEwMDAwN0Y2NjUzOEU2Mzc1MDNEQTM0MDJGQTU3QUaiARDE1TwYdNoR7aHEACWQyCQ3
200 OK 0 B URL HTTP/1.1 sync.bumlam.com/?src=sap1&s_data=CAIQARjnprmcBmIgMDEwMDAwN0Y2NjUzOEU2Mzc1MDNEQTM0MDJGQTU3QUaiARDE1TwYdNoR7aHEACWQyCQ3
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&s_data=CAIQARjnprmcBmIgMDEwMDAwN0Y2NjUzOEU2Mzc1MDNEQTM0MDJGQTU3QUaiARDE1TwYdNoR7aHEACWQyCQ3 HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Sun, 30 Nov 2042 20:24:07 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash be1e9b26356927c1711531cf1b822bba
1f602e59e0eed075489df23941a49ca66e0db31e
24c8dd80f697ad513c092e2dbdc4f5a09c2783d68fc375e33b2ca9b8351f6113
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:07:13 GMT
ETag: "1f602e59e0eed075489df23941a49ca66e0db31e"
Last-Modified: Mon, 05 Dec 2022 16:07:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2632
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e74e911c06-OSL
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash be1e9b26356927c1711531cf1b822bba
1f602e59e0eed075489df23941a49ca66e0db31e
24c8dd80f697ad513c092e2dbdc4f5a09c2783d68fc375e33b2ca9b8351f6113
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:07:13 GMT
ETag: "1f602e59e0eed075489df23941a49ca66e0db31e"
Last-Modified: Mon, 05 Dec 2022 16:07:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2632
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e75e92b4fa-OSL
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash be1e9b26356927c1711531cf1b822bba
1f602e59e0eed075489df23941a49ca66e0db31e
24c8dd80f697ad513c092e2dbdc4f5a09c2783d68fc375e33b2ca9b8351f6113
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:07:13 GMT
ETag: "1f602e59e0eed075489df23941a49ca66e0db31e"
Last-Modified: Mon, 05 Dec 2022 16:07:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2632
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80e75cdb0b06-OSL
an.yandex.ru/system/context.js
200 OK 144 kB URL HTTP/2 an.yandex.ru/system/context.js
IP
File type ASCII text, with very long lines (65492)
Size 144 kB (144155 bytes)
Hash daafd7e886bb4a053f5a4946e8ee6dc5
12d7c54ec378ac1cbe2b120d61287a2583070bae
5e6d9589dfb44b3d208d8fb81404fd07d213381d2e1abd877e903c6b48429f92
GET /system/context.js HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
timing-allow-origin: *
access-control-allow-origin: *
expires: Mon, 05 Dec 2022 21:24:07 GMT
x-yandex-req-id: 1670271847127864-192610291726702485400099-production-app-host-sas-pcode-155
cache-control: private, max-age=3600
content-encoding: br
content-type: text/javascript; charset=utf-8
x-robots-tag: noindex, noarchive, nofollow
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2
200 OK 26 kB URL HTTP/2 yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 26004, version 1.0\012- data
Hash 7f0cdaf91230f9789ca4162aedff612e
965de571aa794dab64076c3cc64dc8894b843f23
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
GET /s3/home/fonts/ys/3/text-variable-full.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: font/woff2
content-length: 26004
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "7f0cdaf91230f9789ca4162aedff612e"
expires: Wed, 06 Dec 2023 02:10:44 GMT
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
x-nginx-request-id: 7c053b48d5261852
accept-ranges: bytes
X-Firefox-Spdy: h2
www.acint.net/match?dp=111&euid=76d32626-02ee-4128-becf-abe0a936ac74
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=111&euid=76d32626-02ee-4128-becf-abe0a936ac74
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=111&euid=76d32626-02ee-4128-becf-abe0a936ac74 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
yastatic.net/partner-code-bundles/689972/1c0942547d39e10f5f56.js
200 OK 4.8 kB URL HTTP/2 yastatic.net/partner-code-bundles/689972/1c0942547d39e10f5f56.js
IP
File type ASCII text, with very long lines (14344)
Hash fe59722ca41c8e1f5777bd755785dc2e
f5553e6825e9641530a912a7d420332f5d62efdd
70a44272df8c8a19f2432fc4f0b0068e3f55dbe6815a56a997316a0936fbb39e
GET /partner-code-bundles/689972/1c0942547d39e10f5f56.js HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/javascript; charset=utf-8
content-length: 4802
access-control-allow-origin: *
cache-control: public, max-age=946708560
content-encoding: br
etag: "fe59722ca41c8e1f5777bd755785dc2e"
expires: Thu, 05 Dec 2052 02:56:16 GMT
last-modified: Fri, 02 Dec 2022 15:18:32 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
pix.bumlam.com/sync/sape/sync_ok?guid=c4d53c18-74da-11ed-a1c4-002590c82437
302 Found 0 B URL HTTP/1.1 pix.bumlam.com/sync/sape/sync_ok?guid=c4d53c18-74da-11ed-a1c4-002590c82437
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/sape/sync_ok?guid=c4d53c18-74da-11ed-a1c4-002590c82437 HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://c4d53c18-74da-11ed-a1c4-002590c82437.n5.sync.bumlam.com/?src=sape
mc.yandex.ru/watch/36124145/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A583662259%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/36124145/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A583662259%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 42a08b83bfec536923b735f5deaeeca8
d26270800d58e28861722ddf881c2f145ea60a67
44de9e13093bc949dab82acfb93c10b2a9951336add49406f92fea4394073e4f
GET /watch/36124145/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A583662259%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Mon, 05 Dec 2022 20:24:07 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:07 GMT
last-modified: Mon, 05-Dec-2022 20:24:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.acint.net/match?dp=186&euid=d6e3f613-62d2-44a7-a24d-7f95f1831e2e
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=186&euid=d6e3f613-62d2-44a7-a24d-7f95f1831e2e
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=186&euid=d6e3f613-62d2-44a7-a24d-7f95f1831e2e HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
www.acint.net/match?dp=126&euid=618dd28e-7da9-4a05-6a94-e5da5799db17
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=126&euid=618dd28e-7da9-4a05-6a94-e5da5799db17
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=126&euid=618dd28e-7da9-4a05-6a94-e5da5799db17 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
yastatic.net/partner-code-bundles/689972/7e47cf93896a3547985f.js
200 OK 100 kB URL HTTP/2 yastatic.net/partner-code-bundles/689972/7e47cf93896a3547985f.js
IP
File type ASCII text, with very long lines (65497)
Size 100 kB (100014 bytes)
Hash d5233c9025aa0933f6572d0d1072f5bd
396b226697e0dab697420a88051d683cffd2d587
27eecb7fc519c6d9c26314b03d9db55b1b578d7cd5e36e01d226b782ec334ed9
GET /partner-code-bundles/689972/7e47cf93896a3547985f.js HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/javascript; charset=utf-8
content-length: 100014
access-control-allow-origin: *
cache-control: public, max-age=946708560
content-encoding: br
etag: "d5233c9025aa0933f6572d0d1072f5bd"
expires: Thu, 05 Dec 2052 02:56:16 GMT
last-modified: Fri, 02 Dec 2022 15:18:33 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
yastatic.net/safeframe-bundles/0.83/host.js
200 OK 8.9 kB URL HTTP/2 yastatic.net/safeframe-bundles/0.83/host.js
IP
File type ASCII text, with very long lines (33703), with no line terminators
Hash f80882bf67cf261aa08d636da095149a
3e5bf3fbdb45c9696f9b925d3e71b2e9777c82cd
4794febaad77bf94edba1c860dbcf9612722ad0a18b95831dad359b0bba4bed6
GET /safeframe-bundles/0.83/host.js HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/javascript; charset=utf-8
content-length: 8878
access-control-allow-origin: *
cache-control: public, max-age=946708560
content-encoding: br
etag: "f80882bf67cf261aa08d636da095149a"
expires: Thu, 05 Dec 2052 02:55:52 GMT
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
accept-ranges: bytes
X-Firefox-Spdy: h2
adlmerge.com/merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF
200 OK 43 B URL HTTP/2 adlmerge.com/merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /merge_gpsid/?sid=50&id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: adlmerge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
iseu: eu
X-Firefox-Spdy: h2
level1cdn.com/uid/?uid=false
200 OK 34 B URL HTTP/1.1 level1cdn.com/uid/?uid=false
IP
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with no line terminators
Hash 8a6e3f3b2e6a488296314fe6785ccf02
903fbfae4996703fd184849602cd2bae0834c0d6
69978c0bc0f068b3560b336957ac0502beb19eb793fc1fcb3172a46b1956e8fa
GET /uid/?uid=false HTTP/1.1
Host: level1cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-None-Match: W/"22-3o63dLO4Q/i92FtI2xPP+g"
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 34
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
Access-Control-Allow-Origin: https://protuor.ru
Access-Control-Allow-Credentials: true
Set-Cookie: UID=e8eb3ec49751b6c63ac9f6e3d24832b8; Max-Age=16070400; Path=/; Expires=Fri, 09 Jun 2023 20:24:07 GMT; HttpOnly
ETag: W/"22-im4/Oy5qSIKWMU/meFzPAg"
Vary: Accept-Encoding
ocsp.sectigo.com/
200 OK 471 B IP
Hash 9c1529c3fe0f318c9cddeef4b60ba0f0
938c35c6c616f537f14855c59563009aa04d4acb
01d556a0cd7d012781c837f0c83645d3236fac5e779d6bb7f0c74b65beba3de1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 11:26:43 GMT
Expires: Sun, 11 Dec 2022 11:26:42 GMT
Etag: "938c35c6c616f537f14855c59563009aa04d4acb"
Cache-Control: max-age=485554,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f80e5bcdbb4ee-OSL
mc.yandex.ru/watch/46860633/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 426 B URL HTTP/2 mc.yandex.ru/watch/46860633/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (426), with no line terminators
Hash a12cf7719b7a05760502c9018ac34ebe
7ee31dbfceb77eed463aeff98ee74522beb7e61c
f2f6c0e8d2422a279a11dea9e692b603841709a2ec972b64dca4942f09e6ff55
GET /watch/46860633/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 426
date: Mon, 05 Dec 2022 20:24:07 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:07 GMT
last-modified: Mon, 05-Dec-2022 20:24:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: *
etag: "6388ac0c-2b"
expires: Mon, 05 Dec 2022 21:24:07 GMT
accept-ranges: bytes
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e7ad09917ec89b585081e83a2ad7cb53
bef223cf3c787d296062e1c9a303dc6fa6bac925
38d03c035f09cdb49207e0e942aca073039079de705478bd3b2060428450a600
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38D03C035F09CDB49207E0E942ACA073039079DE705478BD3B2060428450A600"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7275
Expires: Mon, 05 Dec 2022 22:25:22 GMT
Date: Mon, 05 Dec 2022 20:24:07 GMT
Connection: keep-alive
traff.travelata.ru/img/calBig.png
200 OK 229 B URL HTTP/2 traff.travelata.ru/img/calBig.png
IP
File type PNG image data, 20 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 92bcb3c549a4cc65bff23393e3f1c4f7
e97bae7c53443f83bd3db048423eb07bbe4b3168
9ea613d68962c2b8fd9e265d0438642127824e6f7ed6b0de44aef7526708a964
GET /img/calBig.png HTTP/1.1
Host: traff.travelata.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: QRATOR
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/png
content-length: 229
last-modified: Thu, 17 Dec 2020 17:37:09 GMT
accept-ranges: bytes
etag: "5fdb9745-e5"
X-Firefox-Spdy: h2
traff.travelata.ru/img/searchButtonRight.png
200 OK 1.5 kB URL HTTP/2 traff.travelata.ru/img/searchButtonRight.png
IP
File type PNG image data, 38 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 144d2fb4af9992555e07d2f9368e7ee1
9cb399fc9e935fb0c195911131af8cfe933ac20a
2a54fba5d9fa19b52f7a334a5caf15d15fc648aad383424b060e55d977cfcfde
GET /img/searchButtonRight.png HTTP/1.1
Host: traff.travelata.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: QRATOR
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/png
content-length: 1528
accept-ranges: bytes
last-modified: Thu, 17 Dec 2020 17:37:09 GMT
etag: "5fdb9745-5f8"
X-Firefox-Spdy: h2
c4d53c18-74da-11ed-a1c4-002590c82437.n5.sync.bumlam.com/?src=sape
302 Moved Temporarily 0 B URL HTTP/1.1 c4d53c18-74da-11ed-a1c4-002590c82437.n5.sync.bumlam.com/?src=sape
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sape HTTP/1.1
Host: c4d53c18-74da-11ed-a1c4-002590c82437.n5.sync.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.22.1
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Length: 0
Connection: close
Location: https://pix.bumlam.com/sync/sape/done
traff.travelata.ru/img/firmVertBg.jpg
200 OK 33 kB URL HTTP/2 traff.travelata.ru/img/firmVertBg.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 450x500, components 3\012- data
Hash 8f235677811f981faae43bead46a2601
a7a904f793ab3963a80f91ade19320b99c3326a7
aa9c9d48f0700006b448dec420c57cb01870d2eb6391703fd5679dcff848c06c
GET /img/firmVertBg.jpg HTTP/1.1
Host: traff.travelata.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: QRATOR
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/jpeg
content-length: 33128
etag: "5fdb9745-8168"
accept-ranges: bytes
last-modified: Thu, 17 Dec 2020 17:37:09 GMT
X-Firefox-Spdy: h2
www.acint.net/match?dp=71&euid=969f0990-3bb6-466d-a223-c75bfa9dcf55
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=71&euid=969f0990-3bb6-466d-a223-c75bfa9dcf55
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=71&euid=969f0990-3bb6-466d-a223-c75bfa9dcf55 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
traff.travelata.ru/application/destinationList/serp?callback=_tafData
200 OK 9.2 kB URL HTTP/2 traff.travelata.ru/application/destinationList/serp?callback=_tafData
IP
File type ASCII text, with very long lines (12524)
Hash eb451dff1a1ab6584df51febc82a9178
4287d8fbb0442e123b2c802a84df489ad5b2f859
d3e6781a5fc35c210b7b7ad6af62e51795bb3545d9a1ee85e20c44bf7dd6f558
GET /application/destinationList/serp?callback=_tafData HTTP/1.1
Host: traff.travelata.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: QRATOR
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
pix.bumlam.com/sync/sape/done
200 OK 43 B URL HTTP/1.1 pix.bumlam.com/sync/sape/done
IP
ASN #44066 diva-e Datacenters GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /sync/sape/done HTTP/1.1
Host: pix.bumlam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiRjNGQ1M2MxOC03NGRhLTExZWQtYTFjNC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: https://www.acint.net
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Expires: 05-Jun-2005 22:00:00 GMT
X-Xss-Protection: 0
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vifog.com/video/get/?platformId=108340&format=2&align=top&width=300&height=250&sig=9189fd1e953bc73b&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=df819c2a92d07e19aaeb5f9ff002c7a1
200 OK 467 B URL HTTP/1.1 vifog.com/video/get/?platformId=108340&format=2&align=top&width=300&height=250&sig=9189fd1e953bc73b&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=df819c2a92d07e19aaeb5f9ff002c7a1
IP
ASN #44066 diva-e Datacenters GmbH
File type HTML document, Unicode text, UTF-8 text, with very long lines (457), with no line terminators
Hash 4d66ccefaeff0af506985ee2d77ac3cd
1db7c57dc41344913e6ca6fbbde46565ead594b2
9e28de5c36e138e125b6ee2a77348bfa53db236f3a68cd790fd3ce2d90a806df
GET /video/get/?platformId=108340&format=2&align=top&width=300&height=250&sig=9189fd1e953bc73b&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=df819c2a92d07e19aaeb5f9ff002c7a1 HTTP/1.1
Host: vifog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 467
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
Set-Cookie: vbmuid=df819c2a92d07e19aaeb5f9ff002c7a1; Max-Age=16070400; Path=/; Expires=Fri, 09 Jun 2023 20:24:07 GMT; HttpOnly
Rotator-message: video: no campaignAccess, code: -8, msg: 144/0, format: 2, platformId: 108340, rtrCampaignId: false
ETag: W/"1d3-TWbM767/CvUGmF7i13rDzQ"
Vary: Accept-Encoding
protuor.ru/wp-content/plugins/travelpayouts/assets/public-scripts.fc15b4d4d1f8eab83eea.js
200 OK 3.8 kB URL HTTP/2 protuor.ru/wp-content/plugins/travelpayouts/assets/public-scripts.fc15b4d4d1f8eab83eea.js
IP
File type ASCII text, with very long lines (9308)
Hash 7fa6d23643b002f1ef659aa3787997ae
1ec184696dace7c0c844b0c12df0b0360491a712
44613fac78b7a464d0f26987a64fac67d9680dd3657c3b29648e817a979b9de9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/assets/public-scripts.fc15b4d4d1f8eab83eea.js HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/x-javascript
last-modified: Thu, 28 Jul 2022 07:14:52 GMT
vary: Accept-Encoding
etag: W/"62e2376c-24b9"
expires: Mon, 12 Dec 2022 20:24:06 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 07af306b63d231c216e3558cdf0ffffd
f9ef38461444640e4f14a3827526330e42ba1158
6777fa1566249f5f268871f9a6c1af0cd654cdf63fd269910e8be5488672d242
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 17:29:38 GMT
ETag: "f9ef38461444640e4f14a3827526330e42ba1158"
Last-Modified: Mon, 05 Dec 2022 17:29:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1701
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80ea8a781c06-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 07af306b63d231c216e3558cdf0ffffd
f9ef38461444640e4f14a3827526330e42ba1158
6777fa1566249f5f268871f9a6c1af0cd654cdf63fd269910e8be5488672d242
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 17:29:38 GMT
ETag: "f9ef38461444640e4f14a3827526330e42ba1158"
Last-Modified: Mon, 05 Dec 2022 17:29:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1701
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80eaaab31c06-OSL
ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=153&external_id=0100007F66538E637503DA3402FA57AF
200 OK 42 B URL HTTP/1.1 ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=153&external_id=0100007F66538E637503DA3402FA57AF
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cgi-bin/sync.cgi?dsp_id=153&external_id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: ssp.adriver.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 9739c027b90dc391a4c8d38576234f95
5857384011e3dabe6dd930d5ff2f5e7ff73fb0b3
78ccd6f94e8d9007e292da9fa73bd8d5499316c6e623d21f58e7419ec9b2b3cb
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 09 Dec 2022 16:07:43 GMT
ETag: "5857384011e3dabe6dd930d5ff2f5e7ff73fb0b3"
Last-Modified: Mon, 05 Dec 2022 16:07:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3433
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80eabd41b4ff-OSL
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691
302 Moved Temporarily 0 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691 HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Set-Cookie: cid=-6209895393; expires=Wed, 04 Dec 2024 20:24:08 GMT; path=/; domain=.adriver.ru; SameSite=None; Secure
Location: /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-6209895393
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf2ZTjmN1A9o0AvpXrw
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf2ZTjmN1A9o0AvpXrw
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf2ZTjmN1A9o0AvpXrw HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 20:24:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.adkernel.com/user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D
200 OK 0 B URL HTTP/1.1 sync.adkernel.com/user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D
IP
ASN #36057 WEBAIR-INTERNET-MTL
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D HTTP/1.1
Host: sync.adkernel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: close
ocsp.globalsign.com/gseccovsslca2018
200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 38871a014059ea998d8da95aa87ffcd0
72b3678de097f09d3c2ee4a0bc64a9a1b8cf7c81
d72b80e7aa9a8224a0b45ccb2b5ff957c314d3c61fa3a5dfdf142d38f0482e6f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 09 Dec 2022 19:04:01 GMT
ETag: "72b3678de097f09d3c2ee4a0bc64a9a1b8cf7c81"
Last-Modified: Mon, 05 Dec 2022 19:04:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3359
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80eb0b1b1c06-OSL
dmp.gotechnology.io/match/sape?id=0100007F66538E637503DA3402FA57AF&chk=1
302 Found 0 B URL HTTP/2 dmp.gotechnology.io/match/sape?id=0100007F66538E637503DA3402FA57AF&chk=1
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/sape?id=0100007F66538E637503DA3402FA57AF&chk=1 HTTP/1.1
Host: dmp.gotechnology.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: chk=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-length: 0
location: https://an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA
set-cookie: pid=NTc3ZDk5OGVjOGZkZjJkMA; expires=Tue, 05 Dec 2023 20:24:08 GMT; domain=.gotechnology.io; path=/; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash b842d5465426137b4c494a6814f54fe2
3127fd02bbffadc4e00ea0c0c0e45eb865dbb2ba
4d7c130368ff61c166464de3c378ff2680817a1ad371ff3e1b5932fbf15189d9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 02:18:43 GMT
Expires: Sat, 10 Dec 2022 02:18:42 GMT
Etag: "3127fd02bbffadc4e00ea0c0c0e45eb865dbb2ba"
Cache-Control: max-age=366273,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f80eb2838fab4-OSL
ad.mail.ru/cm.gif?p=48&id=0100007F66538E637503DA3402FA57AF
200 OK 43 B URL HTTP/2 ad.mail.ru/cm.gif?p=48&id=0100007F66538E637503DA3402FA57AF
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /cm.gif?p=48&id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: ad.mail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/gif
content-length: 43
set-cookie: VID=0TFlzA2RUz2E0021yi1Pe3oE:::0-0-0-8a8ac28:CAASEGwmd-dMtQGvOEKpHhqTtZ8aYN6ewOjl5M7SMqK01veMkzQ4O4H6qNRTzRTqcLqRUf5iLWmK4UVKbWIl1InM3t3YMevsn1nX1cPiwFjVJLUwkCDyQUdkiCED6r0H2oo7tRT07fe1TUZLF8-T96cHn2RGDg; path=/; expires=Wed, 06-Dec-23 20:24:08 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
expires: Tue, 06 Dec 2022 02:24:08 GMT
cache-control: max-age=21600
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
X-Firefox-Spdy: h2
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-6209895393
302 Moved Temporarily 40 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-6209895393
IP
File type ASCII text, with CRLF line terminators
Hash 251630b588179b239e8fab1ac9ef6d3a
91b91a97bc481dd2bbd5e0f3fea6ba1c4e843882
c95661e0ef6975b1df5361695a439f71a021d72c345023c3e668e84f35b3c38b
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-6209895393 HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Set-Cookie: cid=0; expires=Wed, 04 Dec 2024 20:24:08 GMT; path=/; domain=.adriver.ru;
uid=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=.adriver.ru
Location: https://www.acint.net/rmatch?dp=45&euid=0&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D
an.yandex.ru/mapuid/sapeis/0100007F66538E637503DA3402FA57AF
302 Found 1.8 kB URL HTTP/2 an.yandex.ru/mapuid/sapeis/0100007F66538E637503DA3402FA57AF
IP
Hash 9273037f36869aceb36b1e601dcfb5f9
50796bf73bc2d663bb5019a4cc76900df08f563b
9c53862ef09cdc14bd5786040e11bad46781c6a0b4a8ebcd7835d9aac7101234
GET /mapuid/sapeis/0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
timing-allow-origin: *
location: https://an.yandex.ru/mapuid/sapeis/0100007F66538E637503DA3402FA57AF?redir-setuniq=1
date: Mon, 05 Dec 2022 20:24:08 GMT
set-cookie: yandexuid=9909610621670271848; domain=.yandex.ru; path=/; expires=Thu, 02-Dec-2032 20:24:08 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05 Dec 2022 20:24:08 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200
302 Found 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200
IP
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-length: 0
location: https://x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: __upin=YH/yVlhG5icGVtqAEtcVRg;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
ocsp.usertrust.com/
200 OK 472 B IP
Hash 261f1681ee92a12b1f514a1ff09dc890
a81c0c798eff145de03ad3b2442e8671963cce2d
6f60cc7fbaa3de487e8f190db5c4d667758bfcf57c70641e89aa0139cd2334aa
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 04:18:22 GMT
Expires: Mon, 12 Dec 2022 04:18:21 GMT
Etag: "a81c0c798eff145de03ad3b2442e8671963cce2d"
Cache-Control: max-age=603222,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1463
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80ebcf9c0b31-OSL
an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA
302 Found 174 B URL HTTP/2 an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA
IP
Hash 8a1fe14ff370be52dac9836776e7411e
905ce78f48149f35853b70373fc8e4c26e88f764
a37ae8fe00850240aa78fa5a852aacd18b9fe51dbce494cdc94a60492b83d658
GET /mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
timing-allow-origin: *
location: https://an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA?redir-setuniq=1
date: Mon, 05 Dec 2022 20:24:08 GMT
set-cookie: yandexuid=2701349911670271848; domain=.yandex.ru; path=/; expires=Thu, 02-Dec-2032 20:24:08 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05 Dec 2022 20:24:08 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
302 Found 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Weborama Collect Frontend
date: Mon, 05 Dec 2022 20:24:07 GMT
content-length: 0
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=2354909111
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
set-cookie: AFFICHE_W=rETHOfEsaySs34; expires=Tue, 02 Jan 2024 20:24:08 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007F66538E6382034136025298FB
200 OK 42 B URL HTTP/1.1 ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007F66538E6382034136025298FB
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cgi-bin/sync.cgi?ssp_id=43&external_id=0100007F66538E6382034136025298FB HTTP/1.1
Host: ssp.adriver.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a1586dee9ebacb7c8828dd0f643dafd4
50367ff8e320f8423c918ef69febaa35b6644b1c
d3b107154132876e1ca14d8365557417f34f3df74b58d5de47695577d979391f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3B107154132876E1CA14D8365557417F34F3DF74B58D5DE47695577D979391F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4747
Expires: Mon, 05 Dec 2022 21:43:15 GMT
Date: Mon, 05 Dec 2022 20:24:08 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash ccd0403a573158475fa8b9fa1bd3faa0
2fc47b151e9c32ce0e345a01886f8f842719d468
4ee259e0c86bc54e5c9c72cdf0c735f10a18942f1c5d558e876e01a9662d046f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:09:17 GMT
Expires: Fri, 09 Dec 2022 16:09:16 GMT
Etag: "2fc47b151e9c32ce0e345a01886f8f842719d468"
Cache-Control: max-age=329707,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f80eaed72b4ee-OSL
status.thawte.com/
200 OK 471 B IP
Hash 239f1fc98cead4885a8e60e983521b1a
2e8dac7917ed3b42c3a877716d060fca58da14fa
a3ed77ead16f9f5fca22a8533d76df188bf0d0865aed2121513fd5c5b35167d1
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6194
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:08 GMT
Last-Modified: Mon, 05 Dec 2022 18:40:54 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
sape-sync.rutarget.ru/sync
302 Moved Temporarily 0 B URL HTTP/1.1 sape-sync.rutarget.ru/sync
IP
ASN #208677 Cloud technology Limited (Ltd.)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync HTTP/1.1
Host: sape-sync.rutarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: close
Location: https://www.acint.net/match?dp=104&euid=mSE8BjPCRC6v
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=mSE8BjPCRC6v; Path=/; Domain=.rutarget.ru; Expires=Sat, 03 Jun 2023 20:24:08 GMT; SameSite=None; Secure
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=2354909111
204 No Content 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=2354909111
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=2354909111 HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Weborama Collect Frontend
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
set-cookie: AFFICHE_W=; expires=Tue, 10 Nov 2009 23:00:00 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2017/12/cropped-favikon-32x32.jpg
404 Not Found 73 kB URL HTTP/2 protuor.ru/wp-content/uploads/2017/12/cropped-favikon-32x32.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 9f9d5f94ccc5c04cfef493f8ef745df1
2cd09fe2284630a5af335bef8019dd567c341cfc
201b6ba8a1768651484513e584fa3ccd270be2296c23b580aa8ee0f06aaf84e1
GET /wp-content/uploads/2017/12/cropped-favikon-32x32.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
pragma: no-cache
link: <https://protuor.ru/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
yandex.ru/ads/meta/273816?target-ref=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&pcode-test-ids=657519%2C0%2C50%3B685883%2C0%2C59%3B678361%2C0%2C64%3B687459%2C0%2C7%3B689267%2C0%2C19%3B689964%2C0%2C72%3B681853%2C0%2C35&pcode-flags-map=eJytWNtu2zgQ%2FZWFn4uuRIm69I2SKJuIRGpJyo5bFITberMBknTRpkW7Rf99h5LsSHJKN7sF8mArOofDuZyZ8bcFW3IhqamZUrQwBdHENESSWplSSLNmBRWGcZOLOhOLF6%2B%2BLT7vbj7tFy8W%2By9%2FL54t7vcf79k7%2BIpTL8R48f31s8WaKCPpHy1V2qxr0phSitqQQk3wWrZ0TBD5MUq8joByklV0djh8KBlnmoJ9%2BYVaCW02TK9Eqw0B27VyWRdhHCXBk8l%2FBTOpKtNIUbS5VqfHPI2aAuUT4zIisXGBMzcQClORjFYdFZBkhHMq3dGJgiCMO5pCGC56ojWVmuWkMmxtslZrwd0kEOE4mZMAFkguzhkQB34aPoKlFa0p12eSKw4Sf%2BJKTjdGXcDl4c%2F6Q5CCStNUZDszZO7PBKM0PfqT8YYsqVH2BltTMGXJiy7omc3MohSX8FjSXBtFq2pCTS%2BbKXXso556qEq15XpFgbuvI71taF%2BdVJ9zVwL1iB7cpU0hyeYhb%2FSSHMunZBIqtbS0htVwHff9UxRED%2Fmk%2B5ynUrFZ9OHNAKI9xoJNaR%2F%2FlrPB5TYHSd2MofcfPu1HsBAlQdorQ6vAKapL2hlmbucIBOFVlHIjMkXleh7eu92bm%2F0EGUQo7VO9ZJegjNysKFuutOHafWSIg9TvgFvCC3ppZGsKURPGncrpxQeP2vMyKS7AWDjLLCUrnEg%2Fxkn06IE2FbVkmROOfC%2FqS%2Bol5ciULWTthhWge2fTAId%2BOKh1hx0y32RC2qBKUrBW%2FfaTDFti7e4NhtLZkK1TcnEYxIOfi7KBVqMawSExNKsp5PMEijzPm2JDL%2Bjv3OSioCCgAOVOHcYhBpohlWw9S2pz93CesWXshIdxjE7hrLTCs7FFBNn5XxgOBqxJ1U6iFXiPoytKJDe1lZY1kYzM7o0mh2LPG7zcSCYk01uTbUFB6KYR0u2wKI6G2jvkxSCBuXKKK079OBllJFMmJ1KCepE8n4v8TCVwGmDfn2C7LFZHnWtIUTC%2BdJOEOOwtz0XLQWV70Q3cVodJjEfhqSUINlMsYxV4zX1cGkc%2FRBoBDb6CznLm9ANH3Vaa9c3cgMCWDDoRs5coSe6u5jRBcTyyYyDp24UWNlFta8xgarEVo6WoqjN90kNh0GfdUpIMud%2BFFPUe3jWKvZzYi33kud5%2FpPJ9%2FAPEITlWtGs%2FkhZUQbt12udjFPVoOzZIWoLmrGBmWLLcjUuCQWDBadBma1tBkvJD32skzdwSH4FGI39SStADJeQ1h2paUYiHlW2VS9vhlHIqUeSnftjbMwKRprFXWUJpuMHIT%2FHEkhXT3TVGZODMCy3cVgQxQpNZLG9qU9OCEQMkRLN11%2BTdHGkwXRbyJv%2FfHLPJvaAlgYp64tAeYi%2BKJm5SNZHawD7UUkt%2BLkg4iqLezxV5ue0mU9P1qjHq2%2BLP%2Ff3bv%2Brdh6vruyHbb9%2B%2Fub7Zq7e7m%2Bu7q8UL9H0yv2NvGGrG5kDrMlllq7qC9js%2B4NXidnd98%2FzDJ7Dt6%2B7u3f4LfP79%2BnZ3tf84eXS1u%2B2evPtnf9e%2Fvvt8ff%2B%2B%2F3j7%2FPjl9ePW2CFSr6TYzL1PQfelVUDGob8xmOGqM56P%2FXhQnNzO34IPlUZKq%2BOsH3C7qdNdcnGSRulx3CwlA5pqexiQu4J5Aj67OJGzE0SUBkNdjhBP3cCjOA29%2BMgCvb6wDLX75CSM%2FPnJfSG5z0LIQ3MlsfPqTylAEoXDNmbHL9hdcg1XhcIwAfL6ObTre%2F1IebqdnvDFSXB6C9hxzmwyUeIfk9Aix0shJ7xpz%2BxYOJnu5w9GCw4Z0%2F960JEBcd9nHgnq8FPDLFJv729mWRUMkRptsL%2BMEwaOKhNEFjAdcpFDQUKuw%2B5ZUydBEoc4HeaG7LgEqBUpoKC71qAMbCamrISQbqYURfHDXD5f0%2BD%2FKbTSKSLtmuv3fwFiooDU&pcode-icookie=M6Jji7iQQH48N%2FVZ%2BUG8z78gccZVOS19%2F8wY02olDVKdcH9OCTkjnvRMlAmcRMTQl0rcp8lZW0Cjyj%2Bvjf7UfXsWZ7c%3D&duid=MTY3MDI3MTg0NTg3NTIyNTE3MA%3D%3D&imp-id=2&enable-flat-highlight=1&comboblock-unencoded-vast=1&test-tag=450799767388162&ad-session-id=5544271670271845029&target-id=71893047&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fprotuor.ru&top-ancestor-undetermined=0&pcode-version=689972&pcodever=689972&flash-ver=0&available-width=340&layout-config=%7B%22win_width%22%3A1280%2C%22win_height%22%3A939%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A-1%2C%22isInIframe%22%3Afalse%2C%22w%22%3A341%2C%22h%22%3A0%2C%22width%22%3A341%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A858%2C%22top%22%3A1447%2C%22ad_no%22%3A0%2C%22darkTheme%22%3Afalse%2C%22req_no%22%3A0%7D&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjIsImlzX2FzeW5jIjoxLCJvbGRfZ3JhYl9zaXplIjo4NTB9ChLDJJHkNmoQBnX9YO2_0mZrm3D45f5MpxMcnW7DE1wv26SdOJvILiJrUp_gm9ZxzBR2wxRim3x2zJww0X366T6tTZeu7bb8AX0Z0BNoE0aqILau6DTx2zNn3URVsKpiBMaKVX0PRI_LIfG4Hs8TefiegEPCIeLAqR5-9aC-NBwOHE_gCSpAVw_4lyf2hBwgPUA4D_LEwAC25uQPAuBehoQhFNe86jxjrA-E-0C4C4WgcogPao_g-cd92X_liRjryoleEhRPcEAXauEDgfn__6eH5wkfJsFD_HwfLA4QPewXiH0vm0XHzUEk8nCOMVUSRr44Co-FwFZXCADsAf-_IT_PT61lx7Nt2ephQ8Cq_0Xk8Y-vY059qRf3FBGcQO8lIC_rIa88UB4O4TOTA9PDWqi5d8QHAAgvUuBBPJjH11_sXz8QwTKU95LCY5jQw356Ew-dObCPylgH76lzTIV1IO5comUq7-h1nDxD90IQj-1_6IOYd-uuHrQ7zwrFb0A4AEgC6GU8iMuN6I8nqssVf6B8KER1RTxjj-u9uu7qXhLmiW0aLGewXE6O8z0YB8jDaNxmnXDfLdcQ99cetR5UJ-Xh3kp_yu_Lir-ND_89k7v4Mm84S0-Bx6_3zMPZCT4h_H9c6ASYPf8y6W7P_63ebX5Ef4SFHtaPZ9MZ_-FCPmpxYO6pnqW8G4nqzOqyBX_m7DZ0czZTdRPWvO2ccvfFn-fGFmKh1b__jz8W1YN-P2bBt7qfaoDgED4LfyPLECjb_yQztf9gTun-PQbCKJeb3fMfQFEFDajisIKWhM1zmXz8pmv1AOR4zz3A7iafmmg47bFRwMxphy2C-73i8O7rT8PS8Yf_4ZcehrK9QPKwsWyDU_dEWNtwf62yFih3_MI24TF253Tm-IasqQ9xmXcH_cp9VIe2bQlnZ0JQ2nsuYG5wVG_xWT0-B6CGTsshoJaDK-0kVxzBuGt2_7cA4P7xdvEDw6vT0sfFFuMWdm9_DDmwtk7R1mcIlsc7-oi2nUUepLLjOnz-678ytdyXyqio5WmmoKL2E1-WUqEt31PTz2dqaepnNc6kKehaRRoow0TiJ1Gsrcoo9tPYB10L1qR2LT0VNf2cWhUpSKtSlgUB6Fp5JE2rShaR10zpJ2RpLkvI5X6uiuAW-H4keXhxWmV--JBGQZqH8irJyF9QRhqJ_VydKyNZHh509aFLFVWaJXEuTWNxHviJEj5pHkiz0C_vMqBlcPMgzUKlvMKTqHKgBf9fKvk3YW0QOVka5jQMNAy0lUxJGaaBJIqDh6iqglwmy7PqhxlZKpMs-x9quTiG_9JRpkgVWipqRUJW6BdRUOTKLCbL7k_sPzufa1lK4dcA_rMNnjzxU3aQJ_ELYSd1JzPJ_Nmih539TQ7gS1tlgucyv-nVUrGdST2obQNJNfURnE_sU1Tu-5IADHp6Z0zt1DKywX7S2ccfmSIKpS-qAS_kcaYL-c3vCxDLiuTBfxD_lyKB-1Mv_f0mfpLJEqDuJmTJncEDaW5Vkv923RYBwSTkq2yCqXlbpob-B03_1-sco1Dr6o1S0N3r2G9jFArF2bRB0tmfURKErYhYS3GoSyNsT2QUCqCXla-UnMBPfaLPLTx9gYAy7UGfysKnOnbHbiR3vrtwh9WOCHrxFyH635hp9ClnWZQUUeTrd6tF5jdFEdWvViFp3jVKa5lO9hO5hRhemElKscld2NpJ9mlobdSGO4C_ppLK0lw9tfOhD1LltWOB_MueKgvrAG4xmipPFIo0zuEGdpDir22SMPV90tzPVIGFRoWVzVSz9NZXC5zmb2uuOwEW0c2sqyvwj8fMDFGQkMf_v2qpLqbkbscIOmIex174ETlRZV9K-0X3m-0e126X3rcmHHUlywR7v7hSNio6zVJkKqseuUJgv5cZmLHy21iY_2Kk1QWZK7KtB4EkM--ppTcg4m1A1EHdRbmMlaYu7Gt-gm9_GIxVjVitpqa_v5aeRksBhrYlfRz-i52u_l6J0K_tIHagYq8sIt2CudGhaJ1PmHodxbZFG6yn37qDbmX93IaR6QgjeEb432MXrRsS1EXk9aJxuEGuUZseyJ69QaIw54ptCVWYxYokJr-ir7G9qw8skZLn5hQi12B2aN2Sa2hvJ-Dt7q6B_Ok32W7ma-E7OXDmKdtbBLnK_9qZKHz51difgr_G0zz_QFIJv06QGn_GymRVHJ9cqsjjKP_g9s8-wbyxtE2_o2uL9gZxXjoBKoZbyp4hytvKXF5ASiwW4eVu5oNIo_AKJUCeQ8IB5aqsufybJ6onMVeJff9HsPYYsgt8Zmp_BfbxP5mFe1EJJpBp2WWLbm7nzXrfpoif6eo5FdXyQ5Zc-bT96GFsaZ9UkuZKceBH0mnJoEhPBqCzQ9Ty0XvR7-d-NpJKXjg5alS5q47f7qYyKEveKY3JawP6VTyT4-cgUejC_LJtohPmzPgCd3VoAOeaK2zhu4iytIh_9_F9PkQ0iBHXPeQBqRcZZP5f9KtQFiqq_Dex4ny5WKqKs0TmMnEzjMYKzGGGAYjaCHu50kxJ-shNahqm5d-J13bSJ4PoVPbOEqZpK9uz7VOudmP2s-nbos-lkjiU1aHJyFTWBiXwb1LqhKm2UnwZfLZyI5MysS-PwvzkE335OoCf6gCfBPA_2qGmTyabzTn9RGqZdYlY9ZuVf-AollxoqhjfiQOjahCXwPWgdY-ROUeRfm33P1iqiI1-WYP15Ok6_NZpUhsH5pu0DuBcwz5M2WFW71LYjQMtAgRoHwc1sh4HcEaib29_5oZ4r0iH6R4Qon0PdMh6D-CFcJnJJemWeHv9V7Os_7SYDj4itA8-LbIefHBBcIm-0k-D6Qpo0L4CGmS9ApQjQ8Nouceok8A-crj1szypbmRQbSTYVuAX-wywJavOz2KuygyO_uyhrcx6vj2Y1WGyTCyNWXjzS_BrA24Pdev8D1jHAbQI6DDY-O4TvfbfGbKy1oVtGYaqCuDlCKuFkhRp5ovDD8cspYKJARgwdAcKLokGBsg0wKbAAgF6IwsT3QOxVJqFpHdZkNvUtVX_iIomaeRr9d4Lj6WFQ1K1tmNpK7D-oGfvgniQvhzIHCBuAQDKQkWsBebVBTWd2aLk1u1N0b3rruC7ab4xltvoTDQvbm1tl9Lfn-hF8zkwOsYSHFGBq-5v3xDj8cqbQngK8iXrPR0_FFovkr_D_F_xJ9f97UExkjy61hrrDT0BwxlnL_1dISN4xuFtKTOWQLYdpEbqIJTTqgabmgJMVGkKwOhR4AcM0s1M6TrCnypDy5y1a4-UJSFjLU12YV49T483UeH30P28NoE4VutVQMa7hrwqxAHlB_sXKYAAFehhIsti-Fl8Kz09-WD8a-wh2_im44D6wPYpVA-KBxxj74-_PUT0rD8yYpzqkO0-o5tEAuUHmUGfRR3AgLCxK-QDBbhl-yhiixiZqP4apOoPyKLAiSxLtf6p_wyE9Ur-Wntx14snvJCf2z1ItIuf7vsAfy9iabTbGAgfXYNw1R_wHki78DnLdGuxyRLOWvE24UBauQvlrbsRHSdYpQX0llJUKLlH_nqVEmJ7RhcaX49wKx0Nq5G7x-7I7TCfnYbfWrqr4FdYvp4NXrFhf8UGXM_jRt_va6wt5l9ivwjCm5atMuYhuuvidUj-vscd5-ruf2WqKIOJAJwXZTr0FWUj0SBqx-SorBqGjJsBwNd0d7lqYwy8a0ri6UXGujEB9nT2GO0uvfBuiAiOiHuMcNhrmSFmtNxOtBmjjjv-EUib2a7T2qZ2XIq2j_hLsgRnWwpvumMFtGG1JQmMm9tAHm_1vEcfEdaUEtf7tho-GGpJDpD2QddjRjeQfQYxMDAw0ZEIkbIESim9gE2thhBVWg1K1axyzDdyOyX49qvsOctNODAuZ0_MYbhG61lh-DIMg6VYVPwZt8O3G67niNqSA-pyAHPZ6ASVF0VMaS9MYBzYONNhG7avcgUH1vQV3jj53BIh8KbaTwrBX8ImUHtQBe1ct0Pg8RmtvTGOPNGJKFaTrtmCKZLtJeBt6RVsWWCuJxAh9QTq4rtHxp0zmvfcDrhEZbRq58xrVLwS851SxpSw0mjOjdoNetBYk1hLUw7p8Dcmf8iFSCaAG-9YRH9NbfYAerHAc2CvOXL7EHpHNuago33W8gICVNsHCFD1_07EMXEot44i-rBJMFpmqwPGXT0nlxyWaAJ0S1QpKroHozy-FN50YcegzVhzg3l-yzLk9vlhtD2eYZ3kLdH8sY9fUH-PmGgAGqQGQC8O3p_-LUGAbX_l3290ciKBX5H8dkP4q2d0i1tCs-N89iZCxtXcnAnuiXP6NT2W7La-09pM7Icd74rbYf4aKYaoh2iPI9I7xa711GRXtWTM_-Nd6LkoVpVtrslQbdmMiGHd8zY6uAHA1MgO91ZEBwwmveqda8PM0jEiKAO4gTPW6Gx52BdEWwZuI-xnyBX2TbxcDpBdpXYBC4MrDhMlHolg8TP32cFJSg4YozGBo900FqI7Eu4EVR-QcWAXw-FafAl2E8R2XVucwaWKayV-ATuLPyJUieQtp4NhC_LtiuJOfOEEEY6V06A_fl1kTlZgmPdrXjZ-tat5EzG9XNt2zjSw0THPDROeC1jlB2-IFNvdm24k4hAysEsr7UYLJ9I2YQtcW3-bkCesP_6HoN5O9cNUKNzAVTD4Ud9jhu3g42aiH5CICc3kDPhWEh4nshLsgjbKJHEIrfCboO9XcyRVWIxHgLLD8ENHuCoCIDf2ZKyFjYxbAKr1tHgT88Cx3fQIIbtddIksHIKVfwtpF8zbDHbJkr9kGaIm_piCL_y-c7G5rjs9DmKly2mnE3F7PQ7WUcLLCpgr6usPO77ZKxeYB91ImggsE_Web6tGvxaYW1eN1MbohDLqEwKu1uLfrRDFu94zE7UdiRCQvXKNOZYDoPaMsJbgG50aNzYC1oHvErB2ti_Zq02atDmN0Th59pgHggvWkP6D_3oM3te77jvTp-CNiVy4PvlpCJ9PPfH5jts4_47elJ2wr71vlyu8JcmE3RF-EfiH&uniformat=true&callback=Ya%5B6787189290117%5D
200 OK 282 B URL HTTP/2 yandex.ru/ads/meta/273816?target-ref=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&pcode-test-ids=657519%2C0%2C50%3B685883%2C0%2C59%3B678361%2C0%2C64%3B687459%2C0%2C7%3B689267%2C0%2C19%3B689964%2C0%2C72%3B681853%2C0%2C35&pcode-flags-map=eJytWNtu2zgQ%2FZWFn4uuRIm69I2SKJuIRGpJyo5bFITberMBknTRpkW7Rf99h5LsSHJKN7sF8mArOofDuZyZ8bcFW3IhqamZUrQwBdHENESSWplSSLNmBRWGcZOLOhOLF6%2B%2BLT7vbj7tFy8W%2By9%2FL54t7vcf79k7%2BIpTL8R48f31s8WaKCPpHy1V2qxr0phSitqQQk3wWrZ0TBD5MUq8joByklV0djh8KBlnmoJ9%2BYVaCW02TK9Eqw0B27VyWRdhHCXBk8l%2FBTOpKtNIUbS5VqfHPI2aAuUT4zIisXGBMzcQClORjFYdFZBkhHMq3dGJgiCMO5pCGC56ojWVmuWkMmxtslZrwd0kEOE4mZMAFkguzhkQB34aPoKlFa0p12eSKw4Sf%2BJKTjdGXcDl4c%2F6Q5CCStNUZDszZO7PBKM0PfqT8YYsqVH2BltTMGXJiy7omc3MohSX8FjSXBtFq2pCTS%2BbKXXso556qEq15XpFgbuvI71taF%2BdVJ9zVwL1iB7cpU0hyeYhb%2FSSHMunZBIqtbS0htVwHff9UxRED%2Fmk%2B5ynUrFZ9OHNAKI9xoJNaR%2F%2FlrPB5TYHSd2MofcfPu1HsBAlQdorQ6vAKapL2hlmbucIBOFVlHIjMkXleh7eu92bm%2F0EGUQo7VO9ZJegjNysKFuutOHafWSIg9TvgFvCC3ppZGsKURPGncrpxQeP2vMyKS7AWDjLLCUrnEg%2Fxkn06IE2FbVkmROOfC%2FqS%2Bol5ciULWTthhWge2fTAId%2BOKh1hx0y32RC2qBKUrBW%2FfaTDFti7e4NhtLZkK1TcnEYxIOfi7KBVqMawSExNKsp5PMEijzPm2JDL%2Bjv3OSioCCgAOVOHcYhBpohlWw9S2pz93CesWXshIdxjE7hrLTCs7FFBNn5XxgOBqxJ1U6iFXiPoytKJDe1lZY1kYzM7o0mh2LPG7zcSCYk01uTbUFB6KYR0u2wKI6G2jvkxSCBuXKKK079OBllJFMmJ1KCepE8n4v8TCVwGmDfn2C7LFZHnWtIUTC%2BdJOEOOwtz0XLQWV70Q3cVodJjEfhqSUINlMsYxV4zX1cGkc%2FRBoBDb6CznLm9ANH3Vaa9c3cgMCWDDoRs5coSe6u5jRBcTyyYyDp24UWNlFta8xgarEVo6WoqjN90kNh0GfdUpIMud%2BFFPUe3jWKvZzYi33kud5%2FpPJ9%2FAPEITlWtGs%2FkhZUQbt12udjFPVoOzZIWoLmrGBmWLLcjUuCQWDBadBma1tBkvJD32skzdwSH4FGI39SStADJeQ1h2paUYiHlW2VS9vhlHIqUeSnftjbMwKRprFXWUJpuMHIT%2FHEkhXT3TVGZODMCy3cVgQxQpNZLG9qU9OCEQMkRLN11%2BTdHGkwXRbyJv%2FfHLPJvaAlgYp64tAeYi%2BKJm5SNZHawD7UUkt%2BLkg4iqLezxV5ue0mU9P1qjHq2%2BLP%2Ff3bv%2Brdh6vruyHbb9%2B%2Fub7Zq7e7m%2Bu7q8UL9H0yv2NvGGrG5kDrMlllq7qC9js%2B4NXidnd98%2FzDJ7Dt6%2B7u3f4LfP79%2BnZ3tf84eXS1u%2B2evPtnf9e%2Fvvt8ff%2B%2B%2F3j7%2FPjl9ePW2CFSr6TYzL1PQfelVUDGob8xmOGqM56P%2FXhQnNzO34IPlUZKq%2BOsH3C7qdNdcnGSRulx3CwlA5pqexiQu4J5Aj67OJGzE0SUBkNdjhBP3cCjOA29%2BMgCvb6wDLX75CSM%2FPnJfSG5z0LIQ3MlsfPqTylAEoXDNmbHL9hdcg1XhcIwAfL6ObTre%2F1IebqdnvDFSXB6C9hxzmwyUeIfk9Aix0shJ7xpz%2BxYOJnu5w9GCw4Z0%2F960JEBcd9nHgnq8FPDLFJv729mWRUMkRptsL%2BMEwaOKhNEFjAdcpFDQUKuw%2B5ZUydBEoc4HeaG7LgEqBUpoKC71qAMbCamrISQbqYURfHDXD5f0%2BD%2FKbTSKSLtmuv3fwFiooDU&pcode-icookie=M6Jji7iQQH48N%2FVZ%2BUG8z78gccZVOS19%2F8wY02olDVKdcH9OCTkjnvRMlAmcRMTQl0rcp8lZW0Cjyj%2Bvjf7UfXsWZ7c%3D&duid=MTY3MDI3MTg0NTg3NTIyNTE3MA%3D%3D&imp-id=2&enable-flat-highlight=1&comboblock-unencoded-vast=1&test-tag=450799767388162&ad-session-id=5544271670271845029&target-id=71893047&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fprotuor.ru&top-ancestor-undetermined=0&pcode-version=689972&pcodever=689972&flash-ver=0&available-width=340&layout-config=%7B%22win_width%22%3A1280%2C%22win_height%22%3A939%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A-1%2C%22isInIframe%22%3Afalse%2C%22w%22%3A341%2C%22h%22%3A0%2C%22width%22%3A341%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A858%2C%22top%22%3A1447%2C%22ad_no%22%3A0%2C%22darkTheme%22%3Afalse%2C%22req_no%22%3A0%7D&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjIsImlzX2FzeW5jIjoxLCJvbGRfZ3JhYl9zaXplIjo4NTB9ChLDJJHkNmoQBnX9YO2_0mZrm3D45f5MpxMcnW7DE1wv26SdOJvILiJrUp_gm9ZxzBR2wxRim3x2zJww0X366T6tTZeu7bb8AX0Z0BNoE0aqILau6DTx2zNn3URVsKpiBMaKVX0PRI_LIfG4Hs8TefiegEPCIeLAqR5-9aC-NBwOHE_gCSpAVw_4lyf2hBwgPUA4D_LEwAC25uQPAuBehoQhFNe86jxjrA-E-0C4C4WgcogPao_g-cd92X_liRjryoleEhRPcEAXauEDgfn__6eH5wkfJsFD_HwfLA4QPewXiH0vm0XHzUEk8nCOMVUSRr44Co-FwFZXCADsAf-_IT_PT61lx7Nt2ephQ8Cq_0Xk8Y-vY059qRf3FBGcQO8lIC_rIa88UB4O4TOTA9PDWqi5d8QHAAgvUuBBPJjH11_sXz8QwTKU95LCY5jQw356Ew-dObCPylgH76lzTIV1IO5comUq7-h1nDxD90IQj-1_6IOYd-uuHrQ7zwrFb0A4AEgC6GU8iMuN6I8nqssVf6B8KER1RTxjj-u9uu7qXhLmiW0aLGewXE6O8z0YB8jDaNxmnXDfLdcQ99cetR5UJ-Xh3kp_yu_Lir-ND_89k7v4Mm84S0-Bx6_3zMPZCT4h_H9c6ASYPf8y6W7P_63ebX5Ef4SFHtaPZ9MZ_-FCPmpxYO6pnqW8G4nqzOqyBX_m7DZ0czZTdRPWvO2ccvfFn-fGFmKh1b__jz8W1YN-P2bBt7qfaoDgED4LfyPLECjb_yQztf9gTun-PQbCKJeb3fMfQFEFDajisIKWhM1zmXz8pmv1AOR4zz3A7iafmmg47bFRwMxphy2C-73i8O7rT8PS8Yf_4ZcehrK9QPKwsWyDU_dEWNtwf62yFih3_MI24TF253Tm-IasqQ9xmXcH_cp9VIe2bQlnZ0JQ2nsuYG5wVG_xWT0-B6CGTsshoJaDK-0kVxzBuGt2_7cA4P7xdvEDw6vT0sfFFuMWdm9_DDmwtk7R1mcIlsc7-oi2nUUepLLjOnz-678ytdyXyqio5WmmoKL2E1-WUqEt31PTz2dqaepnNc6kKehaRRoow0TiJ1Gsrcoo9tPYB10L1qR2LT0VNf2cWhUpSKtSlgUB6Fp5JE2rShaR10zpJ2RpLkvI5X6uiuAW-H4keXhxWmV--JBGQZqH8irJyF9QRhqJ_VydKyNZHh509aFLFVWaJXEuTWNxHviJEj5pHkiz0C_vMqBlcPMgzUKlvMKTqHKgBf9fKvk3YW0QOVka5jQMNAy0lUxJGaaBJIqDh6iqglwmy7PqhxlZKpMs-x9quTiG_9JRpkgVWipqRUJW6BdRUOTKLCbL7k_sPzufa1lK4dcA_rMNnjzxU3aQJ_ELYSd1JzPJ_Nmih539TQ7gS1tlgucyv-nVUrGdST2obQNJNfURnE_sU1Tu-5IADHp6Z0zt1DKywX7S2ccfmSIKpS-qAS_kcaYL-c3vCxDLiuTBfxD_lyKB-1Mv_f0mfpLJEqDuJmTJncEDaW5Vkv923RYBwSTkq2yCqXlbpob-B03_1-sco1Dr6o1S0N3r2G9jFArF2bRB0tmfURKErYhYS3GoSyNsT2QUCqCXla-UnMBPfaLPLTx9gYAy7UGfysKnOnbHbiR3vrtwh9WOCHrxFyH635hp9ClnWZQUUeTrd6tF5jdFEdWvViFp3jVKa5lO9hO5hRhemElKscld2NpJ9mlobdSGO4C_ppLK0lw9tfOhD1LltWOB_MueKgvrAG4xmipPFIo0zuEGdpDir22SMPV90tzPVIGFRoWVzVSz9NZXC5zmb2uuOwEW0c2sqyvwj8fMDFGQkMf_v2qpLqbkbscIOmIex174ETlRZV9K-0X3m-0e126X3rcmHHUlywR7v7hSNio6zVJkKqseuUJgv5cZmLHy21iY_2Kk1QWZK7KtB4EkM--ppTcg4m1A1EHdRbmMlaYu7Gt-gm9_GIxVjVitpqa_v5aeRksBhrYlfRz-i52u_l6J0K_tIHagYq8sIt2CudGhaJ1PmHodxbZFG6yn37qDbmX93IaR6QgjeEb432MXrRsS1EXk9aJxuEGuUZseyJ69QaIw54ptCVWYxYokJr-ir7G9qw8skZLn5hQi12B2aN2Sa2hvJ-Dt7q6B_Ok32W7ma-E7OXDmKdtbBLnK_9qZKHz51difgr_G0zz_QFIJv06QGn_GymRVHJ9cqsjjKP_g9s8-wbyxtE2_o2uL9gZxXjoBKoZbyp4hytvKXF5ASiwW4eVu5oNIo_AKJUCeQ8IB5aqsufybJ6onMVeJff9HsPYYsgt8Zmp_BfbxP5mFe1EJJpBp2WWLbm7nzXrfpoif6eo5FdXyQ5Zc-bT96GFsaZ9UkuZKceBH0mnJoEhPBqCzQ9Ty0XvR7-d-NpJKXjg5alS5q47f7qYyKEveKY3JawP6VTyT4-cgUejC_LJtohPmzPgCd3VoAOeaK2zhu4iytIh_9_F9PkQ0iBHXPeQBqRcZZP5f9KtQFiqq_Dex4ny5WKqKs0TmMnEzjMYKzGGGAYjaCHu50kxJ-shNahqm5d-J13bSJ4PoVPbOEqZpK9uz7VOudmP2s-nbos-lkjiU1aHJyFTWBiXwb1LqhKm2UnwZfLZyI5MysS-PwvzkE335OoCf6gCfBPA_2qGmTyabzTn9RGqZdYlY9ZuVf-AollxoqhjfiQOjahCXwPWgdY-ROUeRfm33P1iqiI1-WYP15Ok6_NZpUhsH5pu0DuBcwz5M2WFW71LYjQMtAgRoHwc1sh4HcEaib29_5oZ4r0iH6R4Qon0PdMh6D-CFcJnJJemWeHv9V7Os_7SYDj4itA8-LbIefHBBcIm-0k-D6Qpo0L4CGmS9ApQjQ8Nouceok8A-crj1szypbmRQbSTYVuAX-wywJavOz2KuygyO_uyhrcx6vj2Y1WGyTCyNWXjzS_BrA24Pdev8D1jHAbQI6DDY-O4TvfbfGbKy1oVtGYaqCuDlCKuFkhRp5ovDD8cspYKJARgwdAcKLokGBsg0wKbAAgF6IwsT3QOxVJqFpHdZkNvUtVX_iIomaeRr9d4Lj6WFQ1K1tmNpK7D-oGfvgniQvhzIHCBuAQDKQkWsBebVBTWd2aLk1u1N0b3rruC7ab4xltvoTDQvbm1tl9Lfn-hF8zkwOsYSHFGBq-5v3xDj8cqbQngK8iXrPR0_FFovkr_D_F_xJ9f97UExkjy61hrrDT0BwxlnL_1dISN4xuFtKTOWQLYdpEbqIJTTqgabmgJMVGkKwOhR4AcM0s1M6TrCnypDy5y1a4-UJSFjLU12YV49T483UeH30P28NoE4VutVQMa7hrwqxAHlB_sXKYAAFehhIsti-Fl8Kz09-WD8a-wh2_im44D6wPYpVA-KBxxj74-_PUT0rD8yYpzqkO0-o5tEAuUHmUGfRR3AgLCxK-QDBbhl-yhiixiZqP4apOoPyKLAiSxLtf6p_wyE9Ur-Wntx14snvJCf2z1ItIuf7vsAfy9iabTbGAgfXYNw1R_wHki78DnLdGuxyRLOWvE24UBauQvlrbsRHSdYpQX0llJUKLlH_nqVEmJ7RhcaX49wKx0Nq5G7x-7I7TCfnYbfWrqr4FdYvp4NXrFhf8UGXM_jRt_va6wt5l9ivwjCm5atMuYhuuvidUj-vscd5-ruf2WqKIOJAJwXZTr0FWUj0SBqx-SorBqGjJsBwNd0d7lqYwy8a0ri6UXGujEB9nT2GO0uvfBuiAiOiHuMcNhrmSFmtNxOtBmjjjv-EUib2a7T2qZ2XIq2j_hLsgRnWwpvumMFtGG1JQmMm9tAHm_1vEcfEdaUEtf7tho-GGpJDpD2QddjRjeQfQYxMDAw0ZEIkbIESim9gE2thhBVWg1K1axyzDdyOyX49qvsOctNODAuZ0_MYbhG61lh-DIMg6VYVPwZt8O3G67niNqSA-pyAHPZ6ASVF0VMaS9MYBzYONNhG7avcgUH1vQV3jj53BIh8KbaTwrBX8ImUHtQBe1ct0Pg8RmtvTGOPNGJKFaTrtmCKZLtJeBt6RVsWWCuJxAh9QTq4rtHxp0zmvfcDrhEZbRq58xrVLwS851SxpSw0mjOjdoNetBYk1hLUw7p8Dcmf8iFSCaAG-9YRH9NbfYAerHAc2CvOXL7EHpHNuago33W8gICVNsHCFD1_07EMXEot44i-rBJMFpmqwPGXT0nlxyWaAJ0S1QpKroHozy-FN50YcegzVhzg3l-yzLk9vlhtD2eYZ3kLdH8sY9fUH-PmGgAGqQGQC8O3p_-LUGAbX_l3290ciKBX5H8dkP4q2d0i1tCs-N89iZCxtXcnAnuiXP6NT2W7La-09pM7Icd74rbYf4aKYaoh2iPI9I7xa711GRXtWTM_-Nd6LkoVpVtrslQbdmMiGHd8zY6uAHA1MgO91ZEBwwmveqda8PM0jEiKAO4gTPW6Gx52BdEWwZuI-xnyBX2TbxcDpBdpXYBC4MrDhMlHolg8TP32cFJSg4YozGBo900FqI7Eu4EVR-QcWAXw-FafAl2E8R2XVucwaWKayV-ATuLPyJUieQtp4NhC_LtiuJOfOEEEY6V06A_fl1kTlZgmPdrXjZ-tat5EzG9XNt2zjSw0THPDROeC1jlB2-IFNvdm24k4hAysEsr7UYLJ9I2YQtcW3-bkCesP_6HoN5O9cNUKNzAVTD4Ud9jhu3g42aiH5CICc3kDPhWEh4nshLsgjbKJHEIrfCboO9XcyRVWIxHgLLD8ENHuCoCIDf2ZKyFjYxbAKr1tHgT88Cx3fQIIbtddIksHIKVfwtpF8zbDHbJkr9kGaIm_piCL_y-c7G5rjs9DmKly2mnE3F7PQ7WUcLLCpgr6usPO77ZKxeYB91ImggsE_Web6tGvxaYW1eN1MbohDLqEwKu1uLfrRDFu94zE7UdiRCQvXKNOZYDoPaMsJbgG50aNzYC1oHvErB2ti_Zq02atDmN0Th59pgHggvWkP6D_3oM3te77jvTp-CNiVy4PvlpCJ9PPfH5jts4_47elJ2wr71vlyu8JcmE3RF-EfiH&uniformat=true&callback=Ya%5B6787189290117%5D
IP
File type JSON data\012- , ASCII text, with very long lines (437), with no line terminators
Hash fa9e66eee62d2bdbb8006a845715d2ca
0693022cd3a44a31beca27c8929ec12ef65859f0
ad4cbf51c39b6de5a515f377052f56db51f3f5094d7ac1604ff4f1f5faf026c3
GET /ads/meta/273816?target-ref=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&pcode-test-ids=657519%2C0%2C50%3B685883%2C0%2C59%3B678361%2C0%2C64%3B687459%2C0%2C7%3B689267%2C0%2C19%3B689964%2C0%2C72%3B681853%2C0%2C35&pcode-flags-map=eJytWNtu2zgQ%2FZWFn4uuRIm69I2SKJuIRGpJyo5bFITberMBknTRpkW7Rf99h5LsSHJKN7sF8mArOofDuZyZ8bcFW3IhqamZUrQwBdHENESSWplSSLNmBRWGcZOLOhOLF6%2B%2BLT7vbj7tFy8W%2By9%2FL54t7vcf79k7%2BIpTL8R48f31s8WaKCPpHy1V2qxr0phSitqQQk3wWrZ0TBD5MUq8joByklV0djh8KBlnmoJ9%2BYVaCW02TK9Eqw0B27VyWRdhHCXBk8l%2FBTOpKtNIUbS5VqfHPI2aAuUT4zIisXGBMzcQClORjFYdFZBkhHMq3dGJgiCMO5pCGC56ojWVmuWkMmxtslZrwd0kEOE4mZMAFkguzhkQB34aPoKlFa0p12eSKw4Sf%2BJKTjdGXcDl4c%2F6Q5CCStNUZDszZO7PBKM0PfqT8YYsqVH2BltTMGXJiy7omc3MohSX8FjSXBtFq2pCTS%2BbKXXso556qEq15XpFgbuvI71taF%2BdVJ9zVwL1iB7cpU0hyeYhb%2FSSHMunZBIqtbS0htVwHff9UxRED%2Fmk%2B5ynUrFZ9OHNAKI9xoJNaR%2F%2FlrPB5TYHSd2MofcfPu1HsBAlQdorQ6vAKapL2hlmbucIBOFVlHIjMkXleh7eu92bm%2F0EGUQo7VO9ZJegjNysKFuutOHafWSIg9TvgFvCC3ppZGsKURPGncrpxQeP2vMyKS7AWDjLLCUrnEg%2Fxkn06IE2FbVkmROOfC%2FqS%2Bol5ciULWTthhWge2fTAId%2BOKh1hx0y32RC2qBKUrBW%2FfaTDFti7e4NhtLZkK1TcnEYxIOfi7KBVqMawSExNKsp5PMEijzPm2JDL%2Bjv3OSioCCgAOVOHcYhBpohlWw9S2pz93CesWXshIdxjE7hrLTCs7FFBNn5XxgOBqxJ1U6iFXiPoytKJDe1lZY1kYzM7o0mh2LPG7zcSCYk01uTbUFB6KYR0u2wKI6G2jvkxSCBuXKKK079OBllJFMmJ1KCepE8n4v8TCVwGmDfn2C7LFZHnWtIUTC%2BdJOEOOwtz0XLQWV70Q3cVodJjEfhqSUINlMsYxV4zX1cGkc%2FRBoBDb6CznLm9ANH3Vaa9c3cgMCWDDoRs5coSe6u5jRBcTyyYyDp24UWNlFta8xgarEVo6WoqjN90kNh0GfdUpIMud%2BFFPUe3jWKvZzYi33kud5%2FpPJ9%2FAPEITlWtGs%2FkhZUQbt12udjFPVoOzZIWoLmrGBmWLLcjUuCQWDBadBma1tBkvJD32skzdwSH4FGI39SStADJeQ1h2paUYiHlW2VS9vhlHIqUeSnftjbMwKRprFXWUJpuMHIT%2FHEkhXT3TVGZODMCy3cVgQxQpNZLG9qU9OCEQMkRLN11%2BTdHGkwXRbyJv%2FfHLPJvaAlgYp64tAeYi%2BKJm5SNZHawD7UUkt%2BLkg4iqLezxV5ue0mU9P1qjHq2%2BLP%2Ff3bv%2Brdh6vruyHbb9%2B%2Fub7Zq7e7m%2Bu7q8UL9H0yv2NvGGrG5kDrMlllq7qC9js%2B4NXidnd98%2FzDJ7Dt6%2B7u3f4LfP79%2BnZ3tf84eXS1u%2B2evPtnf9e%2Fvvt8ff%2B%2B%2F3j7%2FPjl9ePW2CFSr6TYzL1PQfelVUDGob8xmOGqM56P%2FXhQnNzO34IPlUZKq%2BOsH3C7qdNdcnGSRulx3CwlA5pqexiQu4J5Aj67OJGzE0SUBkNdjhBP3cCjOA29%2BMgCvb6wDLX75CSM%2FPnJfSG5z0LIQ3MlsfPqTylAEoXDNmbHL9hdcg1XhcIwAfL6ObTre%2F1IebqdnvDFSXB6C9hxzmwyUeIfk9Aix0shJ7xpz%2BxYOJnu5w9GCw4Z0%2F960JEBcd9nHgnq8FPDLFJv729mWRUMkRptsL%2BMEwaOKhNEFjAdcpFDQUKuw%2B5ZUydBEoc4HeaG7LgEqBUpoKC71qAMbCamrISQbqYURfHDXD5f0%2BD%2FKbTSKSLtmuv3fwFiooDU&pcode-icookie=M6Jji7iQQH48N%2FVZ%2BUG8z78gccZVOS19%2F8wY02olDVKdcH9OCTkjnvRMlAmcRMTQl0rcp8lZW0Cjyj%2Bvjf7UfXsWZ7c%3D&duid=MTY3MDI3MTg0NTg3NTIyNTE3MA%3D%3D&imp-id=2&enable-flat-highlight=1&comboblock-unencoded-vast=1&test-tag=450799767388162&ad-session-id=5544271670271845029&target-id=71893047&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fprotuor.ru&top-ancestor-undetermined=0&pcode-version=689972&pcodever=689972&flash-ver=0&available-width=340&layout-config=%7B%22win_width%22%3A1280%2C%22win_height%22%3A939%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A-1%2C%22isInIframe%22%3Afalse%2C%22w%22%3A341%2C%22h%22%3A0%2C%22width%22%3A341%2C%22height%22%3A0%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A858%2C%22top%22%3A1447%2C%22ad_no%22%3A0%2C%22darkTheme%22%3Afalse%2C%22req_no%22%3A0%7D&grab-orig-len=5120&grab=eyJncmFiX3ZlcnNpb24iOjIsImlzX2FzeW5jIjoxLCJvbGRfZ3JhYl9zaXplIjo4NTB9ChLDJJHkNmoQBnX9YO2_0mZrm3D45f5MpxMcnW7DE1wv26SdOJvILiJrUp_gm9ZxzBR2wxRim3x2zJww0X366T6tTZeu7bb8AX0Z0BNoE0aqILau6DTx2zNn3URVsKpiBMaKVX0PRI_LIfG4Hs8TefiegEPCIeLAqR5-9aC-NBwOHE_gCSpAVw_4lyf2hBwgPUA4D_LEwAC25uQPAuBehoQhFNe86jxjrA-E-0C4C4WgcogPao_g-cd92X_liRjryoleEhRPcEAXauEDgfn__6eH5wkfJsFD_HwfLA4QPewXiH0vm0XHzUEk8nCOMVUSRr44Co-FwFZXCADsAf-_IT_PT61lx7Nt2ephQ8Cq_0Xk8Y-vY059qRf3FBGcQO8lIC_rIa88UB4O4TOTA9PDWqi5d8QHAAgvUuBBPJjH11_sXz8QwTKU95LCY5jQw356Ew-dObCPylgH76lzTIV1IO5comUq7-h1nDxD90IQj-1_6IOYd-uuHrQ7zwrFb0A4AEgC6GU8iMuN6I8nqssVf6B8KER1RTxjj-u9uu7qXhLmiW0aLGewXE6O8z0YB8jDaNxmnXDfLdcQ99cetR5UJ-Xh3kp_yu_Lir-ND_89k7v4Mm84S0-Bx6_3zMPZCT4h_H9c6ASYPf8y6W7P_63ebX5Ef4SFHtaPZ9MZ_-FCPmpxYO6pnqW8G4nqzOqyBX_m7DZ0czZTdRPWvO2ccvfFn-fGFmKh1b__jz8W1YN-P2bBt7qfaoDgED4LfyPLECjb_yQztf9gTun-PQbCKJeb3fMfQFEFDajisIKWhM1zmXz8pmv1AOR4zz3A7iafmmg47bFRwMxphy2C-73i8O7rT8PS8Yf_4ZcehrK9QPKwsWyDU_dEWNtwf62yFih3_MI24TF253Tm-IasqQ9xmXcH_cp9VIe2bQlnZ0JQ2nsuYG5wVG_xWT0-B6CGTsshoJaDK-0kVxzBuGt2_7cA4P7xdvEDw6vT0sfFFuMWdm9_DDmwtk7R1mcIlsc7-oi2nUUepLLjOnz-678ytdyXyqio5WmmoKL2E1-WUqEt31PTz2dqaepnNc6kKehaRRoow0TiJ1Gsrcoo9tPYB10L1qR2LT0VNf2cWhUpSKtSlgUB6Fp5JE2rShaR10zpJ2RpLkvI5X6uiuAW-H4keXhxWmV--JBGQZqH8irJyF9QRhqJ_VydKyNZHh509aFLFVWaJXEuTWNxHviJEj5pHkiz0C_vMqBlcPMgzUKlvMKTqHKgBf9fKvk3YW0QOVka5jQMNAy0lUxJGaaBJIqDh6iqglwmy7PqhxlZKpMs-x9quTiG_9JRpkgVWipqRUJW6BdRUOTKLCbL7k_sPzufa1lK4dcA_rMNnjzxU3aQJ_ELYSd1JzPJ_Nmih539TQ7gS1tlgucyv-nVUrGdST2obQNJNfURnE_sU1Tu-5IADHp6Z0zt1DKywX7S2ccfmSIKpS-qAS_kcaYL-c3vCxDLiuTBfxD_lyKB-1Mv_f0mfpLJEqDuJmTJncEDaW5Vkv923RYBwSTkq2yCqXlbpob-B03_1-sco1Dr6o1S0N3r2G9jFArF2bRB0tmfURKErYhYS3GoSyNsT2QUCqCXla-UnMBPfaLPLTx9gYAy7UGfysKnOnbHbiR3vrtwh9WOCHrxFyH635hp9ClnWZQUUeTrd6tF5jdFEdWvViFp3jVKa5lO9hO5hRhemElKscld2NpJ9mlobdSGO4C_ppLK0lw9tfOhD1LltWOB_MueKgvrAG4xmipPFIo0zuEGdpDir22SMPV90tzPVIGFRoWVzVSz9NZXC5zmb2uuOwEW0c2sqyvwj8fMDFGQkMf_v2qpLqbkbscIOmIex174ETlRZV9K-0X3m-0e126X3rcmHHUlywR7v7hSNio6zVJkKqseuUJgv5cZmLHy21iY_2Kk1QWZK7KtB4EkM--ppTcg4m1A1EHdRbmMlaYu7Gt-gm9_GIxVjVitpqa_v5aeRksBhrYlfRz-i52u_l6J0K_tIHagYq8sIt2CudGhaJ1PmHodxbZFG6yn37qDbmX93IaR6QgjeEb432MXrRsS1EXk9aJxuEGuUZseyJ69QaIw54ptCVWYxYokJr-ir7G9qw8skZLn5hQi12B2aN2Sa2hvJ-Dt7q6B_Ok32W7ma-E7OXDmKdtbBLnK_9qZKHz51difgr_G0zz_QFIJv06QGn_GymRVHJ9cqsjjKP_g9s8-wbyxtE2_o2uL9gZxXjoBKoZbyp4hytvKXF5ASiwW4eVu5oNIo_AKJUCeQ8IB5aqsufybJ6onMVeJff9HsPYYsgt8Zmp_BfbxP5mFe1EJJpBp2WWLbm7nzXrfpoif6eo5FdXyQ5Zc-bT96GFsaZ9UkuZKceBH0mnJoEhPBqCzQ9Ty0XvR7-d-NpJKXjg5alS5q47f7qYyKEveKY3JawP6VTyT4-cgUejC_LJtohPmzPgCd3VoAOeaK2zhu4iytIh_9_F9PkQ0iBHXPeQBqRcZZP5f9KtQFiqq_Dex4ny5WKqKs0TmMnEzjMYKzGGGAYjaCHu50kxJ-shNahqm5d-J13bSJ4PoVPbOEqZpK9uz7VOudmP2s-nbos-lkjiU1aHJyFTWBiXwb1LqhKm2UnwZfLZyI5MysS-PwvzkE335OoCf6gCfBPA_2qGmTyabzTn9RGqZdYlY9ZuVf-AollxoqhjfiQOjahCXwPWgdY-ROUeRfm33P1iqiI1-WYP15Ok6_NZpUhsH5pu0DuBcwz5M2WFW71LYjQMtAgRoHwc1sh4HcEaib29_5oZ4r0iH6R4Qon0PdMh6D-CFcJnJJemWeHv9V7Os_7SYDj4itA8-LbIefHBBcIm-0k-D6Qpo0L4CGmS9ApQjQ8Nouceok8A-crj1szypbmRQbSTYVuAX-wywJavOz2KuygyO_uyhrcx6vj2Y1WGyTCyNWXjzS_BrA24Pdev8D1jHAbQI6DDY-O4TvfbfGbKy1oVtGYaqCuDlCKuFkhRp5ovDD8cspYKJARgwdAcKLokGBsg0wKbAAgF6IwsT3QOxVJqFpHdZkNvUtVX_iIomaeRr9d4Lj6WFQ1K1tmNpK7D-oGfvgniQvhzIHCBuAQDKQkWsBebVBTWd2aLk1u1N0b3rruC7ab4xltvoTDQvbm1tl9Lfn-hF8zkwOsYSHFGBq-5v3xDj8cqbQngK8iXrPR0_FFovkr_D_F_xJ9f97UExkjy61hrrDT0BwxlnL_1dISN4xuFtKTOWQLYdpEbqIJTTqgabmgJMVGkKwOhR4AcM0s1M6TrCnypDy5y1a4-UJSFjLU12YV49T483UeH30P28NoE4VutVQMa7hrwqxAHlB_sXKYAAFehhIsti-Fl8Kz09-WD8a-wh2_im44D6wPYpVA-KBxxj74-_PUT0rD8yYpzqkO0-o5tEAuUHmUGfRR3AgLCxK-QDBbhl-yhiixiZqP4apOoPyKLAiSxLtf6p_wyE9Ur-Wntx14snvJCf2z1ItIuf7vsAfy9iabTbGAgfXYNw1R_wHki78DnLdGuxyRLOWvE24UBauQvlrbsRHSdYpQX0llJUKLlH_nqVEmJ7RhcaX49wKx0Nq5G7x-7I7TCfnYbfWrqr4FdYvp4NXrFhf8UGXM_jRt_va6wt5l9ivwjCm5atMuYhuuvidUj-vscd5-ruf2WqKIOJAJwXZTr0FWUj0SBqx-SorBqGjJsBwNd0d7lqYwy8a0ri6UXGujEB9nT2GO0uvfBuiAiOiHuMcNhrmSFmtNxOtBmjjjv-EUib2a7T2qZ2XIq2j_hLsgRnWwpvumMFtGG1JQmMm9tAHm_1vEcfEdaUEtf7tho-GGpJDpD2QddjRjeQfQYxMDAw0ZEIkbIESim9gE2thhBVWg1K1axyzDdyOyX49qvsOctNODAuZ0_MYbhG61lh-DIMg6VYVPwZt8O3G67niNqSA-pyAHPZ6ASVF0VMaS9MYBzYONNhG7avcgUH1vQV3jj53BIh8KbaTwrBX8ImUHtQBe1ct0Pg8RmtvTGOPNGJKFaTrtmCKZLtJeBt6RVsWWCuJxAh9QTq4rtHxp0zmvfcDrhEZbRq58xrVLwS851SxpSw0mjOjdoNetBYk1hLUw7p8Dcmf8iFSCaAG-9YRH9NbfYAerHAc2CvOXL7EHpHNuago33W8gICVNsHCFD1_07EMXEot44i-rBJMFpmqwPGXT0nlxyWaAJ0S1QpKroHozy-FN50YcegzVhzg3l-yzLk9vlhtD2eYZ3kLdH8sY9fUH-PmGgAGqQGQC8O3p_-LUGAbX_l3290ciKBX5H8dkP4q2d0i1tCs-N89iZCxtXcnAnuiXP6NT2W7La-09pM7Icd74rbYf4aKYaoh2iPI9I7xa711GRXtWTM_-Nd6LkoVpVtrslQbdmMiGHd8zY6uAHA1MgO91ZEBwwmveqda8PM0jEiKAO4gTPW6Gx52BdEWwZuI-xnyBX2TbxcDpBdpXYBC4MrDhMlHolg8TP32cFJSg4YozGBo900FqI7Eu4EVR-QcWAXw-FafAl2E8R2XVucwaWKayV-ATuLPyJUieQtp4NhC_LtiuJOfOEEEY6V06A_fl1kTlZgmPdrXjZ-tat5EzG9XNt2zjSw0THPDROeC1jlB2-IFNvdm24k4hAysEsr7UYLJ9I2YQtcW3-bkCesP_6HoN5O9cNUKNzAVTD4Ud9jhu3g42aiH5CICc3kDPhWEh4nshLsgjbKJHEIrfCboO9XcyRVWIxHgLLD8ENHuCoCIDf2ZKyFjYxbAKr1tHgT88Cx3fQIIbtddIksHIKVfwtpF8zbDHbJkr9kGaIm_piCL_y-c7G5rjs9DmKly2mnE3F7PQ7WUcLLCpgr6usPO77ZKxeYB91ImggsE_Web6tGvxaYW1eN1MbohDLqEwKu1uLfrRDFu94zE7UdiRCQvXKNOZYDoPaMsJbgG50aNzYC1oHvErB2ti_Zq02atDmN0Th59pgHggvWkP6D_3oM3te77jvTp-CNiVy4PvlpCJ9PPfH5jts4_47elJ2wr71vlyu8JcmE3RF-EfiH&uniformat=true&callback=Ya%5B6787189290117%5D HTTP/1.1
Host: yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
uniformat: true
uniformat-product-type: None
content-encoding: gzip
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
access-control-allow-origin: https://protuor.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
x-yandex-req-id: 1670271847845136-13073854839703397636-vla1-4655-vla-l7-balancer-8080-BAL-8396
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
date: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: yandexuid=8436882821670271847; Path=/; Domain=.yandex.ru; Expires=Thu, 02-Dec-2032 20:24:07 GMT; SameSite=None; Secure
i=qLYW++zcDAPhlZ4eYAmoTy6n3RaAiF1KZWkqzkxd0BBiT279fxCQP1hrL3H8ptN9mscvhKnxpd02q2Yexd9WMmDTYuU=; Expires=Wed, 04-Dec-2024 20:24:07 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
content-type: application/json; charset=utf-8
pragma: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-content-type-options: nosniff
expires: Mon, 05 Dec 2022 20:24:07 GMT
X-Firefox-Spdy: h2
tag.digitaltarget.ru/adcm.js
200 OK 3.1 kB URL HTTP/1.1 tag.digitaltarget.ru/adcm.js
IP
File type ASCII text, with very long lines (3051), with no line terminators
Hash e7097284185069f52fc736bcd50cda13
1cdfdf2d869841202079ddf91e0a00a8610812e6
40f2a96f78f4c8484e9da6e172f5ddd3e4d7786ca29e04b96e1067a365190e80
GET /adcm.js HTTP/1.1
Host: tag.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/javascript
Content-Length: 3051
Last-Modified: Mon, 05 Dec 2022 20:04:42 GMT
Connection: keep-alive
ETag: "638e4eda-beb"
Accept-Ranges: bytes
sm.rtb.mts.ru/p?ssp=sape&id=0100007F66538E637503DA3402FA57AF
301 Moved Permanently 0 B URL HTTP/1.1 sm.rtb.mts.ru/p?ssp=sape&id=0100007F66538E637503DA3402FA57AF
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sape&id=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://sm.rtb.mts.ru/match/second?ssp=30&exu=0100007F66538E637503DA3402FA57AF
Set-Cookie: dspid=8be49c3e-84ed-4df6-8194-12a5b912ee75; expires=Sun, 26 Nov 2023 20:24:08 GMT; domain=.mts.ru; path=/; secure; SameSite=None
www.acint.net/match?dp=104&euid=mSE8BjPCRC6v
200 OK 43 B URL HTTP/2 www.acint.net/match?dp=104&euid=mSE8BjPCRC6v
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=104&euid=mSE8BjPCRC6v HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D
302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
tuuid=9cb757eb-f6bc-5253-a446-8e5bc7c8dd33; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
ut=Y45TaAAFqTiPrT1Tkd_EW83UKdzcthtacKakEA==; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007F66538E637503DA3402FA57AF&crf=1
200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007F66538E637503DA3402FA57AF&crf=1
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=73&external_user_id=0100007F66538E637503DA3402FA57AF&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
tuuid=80dbff38-4806-5253-a506-ee09c688bd61; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
ut=Y45TaAAGXOi-Lacgr39qg61YM9E2waVnV7WCmQ==; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
tuuid=cf5af4a7-a409-5253-b8b6-332ddb386045; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
ut=Y45TaAAH44h1LFi9ozOEGgs8FyGfz3o05Y7udw==; Max-Age=31536000; Expires=Tue, 05 Dec 2023 20:24:08 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash f81185c8cf368cebf7c365da19980549
57713fab8a670fc9785a5ec72af50aff659dfdca
9b6a7acde89dd4eb4ab8a7ab38de85c15a2c274286e9f786dac58312a8f0c899
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 04 Dec 2022 21:59:41 GMT
Expires: Mon, 05 Dec 2022 21:59:41 GMT
ETag: "57713fab8a670fc9785a5ec72af50aff659dfdca"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sm.rtb.mts.ru/match/second?ssp=30&exu=0100007F66538E637503DA3402FA57AF
200 OK 0 B URL HTTP/1.1 sm.rtb.mts.ru/match/second?ssp=30&exu=0100007F66538E637503DA3402FA57AF
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/second?ssp=30&exu=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash deaed2b8f4c855ec1455c36e0b4487c1
73834d176288806133a164de44aab56882e709d2
6b30bbe59cc9adc59145ed974384e88e2011eecc573280540e39db7b319fa7d8
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 09 Dec 2022 17:34:02 GMT
ETag: "73834d176288806133a164de44aab56882e709d2"
Last-Modified: Mon, 05 Dec 2022 17:34:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3506
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774f80ed0d461c06-OSL
tag.digitaltarget.ru/processor.js?i=823372464872577
200 OK 16 kB URL HTTP/1.1 tag.digitaltarget.ru/processor.js?i=823372464872577
IP
File type ASCII text, with very long lines (15897), with no line terminators
Hash c9571a7ce0a22f154c74bdc8e35523e0
101feba577e71fc076ea5bf3f4af08b5d3fe988d
51cf59da6b7e03337540ee3ab9f8e135ff2ead958475c1bacc8683df57823fb0
GET /processor.js?i=823372464872577 HTTP/1.1
Host: tag.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/javascript
Content-Length: 15897
Last-Modified: Mon, 05 Dec 2022 20:04:43 GMT
Connection: keep-alive
ETag: "638e4edb-3e19"
Accept-Ranges: bytes
ocsp.sectigo.com/
200 OK 471 B IP
Hash b842d5465426137b4c494a6814f54fe2
3127fd02bbffadc4e00ea0c0c0e45eb865dbb2ba
4d7c130368ff61c166464de3c378ff2680817a1ad371ff3e1b5932fbf15189d9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 02:18:43 GMT
Expires: Sat, 10 Dec 2022 02:18:42 GMT
Etag: "3127fd02bbffadc4e00ea0c0c0e45eb865dbb2ba"
Cache-Control: max-age=366273,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f80eafba01bfa-OSL
mc.yandex.ru/watch/46860633?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/46860633?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/46860633?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/46860633/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202404%3Aet%3A1670271845%3Ac%3A1%3Arn%3A760937058%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Ans%3A1670271841023%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271845%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-origin: https://protuor.ru
set-cookie: yabs-sid=2590073541670271847; Path=/; SameSite=None; Secure
i=5gTRAy55KFwZT88hOevN4dapNshIwPFqtJ4uffx0zSSp9SnMgcVqwjMX+oGTgAhbKBaJdsXhKEGJ30U6oF39jkS8dq4=; Expires=Thu, 02-Dec-2032 20:24:06 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=7445434581670271847; Expires=Tue, 05-Dec-2023 20:24:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7445434581670271847; Expires=Tue, 05-Dec-2023 20:24:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701807847.yc.1670271847#1701807847.yrts.1670271847#1701807847.yrtsi.1670271847; Expires=Tue, 05-Dec-2023 20:24:07 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:07 GMT
last-modified: Mon, 05-Dec-2022 20:24:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
px.adhigh.net/p/cm/sape?u=0100007F66538E637503DA3402FA57AF
302 Found 0 B URL HTTP/2 px.adhigh.net/p/cm/sape?u=0100007F66538E637503DA3402FA57AF
IP
ASN #48061 Limited Liability Company GPM Digital Technologies
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/cm/sape?u=0100007F66538E637503DA3402FA57AF HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-length: 0
x-backend-id: f20-ru
access-control-allow-origin: *
access-control-allow-credentials: true
set-cookie: gi_u=spBUFjhBADU.AikABlGE4_XQgA;Path=/;Domain=.adhigh.net;Expires=Tue, 05-Dec-2023 20:24:08 GMT;Secure;SameSite=None
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
location: https://px.adhigh.net/p/cm/sape?u=0100007F66538E637503DA3402FA57AF&bounced=1
X-Firefox-Spdy: h2
x01.aidata.io/0.gif?pid=9401454&id=0100007F66538E637503DA3402FA57AF&bounce=1
204 No Content 0 B URL HTTP/2 x01.aidata.io/0.gif?pid=9401454&id=0100007F66538E637503DA3402FA57AF&bounce=1
IP
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0.gif?pid=9401454&id=0100007F66538E637503DA3402FA57AF&bounce=1 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: __upin=LEFRD7hJCzqZZhyyAV+V6A;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900
302 Found 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900
IP
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-length: 0
location: https://x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: __upin=t4Qw9BZElzfr0FyqEVeKmw;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
px.adhigh.net/p/cm/sape?u=0100007F66538E637503DA3402FA57AF&bounced=1
200 OK 49 B URL HTTP/2 px.adhigh.net/p/cm/sape?u=0100007F66538E637503DA3402FA57AF&bounced=1
IP
ASN #48061 Limited Liability Company GPM Digital Technologies
File type GIF image data, version 89a, 1 x 1\012- data
Hash 889bc1fffc025af4685839fb516a0b8b
7f105137a4eafe93213ecd8cc34dd907c340467c
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
GET /p/cm/sape?u=0100007F66538E637503DA3402FA57AF&bounced=1 HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/gif
content-length: 49
x-backend-id: f20-ru
access-control-allow-origin: *
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
X-Firefox-Spdy: h2
vifog.com/video/get/?platformId=108340&format=3&overrollType=embeded&sig=207ac0fe6dd6b704&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=ca0f973b17ec4c1cd3e6045500779d6d
200 OK 485 B URL HTTP/1.1 vifog.com/video/get/?platformId=108340&format=3&overrollType=embeded&sig=207ac0fe6dd6b704&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=ca0f973b17ec4c1cd3e6045500779d6d
IP
ASN #44066 diva-e Datacenters GmbH
File type exported SGML document, ASCII text, with very long lines (485), with no line terminators
Hash bc591f5389cfe4aaff60839ac914e757
77e4a1c454de91bce25b231823af916ba999a1cf
75b680bde585afc4948302e090dda0936494464353e9ac45e6ef0233e05f583c
GET /video/get/?platformId=108340&format=3&overrollType=embeded&sig=207ac0fe6dd6b704&data=%7B%22shown%22%3A%5B%5D%2C%22errors%22%3A%5B%5D%2C%22dimentions%22%3A%7B%22width%22%3A341%2C%22height%22%3A0%7D%2C%22referer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22origReferer%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22location%22%3A%22https%3A%2F%2Fprotuor.ru%2F%22%2C%22n%22%3A1%2C%22lang%22%3A%22en-US%22%2C%22title%22%3A%22%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F%22%7D&vbmuid=ca0f973b17ec4c1cd3e6045500779d6d HTTP/1.1
Host: vifog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 485
Connection: keep-alive
X-Hostname: dsde382.rotator.viboom.com
Set-Cookie: vbmuid=ca0f973b17ec4c1cd3e6045500779d6d; Max-Age=16070400; Path=/; Expires=Fri, 09 Jun 2023 20:24:08 GMT; HttpOnly
Rotator-message: video: no campaignAccess, code: -8, msg: 144/0, format: 3, platformId: 108340, rtrCampaignId: false
ETag: W/"1e5-vFkfU4nP5Kr/YIOayRTnVw"
Vary: Accept-Encoding
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ff2e89363d3f8febe5238003bd6a0af2
0b6991c014021afd6917efbd2f7e485e3a8e6f98
6fa4c9e9f48a77330923c1bf1472c55277188c17547f14c59eea7f54ac383bd4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FA4C9E9F48A77330923C1BF1472C55277188C17547F14C59EEA7F54AC383BD4"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13298
Expires: Tue, 06 Dec 2022 00:05:46 GMT
Date: Mon, 05 Dec 2022 20:24:08 GMT
Connection: keep-alive
dmg.digitaltarget.ru/1/1093/i/i?i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
307 Temporary Redirect 0 B URL HTTP/1.1 dmg.digitaltarget.ru/1/1093/i/i?i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/1093/i/i?i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&ts=1670271848725&i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
Set-Cookie: viuserid=RNuNF7hcOYO5pCZ7dhqw; Max-Age=93312000; Expires=Wed, 19 Nov 2025 20:24:08 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
dmg.digitaltarget.ru/1/1093/i/i?i=660012195464998.412595536873741&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_noorient
307 Temporary Redirect 0 B URL HTTP/1.1 dmg.digitaltarget.ru/1/1093/i/i?i=660012195464998.412595536873741&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_noorient
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/1093/i/i?i=660012195464998.412595536873741&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&ts=1670271848727&i=660012195464998.412595536873741&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_noorient
Set-Cookie: viuserid=GRVPqsgcOCZwZvX7f.zZ; Max-Age=93312000; Expires=Wed, 19 Nov 2025 20:24:08 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&ts=1670271848725&i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
200 OK 64 B URL HTTP/1.1 dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&ts=1670271848725&i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8
GET /awg/custom/1093/i/i?call_source=awg&ts=1670271848725&i=660012195464998.392777104128972&a=77&e=0100007F66538E637503DA3402FA57AF&pref=https%3A%2F%2Fprotuor.ru%2F&c=ss:77.up:0100007F66538E637503DA3402FA57AF.sync:up.xdua:duQu8Y7W37wKTwTDKyVQd843.xps:xpsRUnVsUmoaPdTB395WR1eIl.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 20:24:08 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 13
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
ad.admitad.com/b/gjz2lm7cvq607af2daf673fb4c9068/
302 Found 0 B URL HTTP/2 ad.admitad.com/b/gjz2lm7cvq607af2daf673fb4c9068/
IP
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/gjz2lm7cvq607af2daf673fb4c9068/ HTTP/1.1
Host: ad.admitad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://cdn.admitad-connect.com/public/default/banners/2010/03/04/d8d4161fbac81be6cb2e4cde6888db02.jpg
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Tue, 01 Jan 1980 1:00:00 GMT
p3p: CP="NON DSP COR CURa TIA"
X-Firefox-Spdy: h2
an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA?redir-setuniq=1
200 OK 114 B URL HTTP/2 an.yandex.ru/mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA?redir-setuniq=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 87ab759c629a0958d59a02c5ee31a764
53a2a7af60dac632d54b144faaa7968908cc18ed
5c28cf37909547c8b0c601f2d92ae5c94ffc856729f6d9183c417b47887975fb
GET /mapuid/gonetdspis/NTc3ZDk5OGVjOGZkZjJkMA?redir-setuniq=1 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
timing-allow-origin: *
date: Mon, 05 Dec 2022 20:24:08 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05 Dec 2022 20:24:08 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif; charset=utf-8
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c4c61a4e4484a0900ccaf1d980667792
0bc8a9b9201ad132d26ad0137f67085b2bc112c7
f9e1f97f2b6deaf71750aa1d6714dd77b39b9eb52e8ffcac64c66b9e6a41c3df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3536
Cache-Control: max-age=113742
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:08 GMT
Etag: "638d5ee6-117"
Expires: Wed, 07 Dec 2022 03:59:50 GMT
Last-Modified: Mon, 05 Dec 2022 03:00:54 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
cdn.admitad-connect.com/public/default/banners/2010/03/04/d8d4161fbac81be6cb2e4cde6888db02.jpg
200 OK 16 kB URL HTTP/2 cdn.admitad-connect.com/public/default/banners/2010/03/04/d8d4161fbac81be6cb2e4cde6888db02.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 300x250, components 3\012- data
Hash 8770c349167d9f4d266a6dc1255967d9
983c1b4fdebf3ee07d0e0df40db3b07e28b67da3
d92c977faefe6e6227a3a575217bcba5b0b42b780df25286ddb0a32746a9386d
GET /public/default/banners/2010/03/04/d8d4161fbac81be6cb2e4cde6888db02.jpg HTTP/1.1
Host: cdn.admitad-connect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 20:24:09 GMT
content-type: image/jpeg
content-length: 16340
cache-control: max-age=86400
cf-bgj: h2pri
etag: "8770c349167d9f4d266a6dc1255967d9"
expires: Tue, 06 Dec 2022 20:24:08 GMT
last-modified: Tue, 03 Mar 2020 16:45:31 GMT
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z097PB8F0gy4lb3Z2%2FaoeBMX4XUP5r2hitaDVAb8b26wiDksMrQPA3YMjHoxqiqEC%2Fbr%2Fg0BMAY3QSUtOZMp2zHYdkLhS0pIILu4bzvWR9iROgCo73WsXkDrn%2Fh90h4ZGduZH4RV6yn5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774f80ef7da5b509-OSL
X-Firefox-Spdy: h2
www.acint.net/ping/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=99099798&dT=2022-12-05T20%3A24%3A06.852
200 OK 43 B URL HTTP/2 www.acint.net/ping/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=99099798&dT=2022-12-05T20%3A24%3A06.852
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /ping/?v=0.4.0&uid=367d0442-a252-42b6-ad3e-0732321447c4&dp=10&tz=%2B00%3A00&nc=99099798&dT=2022-12-05T20%3A24%3A06.852 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: aid=fwAAAWOOU2Y2QQOC+5hSAoJnhlgHEMlDPxOYDi2jfnM12x1n; test_cookie=CheckForPermission; cSyncDp7v2=1670271846; cSyncDp14v3=1670271846; cSyncDp17=1670271846; cSyncDp32=1670271846; cSyncDp45v3=1670271846; cSyncDp53=1670271846; cSyncDp54v2=1670271846; cSyncDp62=1670271846; cSyncDp67v2=1670271846; cSyncDp68=1670271846; cSyncDp71=1670271846; cSyncDp77=1670271846; cSyncDp84=1670271846; cSyncDp85=1670271846; cSyncDp95v3=1670271846; cSyncDp101=1670271846; cSyncDp104v2=1670271846; cSyncDp107=1670271846; cSyncDp110=1670271846; cSyncDp111v2=1670271846; cSyncDp112v2=1670271846; cSyncDp125v2=1670271846; cSyncDp126=1670271846; cSyncDp127=1670271846; cSyncDp129=1670271846; cSyncDp136v2=1670271846; cSyncDp138=1670271846; cSyncDp146=1670271846; cSyncDp148=1670271846; cSyncDp149v2=1670271846; cSyncDp151=1670271846; cSyncDp178=1670271846; cSyncDp179=1670271846; cSyncDp186=1670271846; cSyncDp221=1670271846
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 05 Dec 2022 20:24:09 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
mc.yandex.ru/watch/36124145/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_7e1f7b18978042c114ddbc3bfe950c7590734c8ef87a2637381445bc4966ffd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202407%3Aet%3A1670271847%3Ac%3A1%3Arn%3A516415948%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271847&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/36124145/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_7e1f7b18978042c114ddbc3bfe950c7590734c8ef87a2637381445bc4966ffd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202407%3Aet%3A1670271847%3Ac%3A1%3Arn%3A516415948%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271847&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/36124145/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_7e1f7b18978042c114ddbc3bfe950c7590734c8ef87a2637381445bc4966ffd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A422241162274%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202407%3Aet%3A1670271847%3Ac%3A1%3Arn%3A516415948%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271847&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:10 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:10 GMT
last-modified: Mon, 05-Dec-2022 20:24:10 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/46860633/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_1e01c4930beacb3dff77911021388f638fe5006f6454b8dd11e63607aa37fdd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A362915158%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/46860633/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_1e01c4930beacb3dff77911021388f638fe5006f6454b8dd11e63607aa37fdd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A362915158%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/46860633/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&hittoken=1670271847_1e01c4930beacb3dff77911021388f638fe5006f6454b8dd11e63607aa37fdd4&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A2%3Adp%3A0%3Als%3A385311983868%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A362915158%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:10 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:10 GMT
last-modified: Mon, 05-Dec-2022 20:24:10 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/273816/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&nohit=1&charset=utf-8&cnt-class=1&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A415219193%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-2%29clc%280-0-0%29aw%281%29ecs%281%29fip%281%29ti%282%29
200 OK 371 B URL HTTP/2 mc.yandex.ru/watch/273816/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&nohit=1&charset=utf-8&cnt-class=1&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A415219193%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-2%29clc%280-0-0%29aw%281%29ecs%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (371), with no line terminators
Hash ef88fb98fbedce92fda36cdc7d262fde
606f82d0e1be24d61cb1aeac6d3bd8e4a59a60f9
b31abb8a8a111433568e686b8391510f8802abb4d02f069960cb33b37d2c41b1
GET /watch/273816/1?wmode=7&page-url=https%3A%2F%2Fprotuor.ru%2F&nohit=1&charset=utf-8&cnt-class=1&browser-info=pv%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A415219193%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-2%29clc%280-0-0%29aw%281%29ecs%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 371
date: Mon, 05 Dec 2022 20:24:11 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:11 GMT
last-modified: Mon, 05-Dec-2022 20:24:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A350097740%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(1)aw(1)ecs(1)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A350097740%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(1)aw(1)ecs(1)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afp%3A2342%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A350097740%3Arqn%3A1%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C259%2C1428%2C0%2C279%2C0%2C%2C475%2C15%2C%2C%2C%2C2528%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670271848&t=gdpr(14)mc(p-3-h-1)clc(0-0-0)rqnt(1)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:11 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:11 GMT
last-modified: Mon, 05-Dec-2022 20:24:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pv%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A889543364%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-3-h-1%29clc%280-0-0%29rqnt%282%29aw%281%29ecs%281%29fip%281%29ti%282%29
200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pv%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A889543364%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-3-h-1%29clc%280-0-0%29rqnt%282%29aw%281%29ecs%281%29fip%281%29ti%282%29
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/273816/1?page-url=https%3A%2F%2Fprotuor.ru%2F&charset=utf-8&cnt-class=1&hittoken=1670271851_3c4be4e02b237f8dea4d17ffd90930bbd5b79f74c9f8bb46b23a054d5e752313&browser-info=pv%3A1%3Aar%3A1%3Avf%3Aslhejhys9ytpnba8eugac%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A3%3Adp%3A0%3Als%3A502970732701%3Ahid%3A21270615%3Az%3A0%3Ai%3A20221205202408%3Aet%3A1670271848%3Ac%3A1%3Arn%3A889543364%3Arqn%3A2%3Au%3A1670271845875225170%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1670271841023%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670271848%3At%3A%D0%9A%D0%BE%D1%80%D0%BE%D0%BD%D0%B0%D0%B2%D0%B8%D1%80%D1%83%D1%81%20%D0%B2%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8%20%7C%20%D0%9F%D1%83%D1%82%D0%B5%D1%88%D0%B5%D1%81%D1%82%D0%B2%D0%B8%D1%8F&t=gdpr%2814%29mc%28p-3-h-1%29clc%280-0-0%29rqnt%282%29aw%281%29ecs%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:11 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:11 GMT
last-modified: Mon, 05-Dec-2022 20:24:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v2OgP5Rhp06ijoZU2F8vOhLjBfHdBMPa2mOIg6EiYJrgCRbrKgJz2g==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 81125
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/46860633?wv-check=56203&wv-type=0&wmode=0&wv-part=1&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=787408271&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/46860633?wv-check=56203&wv-type=0&wmode=0&wv-part=1&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=787408271&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/46860633?wv-check=56203&wv-type=0&wmode=0&wv-part=1&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=787408271&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:13 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:13 GMT
last-modified: Mon, 05-Dec-2022 20:24:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/46860633?wv-check=52133&wv-type=0&wmode=0&wv-part=2&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=368188007&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2)
200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/46860633?wv-check=52133&wv-type=0&wmode=0&wv-part=2&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=368188007&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2)
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/46860633?wv-check=52133&wv-type=0&wmode=0&wv-part=2&wv-hit=21270615&page-url=https%3A%2F%2Fprotuor.ru%2F&rn=368188007&browser-info=we%3A1%3Aet%3A1670271850%3Aw%3A1268x939%3Av%3A933%3Az%3A0%3Ai%3A20221205202410%3Au%3A1670271845875225170%3Avf%3Aynz2f7f3y7l8rj188tipo%3Ast%3A1670271850&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 12
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 05 Dec 2022 20:24:13 GMT
access-control-allow-origin: https://protuor.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05-Dec-2022 20:24:13 GMT
last-modified: Mon, 05-Dec-2022 20:24:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c175.travelpayouts.com/content?promo_id=5196&trs=22245&shmarker=22147&type=init
200 OK 0 B URL HTTP/2 c175.travelpayouts.com/content?promo_id=5196&trs=22245&shmarker=22147&type=init
IP
GET /content?promo_id=5196&trs=22245&shmarker=22147&type=init HTTP/1.1
Host: c175.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/png
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 5196
x-request-id: 1875c577f284e6474248aefb0cc4557a
x-robots-tag: noindex
X-Firefox-Spdy: h2
js.mamydirect.com/js/?h=5u7h63Dv
200 OK 0 B URL HTTP/1.1 js.mamydirect.com/js/?h=5u7h63Dv
IP
GET /js/?h=5u7h63Dv HTTP/1.1
Host: js.mamydirect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: application/x-javascript; charset=UTF-8
Date: Mon, 05 Dec 2022 20:24:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 5384
Connection: keep-alive
an.yandex.ru/mapuid/sapeis/0100007F66538E637503DA3402FA57AF?redir-setuniq=1
200 OK 0 B URL HTTP/2 an.yandex.ru/mapuid/sapeis/0100007F66538E637503DA3402FA57AF?redir-setuniq=1
IP
GET /mapuid/sapeis/0100007F66538E637503DA3402FA57AF?redir-setuniq=1 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
timing-allow-origin: *
date: Mon, 05 Dec 2022 20:24:08 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 05 Dec 2022 20:24:08 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Mon, 05 Dec 2022 20:24:08 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif; charset=utf-8
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c43.travelpayouts.com/content?promo_id=1097&shmarker=22147&type=init&trs=22245
200 OK 0 B URL HTTP/2 c43.travelpayouts.com/content?promo_id=1097&shmarker=22147&type=init&trs=22245
IP
GET /content?promo_id=1097&shmarker=22147&type=init&trs=22245 HTTP/1.1
Host: c43.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/gif
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 1097
x-request-id: 81b8bbb121751a7b90a7f710662e9478
x-robots-tag: noindex
X-Firefox-Spdy: h2
protuor.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 0 B URL HTTP/2 protuor.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Tue, 12 Jan 2021 22:03:24 GMT
vary: Accept-Encoding
etag: W/"5ffe1cac-2bd8"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
yandex.ru/ads/system/context.js
200 OK 0 B URL HTTP/2 yandex.ru/ads/system/context.js
IP
GET /ads/system/context.js HTTP/1.1
Host: yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
timing-allow-origin: *
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-content-type-options: nosniff
access-control-allow-origin: *
set-cookie: i=Id05TBNi/IdZ/w/g78cUb2VHuRHSZFlWqS3yLZkiKq72TRB2VwetXffok1AeV3QzIfI3e++firTnaLsTuTO4E4fKtlg=; Expires=Wed, 04-Dec-2024 20:24:07 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
expires: Mon, 05 Dec 2022 21:24:07 GMT
x-yandex-req-id: 1670271847127865-3580504819840445979-vla1-4655-vla-l7-balancer-8080-BAL-1985
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
cache-control: private, max-age=3600
content-encoding: br
content-type: text/javascript; charset=utf-8
x-robots-tag: noindex, noarchive, nofollow
X-Firefox-Spdy: h2
ads.adlook.me/csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
302 Found 0 B URL HTTP/2 ads.adlook.me/csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
IP
ASN #48096 Enterprise Cloud Ltd.
GET /csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://acint.net/match?dp=110&euid=26938ada26b34e128e8b612c2b1da365
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=26938ada26b34e128e8b612c2b1da365; expires=Mon, 04 Dec 2023 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
date: Mon, 05 Dec 2022 20:24:06 GMT
X-Firefox-Spdy: h2
tp.media/cascoon/dreamlines.svg
200 OK 0 B URL HTTP/2 tp.media/cascoon/dreamlines.svg
IP
GET /cascoon/dreamlines.svg HTTP/1.1
Host: tp.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Nov 2022 06:31:21 GMT
etag: W/"637dbe39-1b4a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
content-encoding: br
X-Firefox-Spdy: h2
ssp.bidvol.com/usersync?dspcsid=8&redirect=1
302 Found 0 B URL HTTP/2 ssp.bidvol.com/usersync?dspcsid=8&redirect=1
IP
ASN #24940 Hetzner Online GmbH
GET /usersync?dspcsid=8&redirect=1 HTTP/1.1
Host: ssp.bidvol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.22.0
date: Mon, 05 Dec 2022 20:24:07 GMT
x-request-id: ba54d7b0-723a-4ecb-87bc-d04fefd61625
set-cookie: bvuid=pv688eiwl2; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None
bvuid2=pv688eiwl2; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
location: https://www.acint.net/match?dp=129&euid=pv688eiwl2
X-Firefox-Spdy: h2
c18.travelpayouts.com/content?promo_id=1023&shmarker=22147&type=init&trs=22245
200 OK 0 B URL HTTP/2 c18.travelpayouts.com/content?promo_id=1023&shmarker=22147&type=init&trs=22245
IP
GET /content?promo_id=1023&shmarker=22147&type=init&trs=22245 HTTP/1.1
Host: c18.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: image/jpg
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 1023
x-request-id: d1854c2689d3aefc4680b77108247650
x-robots-tag: noindex
X-Firefox-Spdy: h2
protuor.ru/
200 OK 0 B IP
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
link: <https://protuor.ru/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
200 OK 0 B URL HTTP/2 protuor.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 02:34:24 GMT
vary: Accept-Encoding
etag: W/"63744c30-172a9"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 0 B URL HTTP/2 protuor.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Thu, 10 Nov 2022 17:31:30 GMT
vary: Accept-Encoding
etag: W/"636d3572-15e54"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
200 OK 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
IP
ASN #197695 Domain names registrar REG.RU, Ltd
GET /pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845200&pid=VIBOOM&js=1&show_js_referer=1&bounce=1 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: application/javascript
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: __upin=MmeQ23BN807cqzC/zC0MMQ;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
content-encoding: gzip
X-Firefox-Spdy: h2
app.travelpayouts.com/money_script_api/get_subscribed_campaings?marker=22147
200 OK 0 B URL HTTP/2 app.travelpayouts.com/money_script_api/get_subscribed_campaings?marker=22147
IP
GET /money_script_api/get_subscribed_campaings?marker=22147 HTTP/1.1
Host: app.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://protuor.ru
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/json; charset=utf-8
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS
access-control-request-method: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
vary: Accept
etag: W/"f14f3f86448382eab0b79931781f2659"
cache-control: max-age=0, private, must-revalidate
x-request-id: fc393fb13b0f7067337f3ba7277c2650
x-runtime: 0.044951
content-encoding: br
X-Firefox-Spdy: h2
www.travelpayouts.com/money_script/money_script.js?marker=22147
200 OK 0 B URL HTTP/2 www.travelpayouts.com/money_script/money_script.js?marker=22147
IP
GET /money_script/money_script.js?marker=22147 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Jun 2022 07:40:24 GMT
etag: W/"62b2c768-1357"
set-cookie: auid_tp=CtYRWmOOU2atLWePOshsAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,700%7CRoboto:400,500,400italic
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,700%7CRoboto:400,500,400italic
IP
GET /css?family=Lato:400,700%7CRoboto:400,500,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 20:24:05 GMT
date: Mon, 05 Dec 2022 20:24:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c18.travelpayouts.com/content?promo_id=1491&shmarker=22147&country=0&horizontal=false&animated=false
200 OK 0 B URL HTTP/2 c18.travelpayouts.com/content?promo_id=1491&shmarker=22147&country=0&horizontal=false&animated=false
IP
GET /content?promo_id=1491&shmarker=22147&country=0&horizontal=false&animated=false HTTP/1.1
Host: c18.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/javascript
cache-control: private, max-age=0
timing-allow-origin: *
x-promo-id: 1491
x-request-id: bef3694438305f4a64e157c18757bb5a
x-robots-tag: noindex
content-encoding: br
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/travelpayouts/assets/0.7c463bae92198093faf2.js
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/plugins/travelpayouts/assets/0.7c463bae92198093faf2.js
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/assets/0.7c463bae92198093faf2.js HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: application/x-javascript
last-modified: Thu, 28 Jul 2022 07:14:52 GMT
vary: Accept-Encoding
etag: W/"62e2376c-3cff"
expires: Mon, 12 Dec 2022 20:24:06 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
www.travelpayouts.com/opt_in/show/22147?callback=tpPoweredByCallback0
200 OK 0 B URL HTTP/2 www.travelpayouts.com/opt_in/show/22147?callback=tpPoweredByCallback0
IP
GET /opt_in/show/22147?callback=tpPoweredByCallback0 HTTP/1.1
Host: www.travelpayouts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:06 GMT
content-type: text/javascript; charset=utf-8
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-ua-compatible: chrome=1
etag: W/"afa68adf785eb9464e6b365e84aa4f12"
cache-control: max-age=0, private, must-revalidate
set-cookie: marker=22147; domain=.travelpayouts.com; path=/; expires=Thu, 05 Jan 2023 20:24:06 -0000
currency=usd; path=/; expires=Fri, 05 Dec 2042 20:24:06 -0000
auid_tp=CtYRWmOOU2asvmeODnVyAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
x-request-id: ede56891caaad5c637deb8d23e2a85dc
x-runtime: 0.037455
content-encoding: gzip
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
200 OK 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900&pid=VIBOOM&js=1&show_js_referer=1&bounce=1
IP
ASN #197695 Domain names registrar REG.RU, Ltd
GET /pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271845900&pid=VIBOOM&js=1&show_js_referer=1&bounce=1 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://protuor.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: application/javascript
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: __upin=58XV0PxJrDyGW2qoqGWngw;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/bs-booster-cache/2b00e3a30b719dcc643a7a6fb97e2851.css
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/bs-booster-cache/2b00e3a30b719dcc643a7a6fb97e2851.css
IP
GET /wp-content/bs-booster-cache/2b00e3a30b719dcc643a7a6fb97e2851.css HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Sat, 03 Dec 2022 14:39:54 GMT
vary: Accept-Encoding
etag: W/"638b5fba-ac85"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/travelpayouts/assets/loader.1c5e7f2174638cc0d77c.js?ver=1.0.22
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/plugins/travelpayouts/assets/loader.1c5e7f2174638cc0d77c.js?ver=1.0.22
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/assets/loader.1c5e7f2174638cc0d77c.js?ver=1.0.22 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Thu, 28 Jul 2022 07:14:52 GMT
vary: Accept-Encoding
etag: W/"62e2376c-686"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845617&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ
200 OK 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845617&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ
IP
ASN #197695 Domain names registrar REG.RU, Ltd
GET /pixel.js?pixel=VIBOOM&id=df819c2a92d07e19aaeb5f9ff002c7a1&v=1670271845617&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: application/javascript
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: livin=1;path=/;expires=Thu, 8 Dec 2022 20:24:08 GMT;max-age=259200;SameSite=None;Secure
__upin=MmeQ23BN807cqzC/zC0MMQ;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/travelpayouts/assets/18.ad88a95553067fcfaab5.css?ver=1.0.22
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/plugins/travelpayouts/assets/18.ad88a95553067fcfaab5.css?ver=1.0.22
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/assets/18.ad88a95553067fcfaab5.css?ver=1.0.22 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Thu, 28 Jul 2022 07:14:52 GMT
vary: Accept-Encoding
etag: W/"62e2376c-aa3"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/plugins/travelpayouts/assets/runtime.530be0de12661bb898c6.js?ver=1.0.22
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/plugins/travelpayouts/assets/runtime.530be0de12661bb898c6.js?ver=1.0.22
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/travelpayouts/assets/runtime.530be0de12661bb898c6.js?ver=1.0.22 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Thu, 28 Jul 2022 07:14:52 GMT
vary: Accept-Encoding
etag: W/"62e2376c-15c1"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/uploads/2017/12/cropped-favikon-192x192.jpg
404 Not Found 0 B URL HTTP/2 protuor.ru/wp-content/uploads/2017/12/cropped-favikon-192x192.jpg
IP
GET /wp-content/uploads/2017/12/cropped-favikon-192x192.jpg HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e; _sp_ses.e082=*; _sp_id.e082=396644ab-e0c3-4ae7-b79a-8adbec7ce54c.1670271844.1.1670271844.1670271844.840ff7f5-667b-4ec9-a43b-8a4fa6edb870; fid=be3d15ec-fa19-41e2-b43a-6cce0b6579fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
pragma: no-cache
link: <https://protuor.ru/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271846015&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ
200 OK 0 B URL HTTP/2 x01.aidata.io/pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271846015&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ
IP
ASN #197695 Domain names registrar REG.RU, Ltd
GET /pixel.js?pixel=VIBOOM&id=ca0f973b17ec4c1cd3e6045500779d6d&v=1670271846015&url=https%3A%2F%2Fprotuor.ru%2F&is_js_referrer=1&origin_referrer=&is_js_cookie=1&bounce=1&__upin=MmeQ23BN807cqzC/zC0MMQ HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:08 GMT
content-type: application/javascript
expires: Mon, 05 Dec 2022 20:24:07 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Mon, 05 Dec 2022 20:24:07 GMT
set-cookie: livin=1;path=/;expires=Thu, 8 Dec 2022 20:24:08 GMT;max-age=259200;SameSite=None;Secure
__upin=MmeQ23BN807cqzC/zC0MMQ;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1670271848;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-includes/css/classic-themes.min.css?ver=1
200 OK 0 B URL HTTP/2 protuor.ru/wp-includes/css/classic-themes.min.css?ver=1
IP
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: text/css
last-modified: Thu, 10 Nov 2022 17:31:29 GMT
vary: Accept-Encoding
etag: W/"636d3571-d9"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
protuor.ru/wp-content/bs-booster-cache/ff807a515acbcbfc23887e2ce0414aec.js?ver=6.1.1
200 OK 0 B URL HTTP/2 protuor.ru/wp-content/bs-booster-cache/ff807a515acbcbfc23887e2ce0414aec.js?ver=6.1.1
IP
GET /wp-content/bs-booster-cache/ff807a515acbcbfc23887e2ce0414aec.js?ver=6.1.1 HTTP/1.1
Host: protuor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://protuor.ru/
Cookie: PHPSESSID=5a0dd46c98fe399c51e7a279a0d5e77e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Mon, 05 Dec 2022 20:24:05 GMT
content-type: application/x-javascript
last-modified: Mon, 05 Dec 2022 14:37:09 GMT
vary: Accept-Encoding
etag: W/"638e0215-3d26f"
expires: Mon, 12 Dec 2022 20:24:05 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
87.236.16.213
46.137.179.119
188.42.198.44
104.18.20.226
31.172.81.159
142.250.74.110
95.211.66.35
95.216.101.186
46.243.142.239
185.196.197.130
23.33.119.27