nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
193.109.247.235301 Moved Permanently 178 B URL HTTP/1.1 nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
GET /load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651 HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 20:35:47 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9145
Expires: Sat, 03 Sep 2022 23:08:02 GMT
Date: Sat, 03 Sep 2022 20:35:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 19:43:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5W0oR4QsITsbtLEJ3wp39bbHBZgxOIMFbqezBsaO8R0VVvsjQ-GozQ==
Age: 3146
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IJ42hcV9vaWgx26GqZYumcIXvzcVuLEPquwlVORDBInDQ0myuKvATg==
age: 69620
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
193.109.247.235200 OK 12 kB URL HTTP/1.1 nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1389)
Hash f604631cdbd2f2ea5b63e9262775fff2
26013ad899eb3aa39469ded9975552b555e16155
7d9678636c5f434a4d10907b25cd45af659e08627f4f40e5f70cd29414a973b3
Analyzer Verdict Alert fortinet Malware
GET /load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651 HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 7nintendouCoz=; path=/; expires=Thu, 03-Sep-2020 20:35:48 GMT; Secure; HttpOnly; domain=.nintendo.moy.su
7nintendold=+xmkuhNj; path=/; expires=Sun, 03-Sep-2023 20:35:48 GMT; Secure; domain=.nintendo.moy.su
7nintendouzll=1662237348; path=/; expires=Sun, 03-Sep-2023 20:35:48 GMT; Secure; domain=.nintendo.moy.su
7nintendopushi=1; path=/; expires=Sun, 04-Sep-2022 19:35:48 GMT; Secure
Pragma: no-cache
Vary: host
Last-Modified: Sun, 16 Feb 2014 23:07:40 GMT
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip
nintendo.moy.su/?f%3BUhMljI5qMNROIuUx%3BMMVnAszXD33azpCOz7IG7ROxhw198UCbwjTHrfScvvcbNyX55GRey%3B9bYHjlxtjGxvzxgDgHwuubLNwKOO2pcVRNPBIgJVfP2axm%5ETqhhFfcKnetlKCB%3BrN3VHfjJJH4Im5hSYVBHwLixmhvJ%21V0pRj11M2%5EDCZh9KYOR6G3M%3Bq0tcBwNh3GvgN5qghya%3BDCHM%3Boo
193.109.247.235200 OK 1.2 kB URL HTTP/1.1 nintendo.moy.su/?f%3BUhMljI5qMNROIuUx%3BMMVnAszXD33azpCOz7IG7ROxhw198UCbwjTHrfScvvcbNyX55GRey%3B9bYHjlxtjGxvzxgDgHwuubLNwKOO2pcVRNPBIgJVfP2axm%5ETqhhFfcKnetlKCB%3BrN3VHfjJJH4Im5hSYVBHwLixmhvJ%21V0pRj11M2%5EDCZh9KYOR6G3M%3Bq0tcBwNh3GvgN5qghya%3BDCHM%3Boo
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Hash beff948251644083eb1986d8303537e5
354d4671c6fab6c0f890ebdfc341f44c7af33663
1b3bb0d907a4f49d80da4f86f8190a6430f10edfd5328037f50755c01db41fcf
Analyzer Verdict Alert fortinet Malware
GET /?f%3BUhMljI5qMNROIuUx%3BMMVnAszXD33azpCOz7IG7ROxhw198UCbwjTHrfScvvcbNyX55GRey%3B9bYHjlxtjGxvzxgDgHwuubLNwKOO2pcVRNPBIgJVfP2axm%5ETqhhFfcKnetlKCB%3BrN3VHfjJJH4Im5hSYVBHwLixmhvJ%21V0pRj11M2%5EDCZh9KYOR6G3M%3Bq0tcBwNh3GvgN5qghya%3BDCHM%3Boo HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
nintendo.moy.su/.s/src/layer1.min.css
193.109.247.235200 OK 5.2 kB URL HTTP/1.1 nintendo.moy.su/.s/src/layer1.min.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (21787), with no line terminators
Hash 5229f02c7417d4f91ec31f811a6b9c8b
7cc22665f8964aa213eac6d9aadfab6ddd3f1ea2
3f65d524005881d8f0ac954a50546597ad414777617d2d9f364d6c9ec160615f
GET /.s/src/layer1.min.css HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Mon, 18 Apr 2022 07:36:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"625d150c-551b"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/_st/my.css
193.109.247.235200 OK 3.6 kB URL HTTP/1.1 nintendo.moy.su/_st/my.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type assembler source, ASCII text
Hash ab0a87cbaeac5d00f3127306023c827f
b9e562ea90b1d02557fe4c08bdbc5b410fa86c6f
0a610b049df12d5f4ce0d462bea5103bced8f31292dff8946258b8f9417cee75
GET /_st/my.css HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Tue, 28 Apr 2020 21:02:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5ea899e4-3875"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/highslidedle/highslide.css
193.109.247.235200 OK 3.5 kB URL HTTP/1.1 nintendo.moy.su/highslidedle/highslide.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 092e0204d0e1298a5dca1534e8553e43
5de081a936522ebef26cbf2c86785b907bb7bdf0
299257435d8e7f8dc792b80a37d200e7b6bafdf95bca6ff3042f5149c668ebfd
GET /highslidedle/highslide.css HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Wed, 12 Jun 2013 10:51:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"51b852b3-512c"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/?txwCqdj7lbfdHybI7za5PaNudXh3yD%3B5TlGFepeLP5FFpNOyHKTz8HJ%5EqXS54QDHTMf2WAldVPVu0fy%21DLN0KlwzGRg6%5EeQIY5iads54ODCmOnuKJutRhJezS6ZvG3ORtKKgW%211hlnha0A%5EfWSkthBMT9WUAG%5EpGtCHW%3BfVkE%212a3n8%5EyXPMP%5E2xiBFb3Hj%21JsT%3BUilC8ctD1SRbmyg%5E
193.109.247.235200 OK 811 B URL HTTP/1.1 nintendo.moy.su/?txwCqdj7lbfdHybI7za5PaNudXh3yD%3B5TlGFepeLP5FFpNOyHKTz8HJ%5EqXS54QDHTMf2WAldVPVu0fy%21DLN0KlwzGRg6%5EeQIY5iads54ODCmOnuKJutRhJezS6ZvG3ORtKKgW%211hlnha0A%5EfWSkthBMT9WUAG%5EpGtCHW%3BfVkE%212a3n8%5EyXPMP%5E2xiBFb3Hj%21JsT%3BUilC8ctD1SRbmyg%5E
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Hash 4a33e7cd7558f3f5a86d0fc27aee8c90
50fc0ad44d3917690997ca278091e53d0d575362
d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330
Analyzer Verdict Alert fortinet Malware
GET /?txwCqdj7lbfdHybI7za5PaNudXh3yD%3B5TlGFepeLP5FFpNOyHKTz8HJ%5EqXS54QDHTMf2WAldVPVu0fy%21DLN0KlwzGRg6%5EeQIY5iads54ODCmOnuKJutRhJezS6ZvG3ORtKKgW%211hlnha0A%5EfWSkthBMT9WUAG%5EpGtCHW%3BfVkE%212a3n8%5EyXPMP%5E2xiBFb3Hj%21JsT%3BUilC8ctD1SRbmyg%5E HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
nintendo.moy.su/.s/src/base.min.css?v=012043
193.109.247.235200 OK 6.1 kB URL HTTP/1.1 nintendo.moy.su/.s/src/base.min.css?v=012043
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (24327), with no line terminators
Hash 669080aa07c6af1ec71b090656571e10
f6005cb813248bd826b4238f9ebc3998e0a37ba4
9e971aaa2587f4bda78f4e80203953d8bab14cd8457fdbf088a0f6a6e1ebd483
GET /.s/src/base.min.css?v=012043 HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Thu, 01 Sep 2022 17:43:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef5e-5f07"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55af97142320cd70c3fcf905212089b
25f5c96ea20ba5246b3ef3b9310b5c27ffb5b6f3
6ffec9f64b7e2622dcf642bee03431c6f5746d9bd34472fc008d77c19646b9a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FFEC9F64B7E2622DCF642BEE03431C6F5746D9BD34472FC008D77C19646B9A5"
Last-Modified: Sat, 03 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13137
Expires: Sun, 04 Sep 2022 00:14:35 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
nintendo.moy.su/js/highslide-full.packed.js
193.109.247.235200 OK 22 kB URL HTTP/1.1 nintendo.moy.su/js/highslide-full.packed.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type Unicode text, UTF-8 (with BOM) text, with very long lines (47140), with CRLF line terminators
Hash 9feb20fd6bf89eafd8eb680adeed0f00
ecdd78a3b0debefd2f07aa48877b27b94179b9f0
9660eb803f38df832b01082938c2816fb66a00bba4d0bf962f8cf7d529b48231
Analyzer Verdict Alert fortinet Malware
GET /js/highslide-full.packed.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Tue, 07 May 2013 07:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5188aec7-b843"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1278db78948279716d72ac203ad8fb0d
1746b9863b781ed9a0c26a126b9b80d36c903974
8d9e31a35490bc2ebef4c4c2152c89b62491c0cdfc31ec0594bc21fd2e9f43f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nintendo.moy.su/.s/src/ulightbox/ulightbox.min.css
193.109.247.235200 OK 1.4 kB URL HTTP/1.1 nintendo.moy.su/.s/src/ulightbox/ulightbox.min.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (4552), with no line terminators
Hash 9c03edbcbefe3eea8902981444de96f7
ca39997a1765ab084fb7e6740858176b9385c4ca
8487aa6ee4bd261bdf1f5b681cf96d347cd980ed45183c5a2a9571db6c891a08
GET /.s/src/ulightbox/ulightbox.min.css HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-11c8"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55af97142320cd70c3fcf905212089b
25f5c96ea20ba5246b3ef3b9310b5c27ffb5b6f3
6ffec9f64b7e2622dcf642bee03431c6f5746d9bd34472fc008d77c19646b9a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FFEC9F64B7E2622DCF642BEE03431C6F5746D9BD34472FC008D77C19646B9A5"
Last-Modified: Sat, 03 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13137
Expires: Sun, 04 Sep 2022 00:14:35 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
nintendo.moy.su/.s/src/social.css
193.109.247.235200 OK 610 B URL HTTP/1.1 nintendo.moy.su/.s/src/social.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (442)
Hash af855dcd18719bcf0da15a9029755af1
d74d0ed8d96f2ebe46a7671564bf80eea6865103
9add1a323772a7c09260b63a21732472cb0204105c1d2bee763ea1429f0e26e9
GET /.s/src/social.css HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Dec 2021 11:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"61a758f3-9b8"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55af97142320cd70c3fcf905212089b
25f5c96ea20ba5246b3ef3b9310b5c27ffb5b6f3
6ffec9f64b7e2622dcf642bee03431c6f5746d9bd34472fc008d77c19646b9a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FFEC9F64B7E2622DCF642BEE03431C6F5746D9BD34472FC008D77C19646B9A5"
Last-Modified: Sat, 03 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13137
Expires: Sun, 04 Sep 2022 00:14:35 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
nintendo.moy.su/.s/src/jquery-1.12.4.min.js
193.109.247.235200 OK 34 kB URL HTTP/1.1 nintendo.moy.su/.s/src/jquery-1.12.4.min.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (32077)
Hash eed194bd33958fd0768352b877915a40
db7a4073a53efb53155652219d948940efe6baa7
9eaac8a63f3851efef83bd151a558f6c8d8e6bb75c7725625cf8892b6312aa06
Analyzer Verdict Alert fortinet Malware
GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef5e-17b8b"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/.s/src/ulightbox/ulightbox.min.js
193.109.247.235200 OK 7.6 kB URL HTTP/1.1 nintendo.moy.su/.s/src/ulightbox/ulightbox.min.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (22291), with no line terminators
Hash 3bb3aaa5262067cec461b32298975b05
4e11bfe49cd05fcdbd1e692fc87788da07e62161
61fa91bb508bfda7ee487ffaf0e38aa71cfab1ce78bb108d6c6140dc9b35ab22
Analyzer Verdict Alert fortinet Malware
GET /.s/src/ulightbox/ulightbox.min.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-5713"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/js/fontsize.js
193.109.247.235200 OK 189 B URL HTTP/1.1 nintendo.moy.su/js/fontsize.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Hash a00420cfdfa6e8a204d46c1c01136d31
5d9166d9a29e3459299fea5977637714a8913e9d
4fcffb2803e41d122d626b0041b0fb395808b168d1bee4cc03cdd0cc9f28bdad
Analyzer Verdict Alert fortinet Malware
GET /js/fontsize.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Thu, 04 Nov 2010 11:14:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"4cd295af-113"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
nintendo.moy.su/js/cufon.js
193.109.247.235200 OK 7.5 kB URL HTTP/1.1 nintendo.moy.su/js/cufon.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ASCII text, with very long lines (18158)
Hash 074c0b8eb5aeb02d1072fb2ceae89a6a
3c803b19e95ef02b5f524585d169aaa1944b2328
2875f4b1a7f833ab2e5c2a70863538eb3b3f62a905647a3bd461e3d057ef92e9
Analyzer Verdict Alert fortinet Malware
GET /js/cufon.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Thu, 04 Nov 2010 11:14:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"4cd295ad-4751"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
142.250.74.164200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
IP 142.250.74.164:0
File type ASCII text, with very long lines (905), with no line terminators
Hash 1ae4b5d24ef2bf5eb1943b671121c9b6
dabe43cb7317b77061c0852c752be188a3e31088
7b0dbeea59799b2b295d3052a8e173737141caf6a7e1d1d73e744ed8a73e1720
GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 03 Sep 2022 20:35:38 GMT
date: Sat, 03 Sep 2022 20:35:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
am15.net/bn.php?s=78691&f=5&d=31957
95.216.225.17200 OK 2.0 kB URL HTTP/1.1 am15.net/bn.php?s=78691&f=5&d=31957
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1379)
Hash 62e02baa5faf19a0123154a8e93d078e
7da4ae9933584568023727a83def005f97c99629
47bb40e1173a86ae2eeb8873db126beb0c9807e5bab8dca05f575337ceb098e3
GET /bn.php?s=78691&f=5&d=31957 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/javascript; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: wbn=10400; expires=Sun, 04-Sep-2022 06:35:38 GMT; Max-Age=36000; path=/; domain=.am15.net
unic_vc=y-Mz1hJD1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 20:59:59 GMT; Max-Age=1461; path=/; domain=.am15.net
Content-Encoding: gzip
am15.net/bn.php?s=78691&f=5&d=8858
95.216.225.17200 OK 2.0 kB URL HTTP/1.1 am15.net/bn.php?s=78691&f=5&d=8858
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1379)
Hash f5f1ea409dee27a37ada7821f43128dd
4cb8d1bd4588f37e1d73d2dd37485043805ab2b7
7af01e17de7345c370bd424d67f04672f48bc0aefb9b502e080c397b4923b1c4
GET /bn.php?s=78691&f=5&d=8858 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/javascript; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: wbn=10500; expires=Sun, 04-Sep-2022 06:35:38 GMT; Max-Age=36000; path=/; domain=.am15.net
unic_vc=y-Mz1hJD1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 20:59:59 GMT; Max-Age=1461; path=/; domain=.am15.net
Content-Encoding: gzip
s1.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.558277394657654
193.109.247.235200 OK 0 B URL HTTP/1.1 s1.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.558277394657654
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.558277394657654 HTTP/1.1
Host: s1.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
nintendo.moy.su/js/font.js
193.109.247.235200 OK 20 kB URL HTTP/1.1 nintendo.moy.su/js/font.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type ISO-8859 text, with very long lines (65371)
Hash dfde77c0d469d1c0014162041c698836
a64e232ddab7cabd8ed6248690758eda3c29d037
8b3af171461083f5e05ccccd0fa10062946b2a72eaec91e37b67424d96d0b0d3
Analyzer Verdict Alert fortinet Malware
GET /js/font.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Thu, 04 Nov 2010 11:14:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"4cd295b2-10a94"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
s20.ucoz.net/src/u.js
195.216.243.20200 OK 305 B IP 195.216.243.20:0
File type HTML document, ASCII text
Hash e14ed650defcad8c89649d8984a566f4
0a354428e3dadfa08201dad18d2e5bdd0e9245c0
b1390f81b0b6e9751c525b9f1759f211b5dc9b4cd6603702e2b92d89da083328
GET /src/u.js HTTP/1.1
Host: s20.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef55-212"
Expires: Tue, 13 Sep 2022 20:35:38 GMT
Cache-Control: max-age=864000
Content-Encoding: gzip
news.2xclick.ru/loader.js
93.95.100.117200 OK 28 kB URL HTTP/1.1 news.2xclick.ru/loader.js
IP 93.95.100.117:0
ASN #48347 JSC Mediasoft ekspert
File type Unicode text, UTF-8 text, with very long lines (649)
Hash 3fc7455c78069c953575d797204bcb8f
fa9298fdbef4b2834545f362907350cef639df2a
ef606c5a031835532960c03671d282016982c30a202fbdfca765ef5c8362e066
GET /loader.js HTTP/1.1
Host: news.2xclick.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: application/javascript
Content-Length: 28050
Last-Modified: Thu, 01 Sep 2022 08:26:21 GMT
Connection: keep-alive
ETag: "63106cad-6d92"
Content-Encoding: gzip
Expires: Sun, 04 Sep 2022 20:35:38 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
Set-Cookie: uid=XV9kdWMTupqB3CT0IBI1Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; secure; SameSite=none
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nintendo.moy.su/images/adline.gif
193.109.247.235200 OK 913 B URL HTTP/1.1 nintendo.moy.su/images/adline.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 468 x 3\012- data
Hash 41911a79b5bfe80e7bea6bff3227e94a
0933ba713d0b7fec3aee36779af51e01f87104f5
605d2c31074a51702dbfc56fc838a6958670a03c775f5fb18e353aa8d33b2b86
GET /images/adline.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 913
Last-Modified: Fri, 17 Apr 2015 15:30:19 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5531270b-391"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/2question.jpg
193.109.247.235200 OK 11 kB URL HTTP/1.1 nintendo.moy.su/images/2question.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2011:02:13 05:10:55], baseline, precision 8, 10x10, components 3\012- data
Hash 016cd528a6e2661613791103a24d84ec
b807c63ed7b0fbf8677d688d97cc5c2fbbd31acf
c242ec1091e66228af289b9e8301c4c707e2334584006195a586e68baeed9602
GET /images/2question.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 11312
Last-Modified: Fri, 22 Mar 2013 16:57:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "514c8d67-2c30"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/ico_rss.gif
193.109.247.235200 OK 1.0 kB URL HTTP/1.1 nintendo.moy.su/images/ico_rss.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 14 x 14\012- data
Hash 713b9d4cfde7c48ee30fe04e7dc34f28
c7d4dfb3a849d43f9c1a3b31819d280fe1130c61
c641f46723782671a2ad450e692e15007d0edafd3cf8f5e82d1cc61bfe31cce1
GET /images/ico_rss.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 1018
Last-Modified: Sat, 04 Jan 2014 14:02:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "52c8146c-3fa"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6170
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:38 GMT
Last-Modified: Sat, 03 Sep 2022 18:52:48 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
nintendo.moy.su/images/ico-rss.gif
193.109.247.235200 OK 2.9 kB URL HTTP/1.1 nintendo.moy.su/images/ico-rss.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 66 x 50\012- data
Hash b900184ba42d89243d0f202e4ef3e885
8bedfa65aed129712b0d062075fba3dde067a216
98c7495bf3215f5ee24f4d0810209740c54de42b41ccbdd2db10f1a19c80d608
GET /images/ico-rss.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 2881
Last-Modified: Fri, 07 Jun 2013 17:06:02 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51b212fa-b41"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/_ld/66/54027284.jpg
193.109.247.235200 OK 15 kB URL HTTP/1.1 nintendo.moy.su/_ld/66/54027284.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 240x160, components 3\012- data
Hash 1b2659786a6fbe049cde8c4d8dc17696
616b4f3278b979b0d3cef2beb1546b65803bc79c
f2a47e5c5fbe8c7141f1cded7b78c0aff60d1630b9458e2ddf16fda5d3b3d99d
GET /_ld/66/54027284.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 15351
Last-Modified: Wed, 13 Mar 2013 11:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51406408-3bf7"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
s20.ucoz.net/src/jquery-1.3.2.js
195.216.243.20200 OK 20 kB URL HTTP/1.1 s20.ucoz.net/src/jquery-1.3.2.js
IP 195.216.243.20:0
File type ASCII text, with very long lines (39939)
Hash a93b17339e7cafc70688dd3fb5216368
ca55ac2c70035c22a04e57593bc6db07f4d3c824
bdd3d057558e10780bb8e4686cf0b703ad0e0971dff8c2bb27c781abdec16eda
GET /src/jquery-1.3.2.js HTTP/1.1
Host: s20.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef55-e0bd"
Expires: Tue, 13 Sep 2022 20:35:38 GMT
Cache-Control: max-age=864000
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 19:38:16 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 19:48:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SQV4btZ9YOB-AdN2JXzvV_PxA5YaY5pdJmHlTwaL4VTkBcNv1PKcZw==
Age: 3442
nintendo.moy.su/_ld/66/89711150.jpg
193.109.247.235200 OK 12 kB URL HTTP/1.1 nintendo.moy.su/_ld/66/89711150.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 240x160, components 3\012- data
Hash 13be3bdc84373a2aa75a52a2d0a1e6dc
3ca59e566bc572b33df790fce48bd7aaad2f8292
9946ebfc7517124b796629b3475e77088e9dd27e8079b493a2c99bf1a2cb9f0c
GET /_ld/66/89711150.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 12361
Last-Modified: Wed, 13 Mar 2013 11:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51406408-3049"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/mail.png
193.109.247.235200 OK 758 B URL HTTP/1.1 nintendo.moy.su/images/mail.png
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type PNG image data, 14 x 14, 8-bit/color RGB, non-interlaced\012- data
Hash 284cfb2a2a6a4c4f8467ac24ab673c84
e77c47094c995b2ba85de4ae1f7fa8827e2482b1
e5d1b6f90878a432791219aa63f3adc019937e2982a575725f5fad1ee7df4f5a
GET /images/mail.png HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/png
Content-Length: 758
Last-Modified: Sat, 04 Jan 2014 14:02:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "52c8146c-2f6"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/_ld/66/56949960.jpg
193.109.247.235200 OK 75 kB URL HTTP/1.1 nintendo.moy.su/_ld/66/56949960.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 640x639, components 3\012- data
Hash d5fd086bc0c7bb85d7662534c7797b46
14c298a9287ca3984128f9b20107a219a8e7d008
9c6cc3b3a4d258c90386142d5d3599b616d1dd6cec400f24ffa5c03015103299
GET /_ld/66/56949960.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 74946
Last-Modified: Wed, 13 Mar 2013 11:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51406408-124c2"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/bgr.jpg
193.109.247.235200 OK 142 kB URL HTTP/1.1 nintendo.moy.su/images/bgr.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 71x71, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, xresolution=122, yresolution=130, resolutionunit=2, software=Paint.NET v3.5.10, datetime=2009:12:28 15:18:21], baseline, precision 8, 1600x1200, components 3\012- data
Size 142 kB (142011 bytes)
Hash 40c339f90cd733b2b804453e0f28db71
ead93231c8253e5e76a13acb3956b70285b63475
fc9a86623263e4854ad112b9a52b606f1bdd17d226520bdc9bb276676a084963
GET /images/bgr.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 142011
Last-Modified: Sun, 07 Jul 2013 16:35:19 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51d998c7-22abb"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/_ld/1/56798642.jpg
193.109.247.235200 OK 36 kB URL HTTP/1.1 nintendo.moy.su/_ld/1/56798642.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x400, components 3\012- data
Hash 8085f693329362f6e27d5dbea0aedc5f
16ae743218b16867aaaf573c5ea4a9ede763d18d
ec2aa27493c2a20bb4f87098f2454ed161e389c9a96cb5f22d2ac250f463fa67
GET /_ld/1/56798642.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 35945
Last-Modified: Tue, 26 Mar 2013 13:07:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51519da0-8c69"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/.s/img/cp/49.gif
193.109.247.235200 OK 816 B URL HTTP/1.1 nintendo.moy.su/.s/img/cp/49.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 80 x 15\012- data
Hash 0797216a036b027904627113963037af
c8c9d893858e9b0bccaaa75bce2ed118ef5e38e4
0f5bbfccc49ee5299473ff4489e25fe116869e043e9c5d7ffd220b2d1d328b62
GET /.s/img/cp/49.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 816
Last-Modified: Wed, 31 Aug 2022 11:30:06 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "630f463e-330"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/4download.gif
193.109.247.235200 OK 536 B URL HTTP/1.1 nintendo.moy.su/images/4download.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 10 x 10\012- data
Hash 6ca71bdba63fae1b2c39afffac2baa31
a69446d55f8a56eac02dfe541dd00174e834561e
0f871fcd29177f5d009fdf5d49abba14668bb2fd5309bcc51bd7b9866334f082
GET /images/4download.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 536
Last-Modified: Fri, 22 Mar 2013 17:07:22 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "514c8fca-218"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/logo.jpg
193.109.247.235200 OK 51 kB URL HTTP/1.1 nintendo.moy.su/images/logo.jpg
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9, xresolution=122, yresolution=130, resolutionunit=2, software=Paint.NET v3.5.10], baseline, precision 8, 570x77, components 3\012- data
Hash 64b56be554d02e388e215148ef815d8f
ef8809c119736765e40c89522077d373da9fa622
0479c61d08c45627fbd3e03a551403c528565f614bd34242d98220cf2c79fbe1
GET /images/logo.jpg HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/jpeg
Content-Length: 51351
Last-Modified: Sun, 01 Sep 2013 16:26:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "52236ad0-c897"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
s20.ucoz.net/src/uwnd.js
195.216.243.20200 OK 61 kB IP 195.216.243.20:0
File type ASCII text, with very long lines (14577)
Hash 299d70ce961bd1d9365d30c0b3e883ef
841a8206307961db116838150c5344089cec4e7b
613cb4849d83f2863ae0a991b38330e095f7ead6793a6d0448e304205782b08c
GET /src/uwnd.js HTTP/1.1
Host: s20.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef56-3764f"
Expires: Tue, 13 Sep 2022 20:35:38 GMT
Cache-Control: max-age=864000
Content-Encoding: gzip
push.services.mozilla.com/
34.214.82.71101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.82.71:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sL3WSmZXovpL++GL5+FIfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nHxwD5mWAE5+eW+JWnbJ7byqVx4=
am15.net/x/uid.php?rand=574959589&uid=Mt4bfVH
95.216.225.17200 OK 848 B URL HTTP/1.1 am15.net/x/uid.php?rand=574959589&uid=Mt4bfVH
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 6bc3c799a48fa67953ff8e88b890e54e
8d5f848e6afe5e58363c0fea981fdc7e5a1355f1
2ada2621416b759d822a21aa72f3ce1eb182116c297ddc286b6d490de2253123
GET /x/uid.php?rand=574959589&uid=Mt4bfVH HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
am15.net/x/fpx.php?upst=j9ouyBm.sBbx2I_xyznn&s=78691&t=bn&rand=1521015175
95.216.225.17200 OK 1.0 kB URL HTTP/1.1 am15.net/x/fpx.php?upst=j9ouyBm.sBbx2I_xyznn&s=78691&t=bn&rand=1521015175
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash b559ff7f43475ffbc9dcb7a6afc16af1
3a480d0f14247d8b87a09f26a604540aeb2a3333
4276aeb79020f91d96b78f4a12c43bb04c85fed41287099fdbf33d2da1675b2a
GET /x/fpx.php?upst=j9ouyBm.sBbx2I_xyznn&s=78691&t=bn&rand=1521015175 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: text/html; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:38 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Set-Cookie: c5d4f=1; expires=Sat, 03-Sep-2022 21:05:38 GMT; Max-Age=1800; path=/; domain=.am15.net
Content-Encoding: gzip
nintendo.moy.su/stat/1662237336160?01
193.109.247.235302 Found 221 B URL HTTP/1.1 nintendo.moy.su/stat/1662237336160?01
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4df61cf52232c82fbf0440667361088d
c7e3d3e044e9b5e3bbdb29fc08ae63fa4be532dd
56505fd13cbb3c0582385890966498eedda99d758b03a32a3f3494ea0fe8c8a1
Analyzer Verdict Alert fortinet Malware
GET /stat/1662237336160?01 HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 7nintendoucnid=bMXH50hNXc; domain=nintendo.moy.su; path=/stat/287959227; expires=Sat, 03-Sep-2022 20:35:58 GMT
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: https://nintendo.moy.su/stat/287959227?11
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a7e9a7fed73280dc96d25fddee610f13
ecddfecf37363162167a01a8571d723051e467c8
18e7705b0d7337c98fd3f678c5b1f2077a09c07d40d947af63a03f55f13e8cb8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18E7705B0D7337C98FD3F678C5B1F2077A09C07D40D947AF63A03F55F13E8CB8"
Last-Modified: Sat, 03 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7553
Expires: Sat, 03 Sep 2022 22:41:31 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a7e9a7fed73280dc96d25fddee610f13
ecddfecf37363162167a01a8571d723051e467c8
18e7705b0d7337c98fd3f678c5b1f2077a09c07d40d947af63a03f55f13e8cb8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18E7705B0D7337C98FD3F678C5B1F2077A09C07D40D947AF63A03F55F13E8CB8"
Last-Modified: Sat, 03 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7553
Expires: Sat, 03 Sep 2022 22:41:31 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a7e9a7fed73280dc96d25fddee610f13
ecddfecf37363162167a01a8571d723051e467c8
18e7705b0d7337c98fd3f678c5b1f2077a09c07d40d947af63a03f55f13e8cb8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "18E7705B0D7337C98FD3F678C5B1F2077A09C07D40D947AF63A03F55F13E8CB8"
Last-Modified: Sat, 03 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7553
Expires: Sat, 03 Sep 2022 22:41:31 GMT
Date: Sat, 03 Sep 2022 20:35:38 GMT
Connection: keep-alive
am15.net/ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=400&width=240&block=ambn7960&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336
95.216.225.17200 OK 355 B URL HTTP/1.1 am15.net/ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=400&width=240&block=ambn7960&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
Hash 1b1c05d5722ceed0be2d4c242ddc945a
05f56e60f9724fac2e1063e3134455c9d759b6ce
0d1c5e6f31054f910a030a4bcdead038f1e013ceec9fc2d0091f208ae53a7b48
GET /ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=400&width=240&block=ambn7960&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Content-Encoding: gzip
nintendo.moy.su/images/menuright.gif
193.109.247.235200 OK 328 B URL HTTP/1.1 nintendo.moy.su/images/menuright.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 200 x 54\012- data
Hash dbf714e062f2e30668dfcf0c696d4f36
e139267d500307da542313cc38c5b0a5884a8566
11198fe9ddbedc7a7c769c71e31c42e97ea4391a74292ecd85e734b77a97f51d
GET /images/menuright.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 328
Last-Modified: Thu, 04 Nov 2010 11:14:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959e-148"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/menuleft.gif
193.109.247.235200 OK 179 B URL HTTP/1.1 nintendo.moy.su/images/menuleft.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 18 x 54\012- data
Hash 9be3abd0353602069deea0dee37aecb0
d6f497aefc77cce0d524b82b6575f332ef350040
ab113eaa057ce213a4bbb166b2988d54a8b9cea6d151843d0e3905b886b308eb
GET /images/menuleft.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 179
Last-Modified: Thu, 04 Nov 2010 11:14:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959e-b3"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/header-bgr.gif
193.109.247.235200 OK 2.8 kB URL HTTP/1.1 nintendo.moy.su/images/header-bgr.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 946 x 128\012- data
Hash de20ed4cbd7927c03ef05f1537728f57
caffe3ae4727e1c8cb114720eb25159dd831fa93
a7a33c9aa901ba8d7a98c1a8f830ea92433a7b2cc8c33ad1588b7e67f84593f6
GET /images/header-bgr.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 2825
Last-Modified: Wed, 19 Sep 2012 20:49:55 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "505a2ff3-b09"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/pointer.gif
193.109.247.235200 OK 67 B URL HTTP/1.1 nintendo.moy.su/images/pointer.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 14 x 14\012- data
Hash c01bb18b4287e58825a0423de2d8c937
bdd358182432433d83f3f3f8bc94c5e4e83ee2ab
f2c13de373153687589efeacd4a08fa6c775f7641014513481d8e7fe81bda40c
GET /images/pointer.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 67
Last-Modified: Sat, 15 Sep 2012 18:47:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5054cd4e-43"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/btn-search.gif
193.109.247.235200 OK 615 B URL HTTP/1.1 nintendo.moy.su/images/btn-search.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 20 x 20\012- data
Hash 53866a0d5ed988cb8992304daa8da92b
1be2b02fa9379f3f055cdb303c9a6db03f04c020
21e36a93b3af6e6e935939c111d893a062a8ea62c2a198fc8a38ad3f2b5baf83
GET /images/btn-search.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 615
Last-Modified: Thu, 04 Nov 2010 11:14:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959b-267"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/box2-top.gif
193.109.247.235200 OK 496 B URL HTTP/1.1 nintendo.moy.su/images/box2-top.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 248 x 18\012- data
Hash b4a5cb1496ece57ad0766bd61c663899
1115aee1e35d8f8bc998fcc7f55f1267cc8e5b96
672c5f7f636b8c42ff2d5b6f951ccf50819d43852957c47569ba81cd0031d41a
GET /images/box2-top.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 496
Last-Modified: Thu, 04 Nov 2010 11:14:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959b-1f0"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/search-bgr.gif
193.109.247.235200 OK 658 B URL HTTP/1.1 nintendo.moy.su/images/search-bgr.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 223 x 32\012- data
Hash 9af14a7ec2a1d88fb2e6cfdf29efa630
f987695afed9fcae11d64543ed16fb6fb31d40f7
db0c0eb0af9cf4ede91c7eade9949198f12e4f0295337164d0f69b5c8d3e4ef1
GET /images/search-bgr.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 658
Last-Modified: Thu, 04 Nov 2010 11:14:39 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959f-292"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/spoiler_bg.gif
193.109.247.235200 OK 975 B URL HTTP/1.1 nintendo.moy.su/images/spoiler_bg.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 34 x 25\012- data
Hash fcd712b0ae087a644baa6318f3d31cf7
ba2323301619e96a77e9f4dac7ad84006e325bd4
5f5549d68650fb1ca4c2d793501dd5b8549856aa92861cfcc065ee15891590a8
GET /images/spoiler_bg.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 975
Last-Modified: Thu, 04 Nov 2010 15:32:23 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2d207-3cf"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/ico-list.gif
193.109.247.235200 OK 58 B URL HTTP/1.1 nintendo.moy.su/images/ico-list.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 9 x 9\012- data
Hash ab2770d31f3c93e4560f026ed7be3207
8085ff75ddcc85a6675ccb06a120486f25107be7
daabf284c65959ca1e8898a660b2e019bd1b98431ded7307615ef03904c95ea3
GET /images/ico-list.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 58
Last-Modified: Thu, 04 Nov 2010 11:14:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959d-3a"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/topmenu-bgr.gif
193.109.247.235200 OK 153 B URL HTTP/1.1 nintendo.moy.su/images/topmenu-bgr.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 1 x 33\012- data
Hash 0fdd99b7dadaf91f5b05c8af9e2f9c1e
7ff323cf35dbea2e7b5fb059e20c1312ed558444
0d211bf9700497aac6f6e2cf6912309b1817adeb0373aba33439115418f2c9a2
GET /images/topmenu-bgr.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 153
Last-Modified: Thu, 04 Nov 2010 11:14:40 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd295a0-99"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/topmenu-sep.gif
193.109.247.235200 OK 286 B URL HTTP/1.1 nintendo.moy.su/images/topmenu-sep.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 2 x 33\012- data
Hash a969f47aceff9e7100b05c79efc1302e
7bd923c2701760851decddcdb735a9e4dc7a6e68
3ea83b8ff843d599b53497d595a9e611466ec1acaf1dc092efbe553150da6130
GET /images/topmenu-sep.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 286
Last-Modified: Thu, 04 Nov 2010 11:14:40 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd295a0-11e"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/ico-star.gif
193.109.247.235404 Not Found 2.7 kB URL HTTP/1.1 nintendo.moy.su/images/ico-star.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (348)
Hash 7d61f3d2524ddb2261ce5294fcffacd9
9215626f645f1310a7ade9e639b3694377b4e945
de2aeab2cb5c63bc0d2c3cf9eb5bf6a19fe9e7ac1e9c9e2b362f8bb0501e4c16
GET /images/ico-star.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip
nintendo.moy.su/images/plus.gif
193.109.247.235200 OK 120 B URL HTTP/1.1 nintendo.moy.su/images/plus.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 15 x 10\012- data
Hash 16667592041d577d3083fcebb720b55c
cbcd53b22d0031d31b140967e5e7274b7bd7b37a
7b73a13adfff4bc5a092d48d68091e7fd208b6635ff034e0f36456f10e20ed9c
GET /images/plus.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 120
Last-Modified: Thu, 04 Nov 2010 12:23:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2a5dc-78"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
am15.net/ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=60&width=468&block=ambn8858&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336
95.216.225.17200 OK 357 B URL HTTP/1.1 am15.net/ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=60&width=468&block=ambn8858&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
Hash 42d760aac5f9a6cde0c4999816a7cf6a
fa32693e28873208057340ff06c3d9722fa5a7f8
14a50c10ae4edbf2975a56cbd39d487ab7a43cab00806e2ee97aa80f978a1cae
GET /ssp/dsp?upst=j9ouyBm.sBbx2I_xyznn&site=78691&height=60&width=468&block=ambn8858&ref=https%3A%2F%2Fnintendo.moy.su%2F&title=Legend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&js=1&time=1662237336 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Content-Encoding: gzip
nintendo.moy.su/images/grad.gif
193.109.247.235200 OK 102 B URL HTTP/1.1 nintendo.moy.su/images/grad.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 1 x 29\012- data
Hash 43e684a817429406aa37a15919b75e08
857c23baa316df2f6084e2924055f034b6a1e33a
8b76dec77bda60ae331de43828bb1a4853d403068b90e47dc4136735215cfd77
GET /images/grad.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 102
Last-Modified: Thu, 04 Nov 2010 11:14:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959b-66"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/stat/287959227?11
193.109.247.235200 OK 466 B URL HTTP/1.1 nintendo.moy.su/stat/287959227?11
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 87a, 88 x 31\012- data
Hash dac0992c06b76c4e983fed10c936fbec
aed52ea397e28b0694e688344ffe594e9d67b22e
49c5cc4fd0b1f6ddd2797ae57c92ee29419635a95b2b98ef470ba7199dc85768
Analyzer Verdict Alert fortinet Malware
GET /stat/287959227?11 HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Connection: keep-alive
Cookie: 7nintendoucnid=bMXH50hNXc; 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ucvid=EDjRM3M0QB; domain=moy.su; path=/; expires=Sun, 03-Sep-2023 20:35:48 GMT
nintendo.moy.su/.s/img/stars/3/12.png
193.109.247.235200 OK 1.2 kB URL HTTP/1.1 nintendo.moy.su/.s/img/stars/3/12.png
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type PNG image data, 12 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 350693463200bbe9388eec7d1a208289
9a310a7dd3c068636b224d253e0df9ce09784df2
aa22bfd07d6d73ee1e2fc304bf81625c716e83f81e1dfc044560b54595bdec28
GET /.s/img/stars/3/12.png HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/png
Content-Length: 1161
Last-Modified: Wed, 31 Aug 2022 11:30:13 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "630f4645-489"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/.s/img/sh/wait.gif
193.109.247.235200 OK 265 B URL HTTP/1.1 nintendo.moy.su/.s/img/sh/wait.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 32 x 8\012- data
Hash c44da6bb38458d2c57e23104c53d8e05
5e9352aa3d0b522fff659c48299d1b3006c78f47
163da6b91f78ccad8c824ef31e5dbd2a89fb8d93f2381d43faa96acf502ca3e8
GET /.s/img/sh/wait.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/.s/src/base.min.css?v=012043
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 265
Last-Modified: Wed, 31 Aug 2022 11:30:12 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "630f4644-109"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
nintendo.moy.su/images/box2-bot.gif
193.109.247.235200 OK 186 B URL HTTP/1.1 nintendo.moy.su/images/box2-bot.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 248 x 10\012- data
Hash b2839e798d6b89c2b7a2389ddfa335fc
513501663ffd68241b14951cf3da7fc8fc3d94d0
8b55e477652fe0c435bcb2f2349e0146df71890992482ee85487135e20843d89
GET /images/box2-bot.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 186
Last-Modified: Thu, 04 Nov 2010 11:14:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959b-ba"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ba16663c78ead02b0598ff5f576a001
92d79e7c5d728fff32e6b8dad6dd0877db244cbf
599c79320699e5299323d284460a197040d55652d538e7cc49f582ad3cdde198
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599C79320699E5299323D284460A197040D55652D538E7CC49F582AD3CDDE198"
Last-Modified: Sat, 03 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6669
Expires: Sat, 03 Sep 2022 22:26:48 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
nintendo.moy.su/images/box2-bgr.gif
193.109.247.235200 OK 62 B URL HTTP/1.1 nintendo.moy.su/images/box2-bgr.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 248 x 1\012- data
Hash 9a173bfba382728d253ac869fc7da8ff
b354e5e04ef93cc577cb87a0c1ea52457713d46f
9df1d1b868dbe69960204354a31090977aa02c83fb86655b82a61d89d4fef5f2
GET /images/box2-bgr.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 62
Last-Modified: Thu, 04 Nov 2010 11:14:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959b-3e"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ba16663c78ead02b0598ff5f576a001
92d79e7c5d728fff32e6b8dad6dd0877db244cbf
599c79320699e5299323d284460a197040d55652d538e7cc49f582ad3cdde198
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599C79320699E5299323D284460A197040D55652D538E7CC49F582AD3CDDE198"
Last-Modified: Sat, 03 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6669
Expires: Sat, 03 Sep 2022 22:26:48 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=bbcf7d40-223a-42d4-b20b-2c541eb84dd6
95.216.225.17200 OK 532 B URL HTTP/1.1 am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=bbcf7d40-223a-42d4-b20b-2c541eb84dd6
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text, with very long lines (733), with no line terminators
Hash 16f3f96e6f1519a88c5134e50b0fb252
8501ed9f28511a722fdc1cc0d38e403be2e75b2f
8e54778caf1b3cb47d67383fdaf997244602b3f0e3a619cc09eb89484b54af43
GET /ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=bbcf7d40-223a-42d4-b20b-2c541eb84dd6 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
nintendo.moy.su/images/page-bot.gif
193.109.247.235200 OK 1.1 kB URL HTTP/1.1 nintendo.moy.su/images/page-bot.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 946 x 45\012- data
Hash 491e5669629aba6951d276dbee819f2e
3efcc805931a99487d71f674b09ace94ef4e9200
97b34f0ce60a84b332c3b21b5c5f30778a1df58d5d597661835ee0e0c83075ce
GET /images/page-bot.gif HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/_st/my.css
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/gif
Content-Length: 1123
Last-Modified: Thu, 04 Nov 2010 11:14:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4cd2959e-463"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=37940a60-5850-4777-9696-a0818ce96c60
95.216.225.17200 OK 531 B URL HTTP/1.1 am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=37940a60-5850-4777-9696-a0818ce96c60
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text, with very long lines (732), with no line terminators
Hash e848f16095b2f78111566ad15b6bb5db
14c9bfd2addf578306c7f92ea0eadfdc18470ae2
44bf6e3c8c77bf6c253d87d0341cd9b757b186900f55cb857fb865ba331990d9
GET /ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=37940a60-5850-4777-9696-a0818ce96c60 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
nintendo.moy.su/highslide/graphics/zoomin.cur
193.109.247.235200 OK 4.3 kB URL HTTP/1.1 nintendo.moy.su/highslide/graphics/zoomin.cur
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type MS Windows cursor resource - 1 icon, 32x32, hotspot @5x0\012- data
Hash 91bee364d9731d7fbaeebe22d762918b
7e5ca8c2e122089ba9b57d3b4a4a0058d92516ad
eeb61c78c583b09597a14de97c77c90bbecb3d9af9ed0b630f84a0bd35f2e56c
Analyzer Verdict Alert fortinet Malware
GET /highslide/graphics/zoomin.cur HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: application/octet-stream
Content-Length: 4286
Last-Modified: Tue, 30 Apr 2013 17:34:03 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5180008b-10be"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
am15.net/bn1.php?k=tYhPI1bzcF9WVj9Jp16uBWLlRvYXHmvG9L8W4Heqzz-sTFJMh1Z7xs3ezoRzy6GXLacrFr_jTGb4ztqTB-AQqaFs1fuM_Qzrk1LFqr-XL-YW7PEHARcy9vREpJ4xSLkGh5IvSoeppu7s&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt=
95.216.225.17200 OK 373 B URL HTTP/1.1 am15.net/bn1.php?k=tYhPI1bzcF9WVj9Jp16uBWLlRvYXHmvG9L8W4Heqzz-sTFJMh1Z7xs3ezoRzy6GXLacrFr_jTGb4ztqTB-AQqaFs1fuM_Qzrk1LFqr-XL-YW7PEHARcy9vREpJ4xSLkGh5IvSoeppu7s&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt=
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (312)
Hash 077cb7302c15018c1ed5187ccb6f9264
542fd0588c574d08e90c3ffac441d14adabb156c
f20c515397c981d5b7282ed3371e554445ac20d9b9770c8a0e9a7662aaacb89b
GET /bn1.php?k=tYhPI1bzcF9WVj9Jp16uBWLlRvYXHmvG9L8W4Heqzz-sTFJMh1Z7xs3ezoRzy6GXLacrFr_jTGb4ztqTB-AQqaFs1fuM_Qzrk1LFqr-XL-YW7PEHARcy9vREpJ4xSLkGh5IvSoeppu7s&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt= HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=bbcf7d40-223a-42d4-b20b-2c541eb84dd6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/javascript; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
nintendo.moy.su/?7HODtlXgqrHfY096%5Ey2n3gaFXScDgaeqVkCw56b3IDiR%21rc%5EhCUnQvSyprk7iVkEAQ%21vNb%5ERvzbfeS1CC23pG%3Boo
193.109.247.235200 OK 799 B URL HTTP/1.1 nintendo.moy.su/?7HODtlXgqrHfY096%5Ey2n3gaFXScDgaeqVkCw56b3IDiR%21rc%5EhCUnQvSyprk7iVkEAQ%21vNb%5ERvzbfeS1CC23pG%3Boo
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 12b4b57bd5200b5856406a240125e6b1
7a49d8dd15a0aa99842e495cd35ea4e8c835e2fd
17478b5410b247dc036238ad991866fc78c94bb46217b931dd2fd3599cb73415
Analyzer Verdict Alert fortinet Malware
GET /?7HODtlXgqrHfY096%5Ey2n3gaFXScDgaeqVkCw56b3IDiR%21rc%5EhCUnQvSyprk7iVkEAQ%21vNb%5ERvzbfeS1CC23pG%3Boo HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Content-Encoding: gzip
am15.net/bn1.php?k=tYhP81b7cF9WVFI0SP1W_G1GQogO3vyjyZV0X8a2KQS5mCU9pZSjBeE76w7Q3xKuUy7q_fXEswdUiQbMltEup6beK74wyIWq2Ls3B6q_Ck_E_SfVciO9YNtPlQjrrTKS2lJuIGIwcECe&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt=
95.216.225.17200 OK 375 B URL HTTP/1.1 am15.net/bn1.php?k=tYhP81b7cF9WVFI0SP1W_G1GQogO3vyjyZV0X8a2KQS5mCU9pZSjBeE76w7Q3xKuUy7q_fXEswdUiQbMltEup6beK74wyIWq2Ls3B6q_Ck_E_SfVciO9YNtPlQjrrTKS2lJuIGIwcECe&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt=
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (311)
Hash 03d70a918757e1e465132da04660cea6
121893eb74c3195e2be80db3fff4c07ce37a5b8b
3f24d575a97091687683582eab49677461e853b0e96bfeabb3c993268dcf3a7a
GET /bn1.php?k=tYhP81b7cF9WVFI0SP1W_G1GQogO3vyjyZV0X8a2KQS5mCU9pZSjBeE76w7Q3xKuUy7q_fXEswdUiQbMltEup6beK74wyIWq2Ls3B6q_Ck_E_SfVciO9YNtPlQjrrTKS2lJuIGIwcECe&cook=1&dt=23&fl=0&jq=&un=0&ref=https%3A%2F%2Fnintendo.moy.su%2F&upst=j9ouyBm.sBbx2I_xyznn&tt= HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=37940a60-5850-4777-9696-a0818ce96c60
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/javascript; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash f5c604b4443ba59eb24f58a3d014c45a
b72ab9674310839e0c50b3401d0ed7ffe6467865
72b8806ea9903896f7191a144cf7812732e3f5b6f4f63b5360aac10540eb3d89
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 07 Sep 2022 18:14:43 GMT
ETag: "b72ab9674310839e0c50b3401d0ed7ffe6467865"
Last-Modified: Sat, 03 Sep 2022 18:14:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2791
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145e98d69b4fa-OSL
am15.net/bn2.php?f=2&sh=1024&dpr=1&sw=1280&s=0&k=b1w10300ff2a7e1c5592871ecd6122e0bca46b352209032335
95.216.225.17200 OK 411 B URL HTTP/1.1 am15.net/bn2.php?f=2&sh=1024&dpr=1&sw=1280&s=0&k=b1w10300ff2a7e1c5592871ecd6122e0bca46b352209032335
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (626), with no line terminators
Hash 431c568ec78167ecf16dfee45ecc36bd
ce89abc425eeb1cdb57e374943c50049ced674e1
b628c3ec6f4c31661218b1bd1025abefdd9c50b5ff6bbfbab27ef5096f5a4470
GET /bn2.php?f=2&sh=1024&dpr=1&sw=1280&s=0&k=b1w10300ff2a7e1c5592871ecd6122e0bca46b352209032335 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=bbcf7d40-223a-42d4-b20b-2c541eb84dd6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/html; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="HONK NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: amuidtrk=JrzNhozGSMHj9rHs2-Mz1hJD1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 23:59:59 GMT; Max-Age=12260; path=/; domain=.am15.net
amuidtrk=JrzNhozGSMHj9rHh1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 23:59:59 GMT; Max-Age=12260; path=/; domain=.am15.net
ambn_v=O-Ixy73F; expires=Sat, 03-Sep-2022 20:50:39 GMT; Max-Age=900; path=/; domain=am15.net
ambn_bv_2=O-Ixy73F; expires=Sat, 03-Sep-2022 20:50:39 GMT; Max-Age=900; path=/; domain=am15.net
Content-Encoding: gzip
b.am15.net/ambn.png
95.216.224.48200 OK 6.4 kB IP 95.216.224.48:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 18, 8-bit/color RGBA, interlaced\012- data
Hash ce7dd36e5303a34b1e9cb3f5fff40270
b11654f4d983e453c21b79eea49bc0c3a3cdc8f2
f8ef0068a018e69ac5f56505d59a2fa3acf3916b0040fa3a28301b39daf6bc19
GET /ambn.png HTTP/1.1
Host: b.am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: image/png
Content-Length: 6395
Last-Modified: Fri, 06 Sep 2013 09:15:37 GMT
Connection: keep-alive
ETag: "52299d39-18fb"
Expires: Mon, 03 Oct 2022 20:35:39 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
s1.ucoz.net/adv/dummy/000/css/style.css
193.109.247.235200 OK 1.6 kB URL HTTP/1.1 s1.ucoz.net/adv/dummy/000/css/style.css
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Hash 50406c447ccad47ca9e5d53eff612ffb
16e3921585135a87a1066689c9c67a312d96c92d
01a0732bba96fb38be885a1d233fecf52e32c7e07e48cd05f6f07a3690ea304c
GET /adv/dummy/000/css/style.css HTTP/1.1
Host: s1.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Mar 2019 14:28:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5c9a3701-19eb"
Content-Encoding: gzip
am15.net/bn2.php?s=0&sw=1280&k=b1w10300bc12fbecee30d11b796faeb2b44fcef12209032335&f=5&sh=1024&dpr=1
95.216.225.17200 OK 410 B URL HTTP/1.1 am15.net/bn2.php?s=0&sw=1280&k=b1w10300bc12fbecee30d11b796faeb2b44fcef12209032335&f=5&sh=1024&dpr=1
IP 95.216.225.17:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (624), with no line terminators
Hash e7ac9d73c2124094d52161474556a7dc
c6ae699d91aea5b7c56dcbed2f78b0369b3dd55d
06a565fe1da41f4081ffc8a32dbbdf9b1e9df87a52980e09a47be344ed4ff41b
GET /bn2.php?s=0&sw=1280&k=b1w10300bc12fbecee30d11b796faeb2b44fcef12209032335&f=5&sh=1024&dpr=1 HTTP/1.1
Host: am15.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/ssp/banner?upst=j9ouyBm.sBbx2I_xyznn&bid=37940a60-5850-4777-9696-a0818ce96c60
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/html; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.27-1+ubuntu16.04.1+deb.sury.org+1
P3P: CP="HONK NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: amuidtrk=JrzNhozGSMHj9rHs2-Mz1hJD1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 23:59:59 GMT; Max-Age=12260; path=/; domain=.am15.net
amuidtrk=JrzNhozGSMHj9rHh1BSDNC_Fd7Fn; expires=Sat, 03-Sep-2022 23:59:59 GMT; Max-Age=12260; path=/; domain=.am15.net
ambn_v=O-Ixy73F; expires=Sat, 03-Sep-2022 20:50:39 GMT; Max-Age=900; path=/; domain=am15.net
ambn_bv_5=O-Ixy73F; expires=Sat, 03-Sep-2022 20:50:39 GMT; Max-Age=900; path=/; domain=am15.net
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 546385324b226be6d3067f9091044088
735aa9ecded54cb5a89bba64ec655c6d9da54909
b03dbb0a96b1d8c30bf702294ac13862cd79cb754ca55b5ff9e0b2365c55a4df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B03DBB0A96B1D8C30BF702294AC13862CD79CB754CA55B5FF9E0B2365C55A4DF"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6850
Expires: Sat, 03 Sep 2022 22:29:49 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
s1.ucoz.net/adv/dummy/000/img/ucoz-logo.png
193.109.247.235200 OK 4.6 kB URL HTTP/1.1 s1.ucoz.net/adv/dummy/000/img/ucoz-logo.png
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type PNG image data, 136 x 136, 8-bit/color RGBA, non-interlaced\012- data
Hash 14d37a3409afc2c450c62b97bc8019da
43fc12bf16a292d6d10b17ab7d1e37785288858c
fc4f998c5fcacc6cf161f1bedf46ec55e56273670ecce8b59e947b68d3c5bdb2
GET /adv/dummy/000/img/ucoz-logo.png HTTP/1.1
Host: s1.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: image/png
Content-Length: 4585
Last-Modified: Tue, 26 Mar 2019 14:28:17 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3701-11e9"
Accept-Ranges: bytes
s.uuidksinc.net/match/1/?cb_url=https%3A%2F%2Fhdbcode.com%2Fsetuid%3F%5BUID%5D&gdpr=0&gdpr_consent=
31.220.27.135302 Found 0 B URL HTTP/2 s.uuidksinc.net/match/1/?cb_url=https%3A%2F%2Fhdbcode.com%2Fsetuid%3F%5BUID%5D&gdpr=0&gdpr_consent=
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/1/?cb_url=https%3A%2F%2Fhdbcode.com%2Fsetuid%3F%5BUID%5D&gdpr=0&gdpr_consent= HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-length: 0
location: https://hdbcode.com/setuid?V6UbAblzZ7U8lumNo6B5
set-cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5; expires=Sun, 03 Sep 2023 20:35:39 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 54da516ae0e0b58a4c4096bc5ab541ab
91a12b3032242f7a7af7d7fb0369abd642ce3c35
e87d320450de4ca4820b27cb9b17fe2b1aa2750d823cc66f1b3031d5b3e0d825
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E87D320450DE4CA4820B27CB9B17FE2B1AA2750D823CC66F1B3031D5B3E0D825"
Last-Modified: Sat, 03 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18040
Expires: Sun, 04 Sep 2022 01:36:19 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 54da516ae0e0b58a4c4096bc5ab541ab
91a12b3032242f7a7af7d7fb0369abd642ce3c35
e87d320450de4ca4820b27cb9b17fe2b1aa2750d823cc66f1b3031d5b3e0d825
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E87D320450DE4CA4820B27CB9B17FE2B1AA2750D823CC66F1B3031D5B3E0D825"
Last-Modified: Sat, 03 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9607
Expires: Sat, 03 Sep 2022 23:15:46 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
t02.rbnt.org/rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691
148.251.159.22302 Found 0 B URL HTTP/1.1 t02.rbnt.org/rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691
IP 148.251.159.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691 HTTP/1.1
Host: t02.rbnt.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: bus=LIamif1onSjHr0j32xiCI1; expires=Tue, 03-Sep-2047 20:35:39 GMT; Max-Age=788918400; path=/; domain=.rbnt.org; SameSite=None; Secure;
csc=1; expires=Sat, 03-Sep-2022 20:36:39 GMT; Max-Age=60; path=/; domain=.rbnt.org; SameSite=None; Secure;
Location: /rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691&csc=1
Strict-Transport-Security: max-age=0
hdbcode.com/setuid?V6UbAblzZ7U8lumNo6B5
31.220.27.135200 OK 74 B URL HTTP/2 hdbcode.com/setuid?V6UbAblzZ7U8lumNo6B5
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /setuid?V6UbAblzZ7U8lumNo6B5 HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: image/png
content-length: 74
set-cookie: dmpUid=V6UbAblzZ7U8lumNo6B5; expires=Sun, 03 Sep 2023 20:35:39 GMT; domain=hdbcode.com; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
rot.spotsniper.ru/?src=ujs6&s_subid=btn
31.172.81.159302 Moved Temporarily 0 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_subid=btn
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ujs6&s_subid=btn HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRu
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
rot.spotsniper.ru/?src=ujs6
31.172.81.159302 Moved Temporarily 0 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ujs6 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAk*
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
sync.dmp.otm-r.com/match/aotm.js
195.201.106.117204 No Content 0 B URL HTTP/2 sync.dmp.otm-r.com/match/aotm.js
IP 195.201.106.117:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/aotm.js HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.15.9
date: Sat, 03 Sep 2022 20:35:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa143e982ad5d290e16ed27a0d9ecea9
11da662420b8023f89f7cd9cb0ca7c9545e7e90e
040ccb490713ed693bbf90cbafc1e1c43d877739e1a51a19513d725790dd182d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "040CCB490713ED693BBF90CBAFC1E1C43D877739E1A51A19513D725790DD182D"
Last-Modified: Thu, 01 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4841
Expires: Sat, 03 Sep 2022 21:56:20 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
t02.rbnt.org/rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691&csc=1
148.251.159.22200 OK 40 B URL HTTP/1.1 t02.rbnt.org/rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691&csc=1
IP 148.251.159.22:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 420067bafe363fec4b6d5cd2148f3260
84a7c23e61c6e14b7000158c6f01b4785b1d3379
24ad53aa3fcb45b15fa18cebe83a0d6ed66b3bf86114794cdbc1c44378ab4c9c
GET /rsc.php?mode=bu&pkey=35a09e2e4f2fca475f4da7404dd115c9&scr=1&p=advmaker&callback=AdvMakerMyragon&sitename=78691&csc=1 HTTP/1.1
Host: t02.rbnt.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Cookie: bus=LIamif1onSjHr0j32xiCI1; csc=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=0
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b543e3a59e90c26c48a819e091f81f1e
37a1ed0df585a84b0790b1ef463ee4945f9087ad
c6e46687b404ce9848cb5a1a62f36d859f736e675662336da62578696c9ced1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
31.220.27.135200 OK 0 B URL HTTP/2 hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8 HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://nintendo.moy.su
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://nintendo.moy.su
X-Firefox-Spdy: h2
hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
31.220.27.135200 OK 0 B URL HTTP/2 hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8 HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://nintendo.moy.su
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://nintendo.moy.su
X-Firefox-Spdy: h2
themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
142.250.74.1200 OK 60 kB URL HTTP/2 themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
IP 142.250.74.1:0
File type Web Open Font Format, TrueType, length 60332, version 1.1\012- data
Hash 0d6d6ae28614efe13ec053eaeef473c1
20cd1c419ba0763bb4bbb1435bc0aed00452af2e
5dfdd878d2d6bdd50f37fde1800a044753dd00bac3c3a30a35f999b422a48ee1
GET /static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nintendo.moy.su
Connection: keep-alive
Referer: https://s1.ucoz.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 60332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 17:53:28 GMT
expires: Sun, 03 Sep 2023 17:53:28 GMT
cache-control: public, max-age=31536000
age: 9731
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc55eb9a30bb29ba32d32ffed9c4cd41
3676a24d1303037f7f18ba295c3ad6662c3ca94f
6a65af852d5996aac8d6f22283b2de546ff319c3ea491b6c5825e345c9883232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A65AF852D5996AAC8D6F22283B2DE546FF319C3EA491B6C5825E345C9883232"
Last-Modified: Sat, 03 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6399
Expires: Sat, 03 Sep 2022 22:22:18 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc55eb9a30bb29ba32d32ffed9c4cd41
3676a24d1303037f7f18ba295c3ad6662c3ca94f
6a65af852d5996aac8d6f22283b2de546ff319c3ea491b6c5825e345c9883232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A65AF852D5996AAC8D6F22283B2DE546FF319C3EA491B6C5825E345C9883232"
Last-Modified: Sat, 03 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6399
Expires: Sat, 03 Sep 2022 22:22:18 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4b291ba86fd8ccc4e7b6cee355e22114
fd54e165ca2046591c7185132dc5e86df69ab4f2
4e3d80e4325a12aac90231d9a008b9064e4a6c79dc20454c0daaae10990e4af7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbb5438a9a2e648caa27408a6d472719
eae460da97996656d333843d8557d0d7ec9ce303
97412b0e476b344f3e755f781e9f82640ca86f90f8eaa10c76ce513c117996cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "97412B0E476B344F3E755F781E9F82640CA86F90F8EAA10C76CE513C117996CB"
Last-Modified: Fri, 02 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=675
Expires: Sat, 03 Sep 2022 20:46:54 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbb5438a9a2e648caa27408a6d472719
eae460da97996656d333843d8557d0d7ec9ce303
97412b0e476b344f3e755f781e9f82640ca86f90f8eaa10c76ce513c117996cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "97412B0E476B344F3E755F781E9F82640CA86F90F8EAA10C76CE513C117996CB"
Last-Modified: Fri, 02 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20228
Expires: Sun, 04 Sep 2022 02:12:47 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fa143e982ad5d290e16ed27a0d9ecea9
11da662420b8023f89f7cd9cb0ca7c9545e7e90e
040ccb490713ed693bbf90cbafc1e1c43d877739e1a51a19513d725790dd182d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "040CCB490713ED693BBF90CBAFC1E1C43D877739E1A51A19513D725790DD182D"
Last-Modified: Thu, 01 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4841
Expires: Sat, 03 Sep 2022 21:56:20 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAk*
31.172.81.158302 Moved Temporarily 0 B URL HTTP/1.1 sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAk*
IP 31.172.81.158:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAk* HTTP/1.1
Host: sync3.adsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: uuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Fri, 29 Aug 2042 20:35:39 GMT; Domain=adsniper.ru; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAmiARD5B7zEK8cR7aBEACWQyCQ3
ETag: f907bcc4-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
uuidksinc.net/matchx?gdpr=0&gdpr_consent=
31.220.27.135200 OK 1.2 kB URL HTTP/2 uuidksinc.net/matchx?gdpr=0&gdpr_consent=
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1962)
Hash 407b4ba8c5f12146516d0edc7b88d814
c1f5daaa2f29adba5c9bbaffde5208ac3392affc
fca4d723f22b3760e1aea61c269654f53e996e2d92ac083f4478f619045a5db4
GET /matchx?gdpr=0&gdpr_consent= HTTP/1.1
Host: uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRu
31.172.81.158302 Moved Temporarily 0 B URL HTTP/1.1 sync3.adsniper.ru/?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRu
IP 31.172.81.158:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ss1&s_data=CAEQABib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRu HTTP/1.1
Host: sync3.adsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: uuid3=IiRmOTBiMzM3Mi0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Fri, 29 Aug 2042 20:35:39 GMT; Domain=adsniper.ru; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRuogEQ-QszcivHEe2gRAAlkMgkNw**
ETag: f90b3372-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49e6966e27f4b67b4177ca33ddd0a9cc
bf8ee250ba12b2b0799137599215533fcd23ca31
b26b61f90f6936a99aee91c463513d8669f98d5213a3eb2057f4dd6437d6a46d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B26B61F90F6936A99AEE91C463513D8669F98D5213A3EB2057F4DD6437D6A46D"
Last-Modified: Sat, 03 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10851
Expires: Sat, 03 Sep 2022 23:36:30 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAmiARD5B7zEK8cR7aBEACWQyCQ3
31.172.81.158302 Moved Temporarily 0 B URL HTTP/1.1 sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAmiARD5B7zEK8cR7aBEACWQyCQ3
IP 31.172.81.158:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAmiARD5B7zEK8cR7aBEACWQyCQ3 HTTP/1.1
Host: sync3.adsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Cookie: uuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
ETag: f907bcc4-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
ads.go2net.com.ua/adxcm.aspx?ssp=cf718592-a39d-4545-9d43-d632e2426981&redir=1
146.0.227.107302 Found 0 B URL HTTP/1.1 ads.go2net.com.ua/adxcm.aspx?ssp=cf718592-a39d-4545-9d43-d632e2426981&redir=1
IP 146.0.227.107:0
ASN #20773 Host Europe GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adxcm.aspx?ssp=cf718592-a39d-4545-9d43-d632e2426981&redir=1 HTTP/1.1
Host: ads.go2net.com.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Xss-Protection: 0
P3p: CP="NID DSP ALL COR"
Location: https://s.uuidksinc.net/match/760/e9bb64ab3cd146cdb280e5b81b3f1587
Set-Cookie: am-uid=e9bb64ab3cd146cdb280e5b81b3f1587; expires=Fri, 02 Dec 2022 20:35:39 GMT; domain=ads.go2net.com.ua; secure; SameSite=None
Keep-Alive: timeout=25
utraff.com/index.php?r=iframe/index&id=5763
172.67.217.151302 Found 617 B URL HTTP/2 utraff.com/index.php?r=iframe/index&id=5763
IP 172.67.217.151:0
Hash 4df9494791eb7115f49bef3ad74b7331
c80912c2d7678b788fb7544ef587b245aa750e0a
8181396e338d35e2e372d75dc93b270aa02c59bfae69e2b6179d95725e146030
GET /index.php?r=iframe/index&id=5763 HTTP/1.1
Host: utraff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
location: https://lookmeet.tv/index.php?r=iframe/index&id=5763
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZlDAuj7XlPsybfY4e2vUQL1iSnbP711pKWdA%2FesdlPWiRFBtsdEGMsaJvr3hFe4DTe7P4gZvWTkyA0lJ17ReP1woKLOEGABZlxaY32e1Oo2e81tOTag0QEiJauw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745145ea28a31bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.acint.net/rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=${USER_ID}
193.3.184.137302 Found 154 B URL HTTP/2 www.acint.net/rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=${USER_ID}
IP 193.3.184.137:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=${USER_ID} HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
content-length: 154
location: /rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D&dp=191&tc=1
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Sat, 03-Sep-22 20:45:39 GMT
aid=fwAAAWMTupt4UQITLkb3AqLB43MFziIfgCKYWCdfAAKB1k10; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 26d3f208d00df6489dfc363482182c3e
96c9130006ef361cbdafc014ef63e2874aa73d1b
35bddeaaf4f993c61cdcb0d866bbbca6898109f13973538a7230601574bc9f04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BDDEAAF4F993C61CDCB0D866BBBCA6898109F13973538A7230601574BC9F04"
Last-Modified: Fri, 02 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8164
Expires: Sat, 03 Sep 2022 22:51:43 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
pixel.vihub.ru/smart/_pub/advmaker/dist/smartPixel.min.js
136.243.149.224200 OK 9.0 kB URL HTTP/2 pixel.vihub.ru/smart/_pub/advmaker/dist/smartPixel.min.js
IP 136.243.149.224:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (9006), with no line terminators
Hash 84e23e901174a8cf57ffb581e7cbf2ec
693248e84945f8a495e0686cbf8833066793749e
a72f6e287ccbd8e44f5f415148688ca4cc0abddd57e0b14e62560eb7e3152397
GET /smart/_pub/advmaker/dist/smartPixel.min.js HTTP/1.1
Host: pixel.vihub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.2
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/javascript
content-length: 9006
last-modified: Wed, 26 Jul 2017 10:56:15 GMT
etag: "5978754f-232e"
access-control-allow-credentials: true
access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
accept-ranges: bytes
X-Firefox-Spdy: h2
sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRuogEQ-QszcivHEe2gRAAlkMgkNw**
31.172.81.158302 Moved Temporarily 0 B URL HTTP/1.1 sync3.adsniper.ru/?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRuogEQ-QszcivHEe2gRAAlkMgkNw**
IP 31.172.81.158:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ss1&s_data=CAIQARib9c6YBlIF36LEjAlaDgoHc19zdWJpZBIDYnRuogEQ-QszcivHEe2gRAAlkMgkNw** HTTP/1.1
Host: sync3.adsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Cookie: uuid3=IiRmOTBiMzM3Mi0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5CzNyK8cR7aBEACWQyCQ3
ETag: f90b3372-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
31.172.81.159302 Moved Temporarily 0 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ujs6&s_data=CAIQABib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc* HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Fri, 29 Aug 2042 20:35:39 GMT; Domain=spotsniper.ru; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
ETag: f907bcc4-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
s.uuidksinc.net/match/760/e9bb64ab3cd146cdb280e5b81b3f1587
31.220.27.135200 OK 74 B URL HTTP/2 s.uuidksinc.net/match/760/e9bb64ab3cd146cdb280e5b81b3f1587
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /match/760/e9bb64ab3cd146cdb280e5b81b3f1587 HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: image/png
content-length: 74
set-cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5; expires=Sun, 03 Sep 2023 20:35:39 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
utraff.com/index.php?r=iframe/index&id=5763
172.67.217.151302 Found 299 B URL HTTP/2 utraff.com/index.php?r=iframe/index&id=5763
IP 172.67.217.151:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash fbaf82a15538249c9fdc9b6406303fb0
6ea6522ebcc54e82d8f243f559c7fdd699857289
78e7b165b87918aaefdb4db5f83c10dcef065ed31ff0551618042d201bd21253
GET /index.php?r=iframe/index&id=5763 HTTP/1.1
Host: utraff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
location: https://lookmeet.tv/index.php?r=iframe/index&id=5763
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wfs7q5ijm%2F1sQAa60QcK%2FQjoPxkOZ0DOWMVOz88BuNYgwE1z7Rv%2BpCxzK61Hgw8H%2BWO4LG0COkvAyf0u%2FeOz%2FVyl3I4%2FFDKMJY%2BOYePcjynptE0aH0decFok8Idf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745145ea89091bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5CzNyK8cR7aBEACWQyCQ3
31.172.81.159302 Moved Temporarily 0 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_data=CAIQABib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5CzNyK8cR7aBEACWQyCQ3
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=ujs6&s_data=CAIQABib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5CzNyK8cR7aBEACWQyCQ3 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5B7zEK8cR7aBEACWQyCQ3
ETag: f907bcc4-2bc7-11ed-a044-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
31.172.81.159200 OK 598 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc*
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with very long lines (598), with no line terminators
Hash eb60ec5b322a542ebca5575f44149378
88f64b963af91166f50804fd12ed0e8a04daff4b
4edb310305861894b52392804839f0d3ede307f87aed3d17af778af8c593c2ae
GET /?src=ujs6&s_data=CAIQARib9c6YBqIBEPkHvMQrxxHtoEQAJZDIJDc* HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 598
Connection: keep-alive
Set-Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Fri, 29 Aug 2042 20:35:39 GMT; Domain=spotsniper.ru; SameSite=None; Secure
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Expires: Thu, 01 Jan 1985 00:00:01 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
P3P: CP="NOI DEV TAI PSA PSD OUR STP COM NAV INT DEM STA PRE LOC"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
dmpprof.com/matching/external/pixel.gif?sid=14&uid=V6UbAblzZ7U8lumNo6B5
85.192.12.173200 OK 43 B URL HTTP/2 dmpprof.com/matching/external/pixel.gif?sid=14&uid=V6UbAblzZ7U8lumNo6B5
IP 85.192.12.173:0
ASN #12695 LLC Digital Network
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /matching/external/pixel.gif?sid=14&uid=V6UbAblzZ7U8lumNo6B5 HTTP/1.1
Host: dmpprof.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: image/gif
content-length: 43
last-modified: Sat, 03 Sep 2022 20:35:39 GMT
expires: Wed, 11 Nov 1998 11:11:11 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: nmatch=14_V6UbAblzZ7U8lumNo6B5; expires=Sun, 04 Sep 2022 08:35:39 GMT; path=/; secure; SameSite=None
uid=temp-91.90.42.154-; expires=Sat, 03 Sep 2022 22:35:39 GMT; path=/; secure; SameSite=None
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH, GET, POST, OPTIONS
access-control-allow-headers: Origin,Content-Type,Accept,Authorization,X-Requested-With, DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
yourtubetvs.site/adv.js
103.224.182.208404 Not Found 196 B IP 103.224.182.208:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
GET /adv.js HTTP/1.1
Host: yourtubetvs.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 20:35:39 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 196
Connection: close
Content-Type: text/html; charset=iso-8859-1
rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5B7zEK8cR7aBEACWQyCQ3
31.172.81.159200 OK 229 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_data=CAIQARib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5B7zEK8cR7aBEACWQyCQ3
IP 31.172.81.159:0
ASN #44066 diva-e Datacenters GmbH
File type ASCII text, with no line terminators
Hash 0c298c02f138de2f10e56516fbfddd97
a858cee2bb209b7fe91b3a036f34a7973c5d0597
35b767ad740f9da5f3fd457c05371981e651a970bdcc1353a9007c17e7565481
GET /?src=ujs6&s_data=CAIQARib9c6YBloOCgdzX3N1YmlkEgNidG6iARD5B7zEK8cR7aBEACWQyCQ3 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nintendo.moy.su/
Connection: keep-alive
Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 229
Connection: keep-alive
Set-Cookie: suuid3=IiRmOTA3YmNjNC0yYmM3LTExZWQtYTA0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Fri, 29 Aug 2042 20:35:39 GMT; Domain=spotsniper.ru; SameSite=None; Secure
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Expires: Thu, 01 Jan 1985 00:00:01 GMT
Pragma: no-cache
Access-Control-Allow-Origin: *
P3P: CP="NOI DEV TAI PSA PSD OUR STP COM NAV INT DEM STA PRE LOC"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;s1280*1024*24;uhttps%3A//nintendo.moy.su/%3F7HODtlXgqrHfY096%255Ey2n3gaFXScDgaeqVkCw56b3IDiR%2521rc%255EhCUnQvSyprk7iVkEAQ%2521vNb%255ERvzbfeS1CC23pG%253Boo;1662237337072
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;s1280*1024*24;uhttps%3A//nintendo.moy.su/%3F7HODtlXgqrHfY096%255Ey2n3gaFXScDgaeqVkCw56b3IDiR%2521rc%255EhCUnQvSyprk7iVkEAQ%2521vNb%255ERvzbfeS1CC23pG%253Boo;1662237337072
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoz_topline_worldwide?rhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;s1280*1024*24;uhttps%3A//nintendo.moy.su/%3F7HODtlXgqrHfY096%255Ey2n3gaFXScDgaeqVkCw56b3IDiR%2521rc%255EhCUnQvSyprk7iVkEAQ%2521vNb%255ERvzbfeS1CC23pG%253Boo;1662237337072 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 02 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
yourtubetvs.site/adv.js
103.224.182.208404 Not Found 1.5 kB IP 103.224.182.208:0
ASN #133618 Trellian Pty. Limited
Hash d6e3d5b1bbbb4a6a2bc1b497b8b5be8a
e8b8c4121d06acc73ec21ae9e4503f70a0fa4962
ba447ef62f7588f0ac5dce92c08218150bb1f03273ccf4e5200ac80d8689d412
GET /adv.js HTTP/1.1
Host: yourtubetvs.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 20:35:39 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 196
Connection: close
Content-Type: text/html; charset=iso-8859-1
s1.ucoz.net/adv/dummy/000/img/bg.gif
193.109.247.235200 OK 1.3 kB URL HTTP/1.1 s1.ucoz.net/adv/dummy/000/img/bg.gif
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type GIF image data, version 89a, 485 x 3\012- data
Hash b19967d808ed7c42b41316d6c8474f55
18d80748bd4041b13a3373a429281ec65347a0e2
16c9962c4ecd52efc16d9d639d52fc60b9e427b6e454190d162f1aa1d220ad50
GET /adv/dummy/000/img/bg.gif HTTP/1.1
Host: s1.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1.ucoz.net/adv/dummy/000/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:49 GMT
Content-Type: image/gif
Content-Length: 1268
Last-Modified: Tue, 26 Mar 2019 14:28:17 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3701-4f4"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a27363ed55ebb9362fcd7684595f4000
25a2c21d83874623ffe7226e4a8e1d3b60a91509
24768a9a0a034ddd3855750ef120c5b81fa75ba88db03d87f248101e55bc9dd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6598
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:39 GMT
Last-Modified: Sat, 03 Sep 2022 18:45:41 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f18d96282b7c77f54403502a9285b351
59e0108e0c0ef8fdcce853f7aca1b9edfd537914
18284f55bb7175b00a34cec965d8f24c5d4f8505c4c46351a638a03ba3e3144c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18284F55BB7175B00A34CEC965D8F24C5D4F8505C4C46351A638A03BA3E3144C"
Last-Modified: Fri, 02 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2450
Expires: Sat, 03 Sep 2022 21:16:29 GMT
Date: Sat, 03 Sep 2022 20:35:39 GMT
Connection: keep-alive
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 3cb7e2b2a6df8205bf7e708b4c914ac8
b182d7ea431afd778ae8f1565c131ec6360b185d
33388a0df4097697187061d8c2588a2a988d709b05d951d533f0b8036f0f9edb
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 16:18:20 GMT
Expires: Thu, 08 Sep 2022 16:18:19 GMT
Etag: "b182d7ea431afd778ae8f1565c131ec6360b185d"
Cache-Control: max-age=603393,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 202
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145eeacd9b4fa-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash cdba6fac0be0e074dc7095eaef8d6a47
db376b9e909b47cabc793d1d02a6545cc5cd5a30
d6b83b3567e106b64f71c6b26f077e4622e7517afd983bf4331e9a8f472c43fa
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 07 Sep 2022 18:36:24 GMT
ETag: "db376b9e909b47cabc793d1d02a6545cc5cd5a30"
Last-Modified: Sat, 03 Sep 2022 18:36:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 362
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145eede22b4f7-OSL
x.instreamatic.com/v2/mark/787.gif
51.250.21.242302 FOUND 0 B URL HTTP/1.1 x.instreamatic.com/v2/mark/787.gif
IP 51.250.21.242:0
ASN #200350 Yandex.Cloud LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/mark/787.gif HTTP/1.1
Host: x.instreamatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 FOUND
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: https://ad.mail.ru/cm.gif?p=66&id=bc54d7c4e4423cc4
Set-Cookie: uns=RUPDFTTAPFAD; Domain=.instreamatic.com; Expires=Tue, 31 Aug 2032 23:35:39 GMT; Path=/; SameSite=None; Secure
Access-Control-Allow-Credentials: true
fcgi4.gnezdo.ru/cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5/?redirect=1
93.95.102.105204 No Content 0 B URL HTTP/2 fcgi4.gnezdo.ru/cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5/?redirect=1
IP 93.95.102.105:0
ASN #48347 JSC Mediasoft ekspert
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5/?redirect=1 HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 20:35:39 GMT
set-cookie: uid=XV9maWMTuptS4F/qCKFpAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2
dmg.digitaltarget.ru/1/6573/i/i?a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484
185.15.175.148307 Temporary Redirect 0 B URL HTTP/1.1 dmg.digitaltarget.ru/1/6573/i/i?a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484
IP 185.15.175.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/6573/i/i?a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484
Set-Cookie: viuserid=wONhtykPF5x130I7jFCE; Max-Age=93312000; Expires=Mon, 18 Aug 2025 20:35:32 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
kadam-sync.rutarget.ru/sync
45.9.24.193302 Moved Temporarily 0 B URL HTTP/1.1 kadam-sync.rutarget.ru/sync
IP 45.9.24.193:0
ASN #208677 Cloud technology Limited (Ltd.)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync HTTP/1.1
Host: kadam-sync.rutarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:39 GMT
Content-Length: 0
Connection: close
Location: https://d.uuidksinc.net/match/386/?remote_uid=Q3PexOjN_Pu9
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=Q3PexOjN_Pu9; Path=/; Domain=.rutarget.ru; Expires=Thu, 02 Mar 2023 20:35:39 GMT; SameSite=None; Secure
dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484
185.15.175.148200 OK 64 B URL HTTP/1.1 dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484
IP 185.15.175.148:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8
GET /awg/custom/6573/i/i?call_source=awg&a=662&e=V6UbAblzZ7U8lumNo6B5&i=0.4236658157702484 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
d.uuidksinc.net/match/386/?remote_uid=Q3PexOjN_Pu9
31.220.27.135200 OK 74 B URL HTTP/2 d.uuidksinc.net/match/386/?remote_uid=Q3PexOjN_Pu9
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /match/386/?remote_uid=Q3PexOjN_Pu9 HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
yourtubetvs.site/adv.js
103.224.182.208404 Not Found 196 B IP 103.224.182.208:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
GET /adv.js HTTP/1.1
Host: yourtubetvs.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 20:35:40 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 196
Connection: close
Content-Type: text/html; charset=iso-8859-1
status.geotrust.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9810476ac45f69542098277da9caa87f
8b53ca946af4b7fd3181220d18a1fbe51a30a4bf
6f03f70ba705816ad2911fadbc33e8d64adf4c3418f5e35d4f15d1eb078110ce
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4234
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:40 GMT
Last-Modified: Sat, 03 Sep 2022 19:25:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ad.mail.ru/cm.gif?p=66&id=bc54d7c4e4423cc4
94.100.180.197200 OK 43 B URL HTTP/2 ad.mail.ru/cm.gif?p=66&id=bc54d7c4e4423cc4
IP 94.100.180.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /cm.gif?p=66&id=bc54d7c4e4423cc4 HTTP/1.1
Host: ad.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: image/gif
content-length: 43
set-cookie: VID=0N_RSG0hAfYC0029E008CNoC:::0-0-0-82e135c:CAASEL6lbuL2LwSmKyfor4exs68aYGSRKXeOQCyLRAZmrKqgboOxGvW47HZJY11fEBLNHFtEsG4sgrtcXsaEGsDOynljKVU9tYTAJRxVldHmXXshVpKjYJA9lorIBrUHy-LmzSwZV4AButes00bdPhRHoJ-S5Q; path=/; expires=Mon, 04-Sep-23 20:35:40 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
expires: Sun, 04 Sep 2022 02:35:40 GMT
cache-control: max-age=21600
last-modified: Sat, 03 Sep 2022 20:35:40 GMT
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9229
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:35:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9229
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:35:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9229
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:35:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GHd4FOjIO1OP7wSOVcnOryE5ux4hlr_kC0dfJs3LqgQUbxMzuFxc1A==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:37:28 GMT
age: 82692
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 81186
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fcgi4.gnezdo.ru/cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5
93.95.102.105302 Found 8.0 kB URL HTTP/2 fcgi4.gnezdo.ru/cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5
IP 93.95.102.105:0
ASN #48347 JSC Mediasoft ekspert
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5 HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:39 GMT
location: https://fcgi4.gnezdo.ru/cookie_matching/kadam/V6UbAblzZ7U8lumNo6B5/?redirect=1
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With
access-control-allow-credentials: true
set-cookie: uid=XV9maWMTuptS4F/qCKFhAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: 43535b37-15c9-4a28-a7c0-f43482948382
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqlhGFX4IAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630db606-77bd935d4364050f230ba5da;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 07:02:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y_-knSwUodyBxS8I8PAoUexT6Z4o0Aq7m62v7HrRjm7vV-jP0VuCpw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 06:26:07 GMT
age: 50973
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5SORUPJgJ_gKKs4hSa4EzCCQA6B1dmyO1EC-gCBvFKl2R2hV0mYTeA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:39:01 GMT
age: 78999
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1yjBt3dqEztIRHo4yR3ZzI67J4lWUMS8R44-PpkeDJ4KNdCTPkmh-w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 04:45:35 GMT
age: 57005
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
31.220.27.135200 OK 6.7 kB URL HTTP/2 hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash a836209e3a1e937e9669f069922e2f54
dae2358fd4b1e8433232d50b2ccec278870c30f3
51b4281641047386526150682c71f4bb1149b64ac11f6172b787cf56a7b052a5
GET /get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322502&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8 HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://nintendo.moy.su
Connection: keep-alive
Cookie: dmpUid=V6UbAblzZ7U8lumNo6B5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://nintendo.moy.su
content-encoding: gzip
X-Firefox-Spdy: h2
counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335696
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335696
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoznet?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335696 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 02 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
nintendo.moy.su/favicon.ico
193.109.247.235200 OK 2.2 kB URL HTTP/1.1 nintendo.moy.su/favicon.ico
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
File type MS Windows icon resource - 1 icon, 32x32, 8 colors\012- data
Hash 9e27dc98cb19baec028c387c2178a402
00a17292c3e2e3ad064f974c6a51f19a8d19da32
f0c04647e803389ec1adcf7b94293a1d32c03eb5b4299a257592871d98d53dd2
GET /favicon.ico HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1; ucvid=EDjRM3M0QB; kdSspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:50 GMT
Content-Type: image/x-icon
Content-Length: 2238
Last-Modified: Mon, 08 Jul 2013 10:35:15 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "51da95e3-8be"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
sync.1dmp.io/pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
95.216.101.186302 Found 0 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
IP 95.216.101.186:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:40 GMT
content-length: 0
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=f9adda02-2bc7-11ed-ad67-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Sun, 03 Sep 2023 20:35:40 GMT; SameSite=None; Secure
uid-legacy=f9adda02-2bc7-11ed-ad67-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Sun, 03 Sep 2023 20:35:40 GMT
location: /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&cs=1
X-Firefox-Spdy: h2
counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335697
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335697
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237335697 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 02 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.1dmp.io/pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&cs=1
95.216.101.186200 OK 35 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&cs=1
IP 95.216.101.186:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /pixel.gif?cid=5cf84683-2e0c-42f6-ad4f-7502fc73b092&pid=1c414efa-7700-4fed-9953-20c233fe626d&uid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&cs=1 HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Cookie: uid=f9adda02-2bc7-11ed-ad67-f832e4719dd9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: image/gif
content-length: 35
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=f9adda02-2bc7-11ed-ad67-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Sun, 03 Sep 2023 20:35:40 GMT; SameSite=None; Secure
uid-legacy=f9adda02-2bc7-11ed-ad67-f832e4719dd9; Version=1; Path=/; Domain=.1dmp.io; Expires=Sun, 03 Sep 2023 20:35:40 GMT
X-Firefox-Spdy: h2
counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237336229
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237336229
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;clickgate08?r;s1280*1024*24;uhttps%3A//nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651;1662237336229 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 02 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__ru.js
142.250.74.163200 OK 162 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__ru.js
IP 142.250.74.163:0
File type HTML document, ASCII text, with very long lines (1110)
Size 162 kB (161953 bytes)
Hash 361b4deb3a7bda5874459bd622fc996d
3887ee55fcfa41c996a2c48469e83aa0ec4bf85a
e67124095871f681d64fc808887252047e034182935b0e9a020d3e173abd8830
GET /recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__ru.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nintendo.moy.su
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 161953
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 21:45:33 GMT
expires: Sat, 02 Sep 2023 21:45:33 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
content-type: text/javascript
age: 82207
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 4e02fe9a4005a09ed1c010c664482353
ddc1e3edc3926ec118aa87713d6a8571dca051f4
86fbdc619fdbe11e25c021cbd409e9e1dd33c98096fea2f216d6dcbdb0bfdbea
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Wed, 07 Sep 2022 17:45:27 GMT
ETag: "ddc1e3edc3926ec118aa87713d6a8571dca051f4"
Last-Modified: Sat, 03 Sep 2022 17:45:28 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3030
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145f34b49b4f7-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 8750d1263d8c76fcb70d96394d09195a
3142fea7b1082b0b8f9983f2d25d44ef83912c24
2acc4485edd8ef9d1a1cb5df7f9767276b099af24759ff7a083e8c7e3de53e24
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 07 Sep 2022 18:36:55 GMT
ETag: "3142fea7b1082b0b8f9983f2d25d44ef83912c24"
Last-Modified: Sat, 03 Sep 2022 18:36:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1140
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145f35b63b4fa-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62448d8e2cf95f5e811dc9c18ba60fc1
b8e9d771b424561a5edb30dc786273a136b1130f
a535bcce80fdeecebc58776d585958d32667f779b55e068a3b8aadd7e7c86d78
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A535BCCE80FDEECEBC58776D585958D32667F779B55E068A3B8AADD7E7C86D78"
Last-Modified: Sat, 03 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6807
Expires: Sat, 03 Sep 2022 22:29:07 GMT
Date: Sat, 03 Sep 2022 20:35:40 GMT
Connection: keep-alive
lookmeet.tv/index.php?r=iframe/index&id=5763
104.21.2.166200 OK 386 B URL HTTP/2 lookmeet.tv/index.php?r=iframe/index&id=5763
IP 104.21.2.166:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8d230eadb3d54aa3dda976b4fc37f4cd
c6e7bc4e22a2bb8e0cf1250b9f7a014a8654fed2
f8fb89eca8c19a8a95a4dfc49823e8e9be86271b36214e47fcd79739afa3b89a
GET /index.php?r=iframe/index&id=5763 HTTP/1.1
Host: lookmeet.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
last-modified: Thu, 18 Aug 2022 13:27:08 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMEmEKC42JwY6zagmHUYuJkCGamCrITV9HNY31Z2wfF84jEzykh9%2BKMh4aFoqf2kwBjFziesyWor83q%2FvuqxDseYqu4xqxQEJsYquwB%2BFo%2FSGnABB%2B9Rv2BxXT1jWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745145eadebab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sync.videonow.ru/ssp?dsp=16&uuid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
212.76.131.50200 OK 35 B URL HTTP/2 sync.videonow.ru/ssp?dsp=16&uuid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
IP 212.76.131.50:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df16d33739defe9bda1f4c45d36fd7a7
ff7489a6dd9ab0d9a4b084315f5b9d77cf9fdf50
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
GET /ssp?dsp=16&uuid=25a9ef93-8cd1-43ff-ad3e-67f1a438043d HTTP/1.1
Host: sync.videonow.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: image/gif
content-length: 35
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
vary: Origin
x-conn-id: 2990879
x-conn-req: 1
x-error: dsp disabled
X-Firefox-Spdy: h2
acint.net/rmatch?dp=14&euid=A8B803C19CBA13635A003A33027FA0D1&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D
193.3.184.137302 Found 154 B URL HTTP/2 acint.net/rmatch?dp=14&euid=A8B803C19CBA13635A003A33027FA0D1&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D
IP 193.3.184.137:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /rmatch?dp=14&euid=A8B803C19CBA13635A003A33027FA0D1&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission; aid=fwAAAWMTupt4UQITLkb3AqLB43MFziIfgCKYWCdfAAKB1k10; cSyncDp14v3=1662237339
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: text/html
content-length: 154
location: https://d.uuidksinc.net/match/383/?remote_uid=0100007F9BBA13631302517802F7462E
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
d.uuidksinc.net/match/383/?remote_uid=0100007F9BBA13631302517802F7462E
31.220.27.135200 OK 74 B URL HTTP/2 d.uuidksinc.net/match/383/?remote_uid=0100007F9BBA13631302517802F7462E
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /match/383/?remote_uid=0100007F9BBA13631302517802F7462E HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=V6UbAblzZ7U8lumNo6B5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:40 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Hash 034d4604beaddff5783b9878fadfaee6
64d5e1e0dbbbd62d6a64349dd964763b7ab4cbea
f8a957ee3468693f465da61d899438a2b674369b80c9d5c9ffff1111a7091290
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 71985
date: Sat, 03 Sep 2022 20:35:40 GMT
access-control-allow-origin: *
etag: "6312122a-11931"
expires: Sat, 03 Sep 2022 21:35:40 GMT
last-modified: Fri, 02 Sep 2022 17:24:42 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 486e9fa2a52191e51a8313cf4ed498df
431c198206ebd23a1a2e4ae1f45479e8d27d8fd6
67bb5ab8bb7f2cd20b9af04370ed3649589b16f780a248120e89822dfa8c952c
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Sep 2022 19:23:52 GMT
ETag: "431c198206ebd23a1a2e4ae1f45479e8d27d8fd6"
Last-Modified: Sat, 03 Sep 2022 19:23:53 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2392
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745145f4ad96b4f7-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d3a0b609ec3ac23a9c38275a8ab6425c
c2c1e22603501e67107cf4bc18fca511235bddbd
c86dec0ff38738b6a63f17c5977d737fc8c503b85cd8d1864eaaff0b56da8f29
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 02:18:46 GMT
Expires: Sat, 10 Sep 2022 02:18:45 GMT
Etag: "c2c1e22603501e67107cf4bc18fca511235bddbd"
Cache-Control: max-age=538384,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 745145f4bbfcb4ee-OSL
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
195.209.108.35302 Moved Temporarily 0 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
IP 195.209.108.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Sat, 03 Sep 2022 20:35:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Set-Cookie: cid=-5758683127; expires=Mon, 02 Sep 2024 20:35:40 GMT; path=/; domain=.adriver.ru; SameSite=None; Secure
Location: /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&tuid=-5758683127
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 12:31:58 GMT
expires: Sun, 03 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 29023
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
142.250.74.163200 OK 9.8 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 9832, version 1.0\012- data
Hash efe937997e08e15b056a3643e2734636
d02decbf472a0928b054cc8e4b13684539a913db
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9832
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 28 Aug 2022 22:23:00 GMT
expires: Mon, 28 Aug 2023 22:23:00 GMT
cache-control: public, max-age=31536000
age: 511961
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
x01.aidata.io/0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
89.108.120.68302 Found 0 B URL HTTP/2 x01.aidata.io/0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d
IP 89.108.120.68:0
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am15.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:40 GMT
content-length: 0
location: https://x01.aidata.io/0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&bounce=1
expires: Sat, 03 Sep 2022 20:35:39 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Sat, 03 Sep 2022 20:35:39 GMT
set-cookie: __upin=S69Ri8tIZrPTEXS079YqlA;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1662237341;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&tuid=-5758683127
195.209.108.35302 Moved Temporarily 40 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&tuid=-5758683127
IP 195.209.108.35:0
File type ASCII text, with CRLF line terminators
Hash 251630b588179b239e8fab1ac9ef6d3a
91b91a97bc481dd2bbd5e0f3fea6ba1c4e843882
c95661e0ef6975b1df5361695a439f71a021d72c345023c3e668e84f35b3c38b
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=5166553&bn=5166553&rnd=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&tuid=-5758683127 HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Sat, 03 Sep 2022 20:35:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Set-Cookie: cid=0; expires=Mon, 02 Sep 2024 20:35:41 GMT; path=/; domain=.adriver.ru;
uid=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=.adriver.ru
Location: //dmp.vihub.ru/match?sysid=adr&redir=no&uid=0
x01.aidata.io/0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&bounce=1
89.108.120.68302 Found 0 B URL HTTP/2 x01.aidata.io/0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&bounce=1
IP 89.108.120.68:0
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0.gif?pid=VIHUB&id=25a9ef93-8cd1-43ff-ad3e-67f1a438043d&bounce=1 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:41 GMT
content-length: 0
location: https://dmp.vihub.ru/match?sysid=ai&redir=no&uid=
expires: Sat, 03 Sep 2022 20:35:40 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Sat, 03 Sep 2022 20:35:40 GMT
set-cookie: __upin=HXE0AftBLS4jgHeiGWjiLg;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1662237341;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
mc.yandex.ru/watch/73418029/1?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20%28%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20%29%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/73418029/1?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20%28%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20%29%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 60ae1b2102b8d4c68d047ad528641341
01f28b110f470b51c349d6efbf1a86523cdb4e23
0a780ffbad4928d57df15089ab08172c84eb8925591c8d2efeddb28618d3ee69
GET /watch/73418029/1?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20%28%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20%29%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nintendo.moy.su
Referer: https://nintendo.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sat, 03 Sep 2022 20:35:41 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://nintendo.moy.su
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 20:35:41 GMT
last-modified: Sat, 03-Sep-2022 20:35:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dmp.vihub.ru/match?sysid=ai&redir=no&uid=
136.243.149.224200 OK 35 B URL HTTP/2 dmp.vihub.ru/match?sysid=ai&redir=no&uid=
IP 136.243.149.224:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /match?sysid=ai&redir=no&uid= HTTP/1.1
Host: dmp.vihub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:41 GMT
content-type: image/gif
content-length: 35
server: fasthttp
set-cookie: uid=0578b18f-4720-4d47-8f07-2c7724051da7; expires=Fri, 25 Aug 2023 20:35:41 GMT; domain=.vihub.ru; path=/
X-Firefox-Spdy: h2
dmp.vihub.ru/match?sysid=adr&redir=no&uid=0
136.243.149.224200 OK 35 B URL HTTP/2 dmp.vihub.ru/match?sysid=adr&redir=no&uid=0
IP 136.243.149.224:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /match?sysid=adr&redir=no&uid=0 HTTP/1.1
Host: dmp.vihub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:41 GMT
content-type: image/gif
content-length: 35
server: fasthttp
set-cookie: uid=f098287a-0748-405e-9cbd-e1eed878e090; expires=Fri, 25 Aug 2023 20:35:41 GMT; domain=.vihub.ru; path=/
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 03 Sep 2022 20:35:41 GMT
access-control-allow-origin: *
etag: "6312122a-2b"
expires: Sat, 03 Sep 2022 21:35:41 GMT
accept-ranges: bytes
last-modified: Fri, 02 Sep 2022 17:24:42 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbb6ba2d8566b6d2a260d618e02a97de
aef2804e70611fe1097b42477c33105c30ff4fe3
d0953aa076b5cc0cddef306918f48522fe5c8704dc010dc69f77618576d23fc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0953AA076B5CC0CDDEF306918F48522FE5C8704DC010DC69F77618576D23FC8"
Last-Modified: Sat, 03 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2990
Expires: Sat, 03 Sep 2022 21:25:32 GMT
Date: Sat, 03 Sep 2022 20:35:42 GMT
Connection: keep-alive
www.acint.net/rmatch?dp=53&euid=YYYY&r=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3Djn8qD87b_eP-uFJ6_8m04GrTqCFI6DsY3KaaIktma4afc2sEC0EXEy7LGgjF11a8zwRyWm5S-312i7yZc3dBcw%26buyerid%3D%24%7BUSER_ID%7D
193.3.184.137302 Found 154 B URL HTTP/2 www.acint.net/rmatch?dp=53&euid=YYYY&r=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3Djn8qD87b_eP-uFJ6_8m04GrTqCFI6DsY3KaaIktma4afc2sEC0EXEy7LGgjF11a8zwRyWm5S-312i7yZc3dBcw%26buyerid%3D%24%7BUSER_ID%7D
IP 193.3.184.137:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /rmatch?dp=53&euid=YYYY&r=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3Djn8qD87b_eP-uFJ6_8m04GrTqCFI6DsY3KaaIktma4afc2sEC0EXEy7LGgjF11a8zwRyWm5S-312i7yZc3dBcw%26buyerid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Cookie: test_cookie=CheckForPermission; aid=fwAAAWMTupt4UQITLkb3AqLB43MFziIfgCKYWCdfAAKB1k10; cSyncDp14v3=1662237339
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 03 Sep 2022 20:35:42 GMT
content-type: text/html
content-length: 154
location: https://a.utraff.com/sync?utctx=jn8qD87b_eP-uFJ6_8m04GrTqCFI6DsY3KaaIktma4afc2sEC0EXEy7LGgjF11a8zwRyWm5S-312i7yZc3dBcw&buyerid=0100007F9BBA13631302517802F7462E
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
access-control-allow-origin: https://lookmeet.tv
access-control-allow-credentials: true
access-control-allow-methods: GET
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cfb7f2efe5b8bc5d73a20a83da2a4266
3d484095b734d8be2c6b25b88dc206c03c117451
41d6894a315bd1512124c1a1f761f8f906e42d27993474a4fbcbe7ee0a8555c1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 23:58:47 GMT
Expires: Thu, 08 Sep 2022 23:58:46 GMT
Etag: "3d484095b734d8be2c6b25b88dc206c03c117451"
Cache-Control: max-age=443583,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74514600680eb4f3-OSL
sync.dmp.otm-r.com/match/umg
195.201.106.117204 No Content 0 B URL HTTP/2 sync.dmp.otm-r.com/match/umg
IP 195.201.106.117:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/umg HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.15.9
date: Sat, 03 Sep 2022 20:35:42 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lookmeet.tv
vary: Origin
X-Firefox-Spdy: h2
a.udsp.io/sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
104.21.53.176204 No Content 0 B URL HTTP/2 a.udsp.io/sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 104.21.53.176:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: a.udsp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 20:35:42 GMT
content-type: text/plain
set-cookie: preutid=1; Expires=Mon, 03 Oct 2022 23:35:42 GMT; Domain=.udsp.io; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-origin: https://lookmeet.tv
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y3Unfua8MDLe1%2F2sJzVHvBdu9oulGN8Q9hrlp25LpmO1iYYez8OHaZ0QbmOAmhzakU70sU1V3O41msBa70zNIfp9t8KDBcmH6L27hRrUx9Gbs1glW2GbIIus0yc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745146009e3fb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.cdnkimg.com/auto/500x310/image/tesr/8269/269/rect_630393680b0a3t1661178728r810.jpeg
45.133.44.37200 OK 97 kB URL HTTP/2 i.cdnkimg.com/auto/500x310/image/tesr/8269/269/rect_630393680b0a3t1661178728r810.jpeg
IP 45.133.44.37:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 500x310, components 3\012- data
Hash 28e751525ec0b05c1bde10e536bf2dd6
008a112dd7f46bf35a93066e2c08d1f8ecf42da9
bf6ee4f777c05e8c11675cb38cb47ec1babfc21082e0152be4bea3c00d26f9fe
GET /auto/500x310/image/tesr/8269/269/rect_630393680b0a3t1661178728r810.jpeg HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:42 GMT
content-type: image/jpeg
content-length: 97028
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: HIT
expires: Sat, 17 Sep 2022 20:35:42 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
img.phoenix-widget.com/w/500x310,fit,q80/b/611259594b83caef0cdbe76c.jpg
178.62.226.6200 OK 17 kB URL HTTP/1.1 img.phoenix-widget.com/w/500x310,fit,q80/b/611259594b83caef0cdbe76c.jpg
IP 178.62.226.6:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, baseline, precision 8, 420x236, components 3\012- data
Hash 5579d70811d7e9daedb1ab7eb8f91850
ccd9bd0f6b19ab874989a71dd64665cc8cc5b087
1fea24cc4ccae33dd6a80b7362aecd7805da7be176cdb32553b8b0e472122cef
GET /w/500x310,fit,q80/b/611259594b83caef0cdbe76c.jpg HTTP/1.1
Host: img.phoenix-widget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:42 GMT
Content-Type: image/jpeg
Content-Length: 16729
Connection: keep-alive
Access-Control-Allow-Origin: *
Etag: 20382-e58c765a263ba4b287135dc53d0aa6a5182bbb79
Expires: Sun, 03 Sep 2023 20:35:42 GMT
Cache-Control: max-age=31536000, public, immutable
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c620ac617120a2e33a8b1071e39739b9
5f4802a9f9410ce78d72ee6789700fe6f5830f37
44548d7512837a5b72f40e7bff8c75dfa3e9abc649c89b7c5e67dbc1ab61d2c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44548D7512837A5B72F40E7BFF8C75DFA3E9ABC649C89B7C5E67DBC1AB61D2C5"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5092
Expires: Sat, 03 Sep 2022 22:00:34 GMT
Date: Sat, 03 Sep 2022 20:35:42 GMT
Connection: keep-alive
a.udsp.io/sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
104.21.53.176204 No Content 0 B URL HTTP/2 a.udsp.io/sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 104.21.53.176:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=uTraff_SSP&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: a.udsp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
TE: trailers
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 20:35:42 GMT
content-type: text/plain
set-cookie: preutid=1; Expires=Mon, 03 Oct 2022 23:35:42 GMT; Domain=.udsp.io; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-origin: https://lookmeet.tv
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFuRxorG3jJFWdvbsbLnWqVqmXh8%2BWa2ifqwTZOvMO0GVD8%2BIsrwfNE67aDrB3IqIkWjOsQj8dL3HpLw8Ly%2FlnyctcTUvryGDyFDGdJEBOdJ%2Fe4438PZQ9MEn0o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74514600feccb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.phoenix-widget.com/w/500x310,fit,q80/b/62b051540d3a1b75f5171a0e.jpg
178.62.226.6200 OK 20 kB URL HTTP/1.1 img.phoenix-widget.com/w/500x310,fit,q80/b/62b051540d3a1b75f5171a0e.jpg
IP 178.62.226.6:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, baseline, precision 8, 420x236, components 3\012- data
Hash cfb1b436abdfdbe04e1cd52335b6ecd1
a66f9af01dd47737d133b223d3c482d7fc0a86f7
df18dc03f63cc7ec093abc566cd188536e46c8c25b74c7eaa743239aac29711b
GET /w/500x310,fit,q80/b/62b051540d3a1b75f5171a0e.jpg HTTP/1.1
Host: img.phoenix-widget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:42 GMT
Content-Type: image/jpeg
Content-Length: 19520
Connection: keep-alive
Access-Control-Allow-Origin: *
Etag: 31735-de1d7045295238a582ca94bdac7fcd6a8ad8caf6
Expires: Sun, 03 Sep 2023 20:35:42 GMT
Cache-Control: max-age=31536000, public, immutable
dm-eu.hybrid.ai/match?id=150&vid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
37.18.103.16204 No Content 0 B URL HTTP/2 dm-eu.hybrid.ai/match?id=150&vid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 37.18.103.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?id=150&vid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 03 Sep 2022 20:35:42 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=16d3cbf729057a197043; expires=Sun, 03 Sep 2023 20:35:41 GMT; domain=.hybrid.ai; path=/; samesite=none
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 523
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: Hybrid Web Server
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a827ede7e399d33a11e1c37d33211fdd
99c0b5bdfb134b1d9c09dcffc6cb96ad0731f62f
0697a13c5e771dfa6a56f896449dc52ae453ee0f0c1977630280116184804c8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0697A13C5E771DFA6A56F896449DC52AE453EE0F0C1977630280116184804C8D"
Last-Modified: Fri, 02 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3800
Expires: Sat, 03 Sep 2022 21:39:02 GMT
Date: Sat, 03 Sep 2022 20:35:42 GMT
Connection: keep-alive
match.new-programmatic.com/userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
217.65.2.150302 Found 0 B URL HTTP/1.1 match.new-programmatic.com/userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 217.65.2.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 20:35:42 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
Vary: Origin
Location: https://match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d7be6e5b10e1f3dcf06db7060667032
72ff4f0f538291ef6733c9481325a3559801c83d
0b55e141e1302dc26a3e361289e50021d8081e76349f5ce004a6dc15bcc14842
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B55E141E1302DC26A3E361289E50021D8081E76349F5CE004A6DC15BCC14842"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12292
Expires: Sun, 04 Sep 2022 00:00:34 GMT
Date: Sat, 03 Sep 2022 20:35:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60dedae6c99ea31e0015cc6e9cc57672
6f1299404bb9844832061ea73b6187cadb968b1d
db77a095c49860ab94fff57933e031b23dacdd00398ea56e9ab3fe4908c4d700
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB77A095C49860AB94FFF57933E031B23DACDD00398EA56E9AB3FE4908C4D700"
Last-Modified: Thu, 01 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3958
Expires: Sat, 03 Sep 2022 21:41:40 GMT
Date: Sat, 03 Sep 2022 20:35:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash cfb7f2efe5b8bc5d73a20a83da2a4266
3d484095b734d8be2c6b25b88dc206c03c117451
41d6894a315bd1512124c1a1f761f8f906e42d27993474a4fbcbe7ee0a8555c1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 23:58:47 GMT
Expires: Thu, 08 Sep 2022 23:58:46 GMT
Etag: "3d484095b734d8be2c6b25b88dc206c03c117451"
Cache-Control: max-age=443583,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 745146003cc7b4ee-OSL
sync.bumlam.com/?src=utr1&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
31.172.81.172302 Moved Temporarily 0 B URL HTTP/1.1 sync.bumlam.com/?src=utr1&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 31.172.81.172:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=utr1&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiRmYjIxZjdmZS0yYmM3LTExZWQtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Fri, 29 Aug 2042 20:35:43 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=utr1&s_data=CAIQARif9c6YBmIkOGUxYTNlZjQtNmM0ZC00NGZmLTgwZGQtZjkyMjZhODkyNDNlogEQ-yH3_ivHEe2G4AAlkMBkfA**
ETag: fb21f7fe-2bc7-11ed-86e0-002590c0647c
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7af0f0c4693fbcda7aa13b873a440b6
23d8f7fc555245bf5a531b62ceb4ae6a600761b5
bcaa84976521da03f63c7c45641a719cac2427e7ee5d58e58eddde7c48308644
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCAA84976521DA03F63C7C45641A719CAC2427E7EE5D58E58EDDDE7C48308644"
Last-Modified: Fri, 02 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5170
Expires: Sat, 03 Sep 2022 22:01:53 GMT
Date: Sat, 03 Sep 2022 20:35:43 GMT
Connection: keep-alive
match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
217.65.2.150302 Found 0 B URL HTTP/1.1 match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
IP 217.65.2.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=yandex&pbf=1&gi=1 HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
Vary: Origin
Location: https://an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a5b3ad36a4efdb027c36f374f191011
c48ebb6c0dbb91c5c888b2e5c77dbbc039d022bf
158d2528d8dfadc6162cfdd110f324bb4b665103a160aeb0053ee8ae2aa99ee6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "158D2528D8DFADC6162CFDD110F324BB4B665103A160AEB0053EE8AE2AA99EE6"
Last-Modified: Sat, 03 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11532
Expires: Sat, 03 Sep 2022 23:47:55 GMT
Date: Sat, 03 Sep 2022 20:35:43 GMT
Connection: keep-alive
s.viiexe.com/n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jnarglk34utlcawqnuirxujm2pmcly3pjbagulaigvarcvkfakyuobkshbewsmswx52ksuq5qzidrellgc3e3t7kt74vhwb3ifmqend3pvidehoeke55c2ukk7xuqhhypnk6eo2i2eyzvi7umcihxhv6q5ejsmmlyhwmouuak43lutlagfjerop3kp27munijwycftsljlavjy5btsqe7wjwthp67cml73xvbacn46f63e5rt2xypk2t5bg5kmmmjnptozrngyjvujitnbqru4yneukrupiobnojeu2o?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE}
31.220.27.135200 OK 74 B URL HTTP/2 s.viiexe.com/n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jnarglk34utlcawqnuirxujm2pmcly3pjbagulaigvarcvkfakyuobkshbewsmswx52ksuq5qzidrellgc3e3t7kt74vhwb3ifmqend3pvidehoeke55c2ukk7xuqhhypnk6eo2i2eyzvi7umcihxhv6q5ejsmmlyhwmouuak43lutlagfjerop3kp27munijwycftsljlavjy5btsqe7wjwthp67cml73xvbacn46f63e5rt2xypk2t5bg5kmmmjnptozrngyjvujitnbqru4yneukrupiobnojeu2o?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE}
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jnarglk34utlcawqnuirxujm2pmcly3pjbagulaigvarcvkfakyuobkshbewsmswx52ksuq5qzidrellgc3e3t7kt74vhwb3ifmqend3pvidehoeke55c2ukk7xuqhhypnk6eo2i2eyzvi7umcihxhv6q5ejsmmlyhwmouuak43lutlagfjerop3kp27munijwycftsljlavjy5btsqe7wjwthp67cml73xvbacn46f63e5rt2xypk2t5bg5kmmmjnptozrngyjvujitnbqru4yneukrupiobnojeu2o?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE} HTTP/1.1
Host: s.viiexe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
136.243.48.22302 Found 0 B URL HTTP/2 sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 136.243.48.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/avif
content-length: 0
location: https://sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
set-cookie: session_tptc=1662237343027;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
session_tptc-legacy=1662237343027;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: https://lookmeet.tv
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
X-Firefox-Spdy: h2
s.viiexe.com/n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4cunnbgcudywqbyb52wemljabc4wpo663lzdrm4aiprpkqg6kkuki4es2jsuzyigyzvvjlffyclnpjfjs6av3ix7pcqflbwuotgp4uvkzsjgy32qstkvjk7oswbkmc7yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlkuozn5m3f6tcpm2roev67tjfpsnx5jxjwkuoykde43b7rgttexbhr6sii7vedjpitnwhw6c62vb5lvxdurojw5jgjczkefzraowqibnpcyfl4grubiij7oytf64dd55hga===?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE}
31.220.27.135200 OK 74 B URL HTTP/2 s.viiexe.com/n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4cunnbgcudywqbyb52wemljabc4wpo663lzdrm4aiprpkqg6kkuki4es2jsuzyigyzvvjlffyclnpjfjs6av3ix7pcqflbwuotgp4uvkzsjgy32qstkvjk7oswbkmc7yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlkuozn5m3f6tcpm2roev67tjfpsnx5jxjwkuoykde43b7rgttexbhr6sii7vedjpitnwhw6c62vb5lvxdurojw5jgjczkefzraowqibnpcyfl4grubiij7oytf64dd55hga===?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE}
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /n/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4cunnbgcudywqbyb52wemljabc4wpo663lzdrm4aiprpkqg6kkuki4es2jsuzyigyzvvjlffyclnpjfjs6av3ix7pcqflbwuotgp4uvkzsjgy32qstkvjk7oswbkmc7yujz7fvdh3smq6g666mukhzklvrtuzgjn37x3zlkuozn5m3f6tcpm2roev67tjfpsnx5jxjwkuoykde43b7rgttexbhr6sii7vedjpitnwhw6c62vb5lvxdurojw5jgjczkefzraowqibnpcyfl4grubiij7oytf64dd55hga===?cur=${AUCTION_CURRENCY}&bid=${AUCTION_PRICE} HTTP/1.1
Host: s.viiexe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
s.viiexe.com/i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4culvbgcudywqbyb52wemljabc4wpo663pqjmgoavcpsnrvfgcw22zyn2bvxzgvt22tobsgewt5l4btikw3mjj6av7khhuwut76jrfncu3z5ri7jjowgolezamn5542iupfy7hjivfxjac5e7c5ke6e5g5ikxbosywyprhmephcnovfetxlmxfy3gwkh34w37og5or3vvwdk3vdzr6qrgfllne6v6dvlar46vvoqus3dvlqkgqvgbkdgmyfan3sofb5gy5wi6t4ze3vo===
31.220.27.135200 OK 74 B URL HTTP/2 s.viiexe.com/i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4culvbgcudywqbyb52wemljabc4wpo663pqjmgoavcpsnrvfgcw22zyn2bvxzgvt22tobsgewt5l4btikw3mjj6av7khhuwut76jrfncu3z5ri7jjowgolezamn5542iupfy7hjivfxjac5e7c5ke6e5g5ikxbosywyprhmephcnovfetxlmxfy3gwkh34w37og5or3vvwdk3vdzr6qrgfllne6v6dvlar46vvoqus3dvlqkgqvgbkdgmyfan3sofb5gy5wi6t4ze3vo===
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh26kxmngghf3ktjltqxt7pmbwittfgbovw3qhnz7xgu3gifgopyc2jh64n25dtkxypk5nhfq33f4zqfgfcukaiqbdseibklj5pe437hl2jgi2ehzmpggxjui5blf4ra6tdlr33rhbw2o5xg3faicdlazfmt5lgdumm2y2iuygsmswj5fwdich2rjtvqlihdde5bpvk7efl5uunxith6sgrnqn3onwkd2ursceyv2z4ydgi5pgzxki43ykg4vdmbcikvldae3fhgsxod5wau6akuzoasg3576oosebkhfit6eqjkatgv55jjraeliw3m5es2jss2bypdlp2jlfc3i2fwbfjqps3kgifk5ny63gr4culvbgcudywqbyb52wemljabc4wpo663pqjmgoavcpsnrvfgcw22zyn2bvxzgvt22tobsgewt5l4btikw3mjj6av7khhuwut76jrfncu3z5ri7jjowgolezamn5542iupfy7hjivfxjac5e7c5ke6e5g5ikxbosywyprhmephcnovfetxlmxfy3gwkh34w37og5or3vvwdk3vdzr6qrgfllne6v6dvlar46vvoqus3dvlqkgqvgbkdgmyfan3sofb5gy5wi6t4ze3vo=== HTTP/1.1
Host: s.viiexe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
s.viiexe.com/i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jn7rglk34utlcawqnuirxujm2pmcly3pjbagulebnnlyitklxfjhvncqxtbknm2ryvegsycigzta46alk7deyshzkpafl4r3gtatcv77jbqoq64yx2durkjrtsr7iyfapoe5zh7pnpffkk6jmvmxwucvzljwvp7ujtbwksxikcfsrulngp3exueut3qffyr4q34znpuuzxnffqcq3sa7fnoivgyljhsrvbio4o4tnutaa6i6amiruobimj7dycr2hitc6p2ocztzqtdi
31.220.27.135200 OK 74 B URL HTTP/2 s.viiexe.com/i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jn7rglk34utlcawqnuirxujm2pmcly3pjbagulebnnlyitklxfjhvncqxtbknm2ryvegsycigzta46alk7deyshzkpafl4r3gtatcv77jbqoq64yx2durkjrtsr7iyfapoe5zh7pnpffkk6jmvmxwucvzljwvp7ujtbwksxikcfsrulngp3exueut3qffyr4q34znpuuzxnffqcq3sa7fnoivgyljhsrvbio4o4tnutaa6i6amiruobimj7dycr2hitc6p2ocztzqtdi
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
GET /i/1/pniesytebj5vublfprzfgyknmrsqs4k3azrh46kumjggediihizdqxt7pmbwittfgbovw4iemqwxwvjuju3wexd2babti6d6a5susy3dlf4qqkxds5medh7i6c5mhnuwzwuu4y5v6w3zuviijbisebsocmetb7omrlbobrwctvwsh6vfw3gfisgjxxniysrtuzm7evlpgcx5tykuk5auqwajwg7kkgekbu7e2mtbkb4fiuryxfllev2o3nqolnk44i4y34irszhl3262scuk3r5wsyzygtsbwzzujpctftnwrzcye47rkialnz6roli2ij5supspeaidwn2weair6ijgf4ddkdd2gflsirsteytgif3bk43cosrfkzlgwkrsfm4rsayalyvaizbofmodokq4c4nq4laqpatbkcbimyyt4e2pcabwgzacdqvtymj5evisqpqdeedccejsduwrqsatfj5wabrbe43byeyylycdu6zfaytfioa4cm7auez2pnqcumrlferayfajcmyxyzqgeehdshlfevisulskhqwrgmz2di5aawyaanosyayncy4scda4iijtcybmc4ecqzrpm4tfwaaely6rocbimy2qoks3aadxqormcm3sagzzarjrckt3mabbqgjtge5aasbnfzfdufyifbtb2zjfkevs4zbdc4ecqzrxcaiaclz2jjqrocblearbejkraybx6jixbavssiqmcqesqmlyhikq2frzg47bosyrfj4cmli4auztcprcb4isu6dffuoa2jjac4nq4bz5omqqgdiwhemrgy2ifmcukpyaeewcqnixfjnqab3ammwaynztge7d2qqff5ct6li4busceda4lmaagqruc4ecwia2amkfmez2bmtsydbxhyqbog2lcevhqjrndqtt4iqhnnhswbcwgudcegjtge4t4taqhzldua3zauqceobfkecs6rj7fyofaobcmydu4lk3mq7sydiwheqayyybceyqepydbavweiqmdniqmad3fybsckbzdydskuiqarpd2fjgdetbuzyykiwtc6z7aarcwbrnmqbvcbjkpawbkhbpmentsb2raybxojigey3wihaxdmhcyedyhykq2wdadugbavaaanos4aqicy4ruez6jqudcyz7aaqs62i6a4va6aaely6qmiiohe2qe2yicacqulygeildsgrzcqecqmlihidccelhge5bqvbkgfsduldyga4topiyb4isu6bbfugc6ja4cmoe2ljpiu7qaijmemqbogcqfjnhyorlamxtgmj6ejncywcfh4xbymztge7d2qaff5ct6lbgg4ubyaz6iejt4ybvayqq4kbucisvcljolztc2dbxgmyt4iqpcevhqjivdrkdgmj6hugaiiidn4bqgfjtge4t4uyrfj5waarsdeztcoqykqvdczbgfqtdoozac4nq4bb2ji2qmjqneqrgkjkraydumnigeucsigidm5nqaa25m4ba6ibdealrqvzlhzpcgfyifbtdkabrbecs6rj7fmbq2jzcaisvcbqdp4srocbleqmqgy2ufjmekpyae4ktgmjzhzgbapswhibxsejheibtmwyaabfdkbrgbusccazwkqcvu4bdcv5bmojucisvckb6am7bk6jueyrgmpsvcevhwjixbavsagqdcrlbgoqlmukrykzhealrqxbpgebtekiyfartcoqikqvaa63aayqsijjvhumacbjkpa7s4hbthunbg22ofichyzzmeiugmmjyarwbwkt3eudcklz4eftqiqithj5waaqycy4sedb2baaagqtbaytcoozam4aa2krom47qaijee42bogclfa7agjrlbaugmnlhmmarcosfh4whsdlaeidrwdrmcb4cmfiifbtdcpqxiidc2z3eaiptiybwaadqwbz5omxqeijmhe2bogctfnnqgprodrktsnz5daerawylmabskk3bge6skuiqln2gmbrbcezdcpz6pimag53dampsqyzrhbrewaahoa7bk6jxhiqqya2raycucpy4dytrgniahfgaia2rh4lrqfrzdmoaiujlfzpcylqmg4utcprcb4aaixr5ayqq4ojvfyyucbr5nm7qgcbleuqqgy2uaabv2pzldqxsmhj5m5as2otyn4bqqkzheebtmvaaanot6lqdgnqbwha7bycrac3hcz4vqzruhimasbiqpbxqgcblhmrayccicbnwopyaeujdshadc5iqmadydawxqejadijsuuafcntsgaqiea7s6eaxiadba4a3fyofiyi5c4iaybrnnayacijqm4yrygakaybvszadeeqcamirgzkbaw2geabtckbhguabgtyehvzs4bqohmqbwoiekuvvuvjaaaptqjjvc4nuwaaeky5c2mrimyos2gaifqyxaoqgeehcsnaxdbecuil4hiwckozaeftaouigan7skbrgf4tbya3hbavaowj7aarcwhy2m4mawebrle7qgcblhimqyaanaabv2py3paxsggrndaaqkktyeywaqkdgge7dsqafanmscazbgautipqxbedsu6zfaytdgpa4he7feezrmbrsydbuhe3t4g2laaceuprneycwciidgzkaaa25h4kryvjzdydskujngf6dulbcfbtb2liyjajsu63aayttqyroammhueaejjqbqiifay3rgkqjfm6aoiabeaugcmj2mjfqabdumydccdrjgqlrqurngf5t6abhci4s4aq4puaakarfaytcworbbqbvcbqfie7ryhrhcm2t4b2maqihqmrjdaldsilhdbkbamlaeyvsmnzwdebqguigab5wiargfattmeydbeibg4b5aj4sikbbhyyqseydm4xacmjhha2rgf2rauvhqpawdricoiidhzlcwbileykqqkdgge7aivatanndwfi7frqceea7budc243daj4siyzbhy4ueeznkvraacbiemytuecqfidwaiyvcmvtmgidaniqmad3mqbccbjygvtawtyqhvldwaa4fbqccayukmdt24b4cuqsikjbaabvcbjkpawc4ezthqqgmacofm7hijrneiugmmj2arjcwws5emwcknbzgqlrqvaqljycebrbbyttipqtiacsu6b5cyjtgpbrhy6vcbadomxqeisre43qoysparmgglycb4hcunqahvbamoqgfqatcctdgyxawdihf5ot6ki2j4ys2bb2mewdqrbupehaozyxc4kfwpbbkbtakprvei6gz6rzo3mtgvpxjiayq6pgr6joc2wsk76zns7ypo6fhv2ltmzvkhi6epmxuvcshce2l7v2odqwguzna4liqs7hrpwzhmm6v6d2wu72jn7rglk34utlcawqnuirxujm2pmcly3pjbagulebnnlyitklxfjhvncqxtbknm2ryvegsycigzta46alk7deyshzkpafl4r3gtatcv77jbqoq64yx2durkjrtsr7iyfapoe5zh7pnpffkk6jmvmxwucvzljwvp7ujtbwksxikcfsrulngp3exueut3qffyr4q34znpuuzxnffqcq3sa7fnoivgyljhsrvbio4o4tnutaa6i6amiruobimj7dycr2hitc6p2ocztzqtdi HTTP/1.1
Host: s.viiexe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2
cstatic.weborama.fr/js/wam/customers/wamfactory_dpm.wildcard.min.js?rnd=1662237340266
93.184.221.133200 OK 6.2 kB URL HTTP/2 cstatic.weborama.fr/js/wam/customers/wamfactory_dpm.wildcard.min.js?rnd=1662237340266
IP 93.184.221.133:0
File type ASCII text, with very long lines (18259), with no line terminators
Hash 32db07d506ca6c7591d8ba2d1545fe05
64ab3caf28312ed444b65b8290da42757059c501
f7b913c19f5b7ea9c15e62609f1c4af46d65d3873406acfc6a77a65538d24067
GET /js/wam/customers/wamfactory_dpm.wildcard.min.js?rnd=1662237340266 HTTP/1.1
Host: cstatic.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://weborama.utraff.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 217211
cache-control: max-age=604800
content-type: text/javascript
date: Sat, 03 Sep 2022 20:35:43 GMT
etag: "658802878"
expires: Sat, 10 Sep 2022 20:35:43 GMT
last-modified: Thu, 07 Jul 2022 08:12:18 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F7BD)
vary: Accept-Encoding
x-cache: HIT
content-length: 6248
X-Firefox-Spdy: h2
hdbcode.com/b3aad1kk.js
31.220.27.135200 OK 8.9 kB IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (16193)
Hash 4b48237db22e3954484adf796b15bb98
0653f01a73687e1dbd3fd5cdccc609b1f78ec651
ff3367fb91b77011fc6d9df6d7ea76fdd13a649df9e98b2fe5acff33587865e6
GET /b3aad1kk.js HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/javascript
last-modified: Thu, 01 Sep 2022 15:56:41 GMT
vary: Accept-Encoding
etag: W/"6310d639-54f9"
content-encoding: gzip
X-Firefox-Spdy: h2
match.new-programmatic.com/userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
217.65.2.150302 Found 0 B URL HTTP/1.1 match.new-programmatic.com/userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 217.65.2.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
Vary: Origin
Location: https://match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
sync.bumlam.com/?src=utr1&s_data=CAIQARif9c6YBmIkOGUxYTNlZjQtNmM0ZC00NGZmLTgwZGQtZjkyMjZhODkyNDNlogEQ-yH3_ivHEe2G4AAlkMBkfA**
31.172.81.172200 OK 43 B URL HTTP/1.1 sync.bumlam.com/?src=utr1&s_data=CAIQARif9c6YBmIkOGUxYTNlZjQtNmM0ZC00NGZmLTgwZGQtZjkyMjZhODkyNDNlogEQ-yH3_ivHEe2G4AAlkMBkfA**
IP 31.172.81.172:0
ASN #44066 diva-e Datacenters GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /?src=utr1&s_data=CAIQARif9c6YBmIkOGUxYTNlZjQtNmM0ZC00NGZmLTgwZGQtZjkyMjZhODkyNDNlogEQ-yH3_ivHEe2G4AAlkMBkfA** HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: suuid3=IiRmYjIxZjdmZS0yYmM3LTExZWQtODZlMC0wMDI1OTBjMDY0N2M*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: suuid3=IiRmYjIxZjdmZS0yYmM3LTExZWQtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Fri, 29 Aug 2042 20:35:43 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
stats.seedr.com/nr/sync?dsp_id=umedia&external_uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
95.163.53.111200 OK 20 B URL HTTP/1.1 stats.seedr.com/nr/sync?dsp_id=umedia&external_uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 95.163.53.111:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /nr/sync?dsp_id=umedia&external_uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: stats.seedr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-powered-by: PHP/7.4.30
x-envoy-upstream-service-time: 3
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, *
Content-Encoding: gzip
rtb.com.ru/umg-sync?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
83.222.114.190204 No Content 0 B URL HTTP/1.1 rtb.com.ru/umg-sync?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 83.222.114.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /umg-sync?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: rtb.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 20:35:43 GMT
Connection: keep-alive
cstatic.weborama.fr/iframe/sync.html?key=ids_sync&wamid=8496&src=wamf.wildcard.js&ref=weborama.utraff.com&d.r=1662237340419&
93.184.221.133200 OK 207 B URL HTTP/2 cstatic.weborama.fr/iframe/sync.html?key=ids_sync&wamid=8496&src=wamf.wildcard.js&ref=weborama.utraff.com&d.r=1662237340419&
IP 93.184.221.133:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash c8e79d25335a183c69da908cc58e2217
0ac1a86b2acd61b55c7513180df1b19bf29b2c7b
28555281af575492973ce1af5d5c2c315f4f99fe0c9ca372918ffd44f1938c56
GET /iframe/sync.html?key=ids_sync&wamid=8496&src=wamf.wildcard.js&ref=weborama.utraff.com&d.r=1662237340419& HTTP/1.1
Host: cstatic.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://weborama.utraff.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 298275
cache-control: max-age=604800
content-type: text/html
date: Sat, 03 Sep 2022 20:35:43 GMT
etag: "282943589"
expires: Sat, 10 Sep 2022 20:35:43 GMT
last-modified: Mon, 20 Sep 2021 08:52:49 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F75C)
vary: Accept-Encoding
x-cache: HIT
content-length: 207
X-Firefox-Spdy: h2
cstatic.weborama.fr/js/topics/topics.js
93.184.221.133200 OK 652 B URL HTTP/2 cstatic.weborama.fr/js/topics/topics.js
IP 93.184.221.133:0
Hash 6cb627c73761422244fefcdc2b6aa960
154eb7966217064c4fcd7c9abb4463fcaaf6ea48
f3e0062935c25e983649556485541ebd8067a05e6d4ecbf4e7054e17aaec4024
GET /js/topics/topics.js HTTP/1.1
Host: cstatic.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://weborama.utraff.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 448722
cache-control: max-age=604800
content-type: text/javascript
date: Sat, 03 Sep 2022 20:35:43 GMT
etag: "1437162110"
expires: Sat, 10 Sep 2022 20:35:43 GMT
last-modified: Mon, 22 Aug 2022 15:53:26 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F779)
vary: Accept-Encoding
x-cache: HIT
content-length: 652
X-Firefox-Spdy: h2
match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
217.65.2.150302 Found 0 B URL HTTP/1.1 match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
IP 217.65.2.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=yandex&pbf=1&gi=1 HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://lookmeet.tv
Access-Control-Allow-Credentials: true
Vary: Origin
Location: https://an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash e41eded2e933322f5843f7fc723cd62f
5f867593af7a70047e0bb9cbe8aeb3fdb82bd6bd
3c62271812d00b8881ab750d6daf616cb3d883cb859efb180d17c98ac919dd65
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 07 Sep 2022 18:13:43 GMT
ETag: "5f867593af7a70047e0bb9cbe8aeb3fdb82bd6bd"
Last-Modified: Sat, 03 Sep 2022 18:13:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 836
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745146026a71b4f7-OSL
cstatic.weborama.fr/iframe/external_libs.v2.js
93.184.221.133200 OK 3.1 kB URL HTTP/2 cstatic.weborama.fr/iframe/external_libs.v2.js
IP 93.184.221.133:0
File type ASCII text, with very long lines (8579), with no line terminators
Hash 7671f8fcc99aee9ca8ab26ca1e2fde9e
a4fe9860d1c1fe5f65f8de511754dc3570a90592
f05e772820ca83b004d5d5e21fda87b97cd68c847c62868fc9cf882203ee2d63
GET /iframe/external_libs.v2.js HTTP/1.1
Host: cstatic.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cstatic.weborama.fr/iframe/sync.html?key=ids_sync&wamid=8496&src=wamf.wildcard.js&ref=weborama.utraff.com&d.r=1662237340419&
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 473770
cache-control: max-age=604800
content-type: text/javascript
date: Sat, 03 Sep 2022 20:35:43 GMT
etag: "3142978827"
expires: Sat, 10 Sep 2022 20:35:43 GMT
last-modified: Mon, 20 Sep 2021 08:52:49 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F68B)
vary: Accept-Encoding
x-cache: HIT
content-length: 3062
X-Firefox-Spdy: h2
sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
136.243.48.22302 Found 0 B URL HTTP/2 sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
IP 136.243.48.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19 HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: session_tptc=1662237343027
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/avif
content-length: 0
location: https://437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iLCJodHRwczovL2xvb2ttZWV0LnR2LyJdfX0
set-cookie: user_id=437cf33f-d70c-40ce-b482-d9f01e8494af;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=437cf33f-d70c-40ce-b482-d9f01e8494af;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: https://lookmeet.tv
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d853ce34c66849c6987cb841a7f9010e
48496f623895d973932e08f77149932e88944f54
035f42c416ef9ab4518105dfcb5dbdb50fc6597047242d31e77081a68d714ba5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 12:21:00 GMT
Expires: Wed, 07 Sep 2022 12:20:59 GMT
Etag: "48496f623895d973932e08f77149932e88944f54"
Cache-Control: max-age=315315,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 745146017985b4f3-OSL
exchange.buzzoola.com/cookiesync/ssp/umg?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
144.76.118.200307 Temporary Redirect 122 B URL HTTP/2 exchange.buzzoola.com/cookiesync/ssp/umg?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 144.76.118.200:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 4379c92cc18907ce85aa6ac2fe7c5608
0e007ccfb4e6b2b59848e91624fe254a1319c6f9
dc8772e30eb2949a3e54bc0334fae1935aca43521b7216c27eb0feef9d998d06
GET /cookiesync/ssp/umg?uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: exchange.buzzoola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: text/html; charset=utf-8
content-length: 122
access-control-allow-credentials: true
access-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, If-None-Match
access-control-allow-origin: https://lookmeet.tv
access-control-expose-headers: Set-Cookie, Etag
etag: W/"a7652d6ae799817766b38854047b056db171e98554c8c49e18356b7f832b54cf"
location: /cookiesync/ssp/umg?set_buzzoola_cookie=t&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
set-cookie: uuid=1614c4ef-b351-45e9-7e86-e32b875051a2; Path=/; Domain=exchange.buzzoola.com; Expires=Mon, 03 Oct 2022 20:35:43 GMT; Max-Age=2592000; Secure; SameSite=None
serverid: TODO
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 6dd3aff700cd54b20e17ddee1154af3f
33f421f003b315d64cd5c6e45a14b99a2c752cca
abe8f100cb803404a6a49fc3bd41b8ebf3a161fee62dc29a008c29ccbebde233
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 03 Sep 2022 20:35:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 03 Sep 2022 03:17:23 GMT
Expires: Sun, 04 Sep 2022 03:17:23 GMT
ETag: "33f421f003b315d64cd5c6e45a14b99a2c752cca"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
8e1a3ef4-6c4d-44ff-80dd-f9226a89243e-umedia.ops.beeline.ru/p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
37.9.245.57301 Moved Permanently 0 B URL HTTP/2 8e1a3ef4-6c4d-44ff-80dd-f9226a89243e-umedia.ops.beeline.ru/p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 37.9.245.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: 8e1a3ef4-6c4d-44ff-80dd-f9226a89243e-umedia.ops.beeline.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-length: 0
location: https://sync.dmp.otm-r.com/match/beeline?r=https%3A%2F%2F%7Bpid_int%7D-otm.ops.beeline.ru%2Fp%3Fssp%3Dotm%26id%3D%7Bpid_int%7D%26mid%3Dbd714502-cc43-4b6a-8b86-e4016b39b41b
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: BeeAID=bd714502-cc43-4b6a-8b86-e4016b39b41b; expires=Fri, 25 Aug 2023 20:35:43 GMT; domain=ops.beeline.ru; path=/; secure; SameSite=None
access-control-allow-origin: *, https://lookmeet.tv
access-control-allow-credentials: true, true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
x-route: http://upstream_cookiesync
x-host: 192.168.152.32
X-Firefox-Spdy: h2
exchange.buzzoola.com/cookiesync/ssp/umg?set_buzzoola_cookie=t&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
144.76.118.200200 OK 43 B URL HTTP/2 exchange.buzzoola.com/cookiesync/ssp/umg?set_buzzoola_cookie=t&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 144.76.118.200:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /cookiesync/ssp/umg?set_buzzoola_cookie=t&uid=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: exchange.buzzoola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: uuid=1614c4ef-b351-45e9-7e86-e32b875051a2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/gif
content-length: 43
access-control-allow-credentials: true
access-control-allow-headers: Set-Cookie, X-Alt-Referer, X-First-Party-Cookie, If-None-Match
access-control-allow-origin: https://lookmeet.tv
access-control-expose-headers: Set-Cookie, Etag
serverid: TODO
X-Firefox-Spdy: h2
wf.frontend.weborama.fr/stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&
34.117.176.229302 Found 0 B URL HTTP/2 wf.frontend.weborama.fr/stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&
IP 34.117.176.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419& HTTP/1.1
Host: wf.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://weborama.utraff.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Weborama Collect Frontend
date: Sat, 03 Sep 2022 20:35:43 GMT
content-length: 0
location: https://wf.frontend.weborama.fr/stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&bounce=1&random=1327677845
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
set-cookie: AFFICHE_W=tSVkU0QCjBm183; expires=Sun, 01 Oct 2023 20:35:43 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
wf.frontend.weborama.fr/stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&bounce=1&random=1327677845
34.117.176.229204 No Content 0 B URL HTTP/2 wf.frontend.weborama.fr/stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&bounce=1&random=1327677845
IP 34.117.176.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stream/?wamid=8496&Wvar=%7B%22user_id%22%3A%22Xpr0Pbio1ylFkfE7SzMek0I8t1OpcdyYKkAo1tI5LsnDEJbsvmxsMepDzmIFkqTW4ZozTMcABuL9hhu859MmpA%22%2C%22wamid%22%3A%228496%22%2C%22typ%22%3A%221%22%2C%22url%22%3A%22https%253A%252F%252Fweborama.utraff.com%252F%22%2C%22ref%22%3A%22https%253A%252F%252Flookmeet.tv%252F%22%7D&d.r=1662237340419&bounce=1&random=1327677845 HTTP/1.1
Host: wf.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://weborama.utraff.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Weborama Collect Frontend
date: Sat, 03 Sep 2022 20:35:43 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
set-cookie: AFFICHE_W=; expires=Tue, 10 Nov 2009 23:00:00 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iLCJodHRwczovL2xvb2ttZWV0LnR2LyJdfX0
78.46.16.13302 Found 0 B URL HTTP/2 437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iLCJodHRwczovL2xvb2ttZWV0LnR2LyJdfX0
IP 78.46.16.13:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /image?source=union_media&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e&ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iLCJodHRwczovL2xvb2ttZWV0LnR2LyJdfX0 HTTP/1.1
Host: 437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: session_tptc=1662237343027; user_id=437cf33f-d70c-40ce-b482-d9f01e8494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/avif
content-length: 0
location: https://sync.upravel.com/google/sync
set-cookie: user_id=437cf33f-d70c-40ce-b482-d9f01e8494af;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=437cf33f-d70c-40ce-b482-d9f01e8494af;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: null
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 6dd3aff700cd54b20e17ddee1154af3f
33f421f003b315d64cd5c6e45a14b99a2c752cca
abe8f100cb803404a6a49fc3bd41b8ebf3a161fee62dc29a008c29ccbebde233
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 03 Sep 2022 20:35:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 03 Sep 2022 03:17:23 GMT
Expires: Sun, 04 Sep 2022 03:17:23 GMT
ETag: "33f421f003b315d64cd5c6e45a14b99a2c752cca"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
sync.upravel.com/google/sync
136.243.48.22302 Found 0 B URL HTTP/2 sync.upravel.com/google/sync
IP 136.243.48.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/sync HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: session_tptc=1662237343027; user_id=437cf33f-d70c-40ce-b482-d9f01e8494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 0
location: https://437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/google/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
set-cookie: user_id=437cf33f-d70c-40ce-b482-d9f01e8494af;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=437cf33f-d70c-40ce-b482-d9f01e8494af;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: null
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
X-Firefox-Spdy: h2
437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/google/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
78.46.16.13302 Found 0 B URL HTTP/2 437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com/google/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19
IP 78.46.16.13:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly9sb29rbWVldC50di8iXX19 HTTP/1.1
Host: 437cf33f-d70c-40ce-b482-d9f01e8494af.sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Cookie: session_tptc=1662237343027; user_id=437cf33f-d70c-40ce-b482-d9f01e8494af
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/png
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: user_id=437cf33f-d70c-40ce-b482-d9f01e8494af;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=437cf33f-d70c-40ce-b482-d9f01e8494af;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
location: https://cm.g.doubleclick.net/pixel?google_nid=mgcom&google_cm&google_hm=Q3zzP9cMQM60gtnwHoSUrw
access-control-allow-origin: null
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3f5b4e778429d4ba70b497cc9fbb1127
db17f774a14f160caa77eb0222152767a364bba7
64da763bf84ec2d6284a112f50392f15a8b11122f3875317c52bd6c5e8e8d894
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
35.190.24.218302 Found 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
IP 35.190.24.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Weborama Collect Frontend
date: Sat, 03 Sep 2022 20:35:43 GMT
content-length: 0
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1817506653
access-control-allow-origin: null
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
access-control-allow-credentials: true
set-cookie: AFFICHE_W=hXt@TfQavkeF10; expires=Sun, 01 Oct 2023 20:35:43 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=mgcom&google_cm&google_hm=Q3zzP9cMQM60gtnwHoSUrw
142.250.74.162302 Found 315 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=mgcom&google_cm&google_hm=Q3zzP9cMQM60gtnwHoSUrw
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6803049fba54cdc7f080664f2aace58a
ed49731249d04a03b37003cef21596e14eea0292
9ca583d424a82a2025d348fe0accc48161e3c97aab0605fcfda4f21d895fc893
GET /pixel?google_nid=mgcom&google_cm&google_hm=Q3zzP9cMQM60gtnwHoSUrw HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=mgcom&google_cm=&google_hm=Q3zzP9cMQM60gtnwHoSUrw&google_tc=
date: Sat, 03 Sep 2022 20:35:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 315
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 03-Sep-2022 20:50:43 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1817506653
35.190.24.218204 No Content 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1817506653
IP 35.190.24.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1817506653 HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Weborama Collect Frontend
date: Sat, 03 Sep 2022 20:35:43 GMT
access-control-allow-origin: null
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
access-control-allow-credentials: true
set-cookie: AFFICHE_W=; expires=Tue, 10 Nov 2009 23:00:00 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 573 B IP 142.250.74.3:0
Hash 3cb9188afaa44407d8880c22f24db198
f5e6b1f1db13479dda6d33d5ae0344be6f994ea1
c4777e03f0d47bdfe41608eae9fd67a0ad388fc44dc604b3cfd076eb66b24099
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 986f578c69a707821a08a7f33e675d60
ed89ec78cd1920384ac78df4c303c78d1cd56c77
8ee1df52f2509d3aa599725c4f2a5915a7a1dad09ba124eae0f947b87abc741f
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5530
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:35:43 GMT
Last-Modified: Sat, 03 Sep 2022 19:03:33 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash b3ea59a6c92f7e7cf418cc5343fd8f84
f0ada08c7a515c7448ab916a937a83bf4f89b1ec
770fb7450876b3f7ce686c166f5cd7813ec35b4898333a43f48ec1a9bd2563d1
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 07 Sep 2022 17:04:15 GMT
ETag: "f0ada08c7a515c7448ab916a937a83bf4f89b1ec"
Last-Modified: Sat, 03 Sep 2022 17:04:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2903
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74514606d949b4f7-OSL
sm.rtb.mts.ru/p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
217.66.147.161301 Moved Permanently 0 B URL HTTP/1.1 sm.rtb.mts.ru/p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 217.66.147.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=umedia&id=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: https://lookmeet.tv
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://sm.rtb.mts.ru/match/second?ssp=35&exu=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
Set-Cookie: dspid=89485eea-5c75-4516-8784-b78f8a8cc452; expires=Fri, 25 Aug 2023 20:35:43 GMT; domain=.mts.ru; path=/; secure; SameSite=None
an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
93.158.134.90302 Found 492 B URL HTTP/2 an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
IP 93.158.134.90:0
Hash 9dce22974b693ca4891300413f1c1642
bc406b79cbc6da77c9a8866e1167bfb3ecfea500
3adb1c835437465ebdb5c82a58609c42fb661f005e9727cb7c19438312794235
GET /mapuid/targetrtbis/?sign=4272434558 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
timing-allow-origin: *
location: https://an.yandex.ru/mapuid/targetrtbis/?redir-setuniq=1&sign=4272434558
date: Sat, 03 Sep 2022 20:35:43 GMT
set-cookie: yandexuid=1510460161662237343; domain=.yandex.ru; path=/; expires=Tue, 31-Aug-2032 20:35:43 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03 Sep 2022 20:35:43 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
px.adhigh.net/p/cm/umg
193.232.150.68302 Found 0 B IP 193.232.150.68:0
ASN #48061 Limited Liability Company GPM Digital Technologies
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/cm/umg HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-length: 0
x-backend-id: f12-ru
access-control-allow-origin: https://lookmeet.tv
access-control-allow-credentials: true
set-cookie: gi_u=7BYhQGgmoV9.AikABlGDBREArQ;Path=/;Domain=.adhigh.net;Expires=Sun, 03-Sep-2023 20:35:43 GMT;Secure;SameSite=None
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
location: https://px.adhigh.net/p/cm/umg?bounced=1
X-Firefox-Spdy: h2
sm.rtb.mts.ru/match/second?ssp=35&exu=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
217.66.147.161301 Moved Permanently 0 B URL HTTP/1.1 sm.rtb.mts.ru/match/second?ssp=35&exu=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e
IP 217.66.147.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/second?ssp=35&exu=8e1a3ef4-6c4d-44ff-80dd-f9226a89243e HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 20:35:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: https://lookmeet.tv
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://tech.rtb.mts.ru/
ads.betweendigital.com/match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}
188.42.191.196302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}
IP 188.42.191.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID} HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Connection: keep-alive
Referer: https://lookmeet.tv/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-origin: https://lookmeet.tv
access-control-allow-credentials: true
set-cookie: dc=lux1; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
tuuid=5a03a091-bce6-52f6-af27-4cf2cc34f66d; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
ut=YxO6nwAOmkhGR3vR2JpHBfIm4aKi_V_Ju9NRtA==; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}&crf=1
188.42.191.196200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}&crf=1
IP 188.42.191.196:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=35736&callback_url=https%3A%2F%2Fa.utraff.com%2Fsync%3Futctx%3DcgU_pjIORvTf0mLDomWSx-Yf_9F4HwoHAfhqJrTEVweE3yBF9lFdqjIlCsbvaqcf5iFSuioHt-SF8rAbsFQvqw%26buyerid%3D${USER_ID}&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-origin: https://lookmeet.tv
access-control-allow-credentials: true
set-cookie: dc=lux1; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
tuuid=6cfda66d-1a3a-52f6-9934-0890fa27b20f; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
ut=YxO6nwAPMqA4Y6cBW9-9_nh_l7aT2F2AfQGDww==; Max-Age=31536000; Expires=Sun, 03 Sep 2023 20:35:43 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
px.adhigh.net/p/cm/umg?bounced=1
193.232.150.68200 OK 49 B URL HTTP/2 px.adhigh.net/p/cm/umg?bounced=1
IP 193.232.150.68:0
ASN #48061 Limited Liability Company GPM Digital Technologies
File type GIF image data, version 89a, 1 x 1\012- data
Hash 889bc1fffc025af4685839fb516a0b8b
7f105137a4eafe93213ecd8cc34dd907c340467c
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
GET /p/cm/umg?bounced=1 HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lookmeet.tv
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:35:43 GMT
content-type: image/gif
content-length: 49
x-backend-id: f12-ru
access-control-allow-origin: https://lookmeet.tv
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
X-Firefox-Spdy: h2
tech.rtb.mts.ru/
213.87.44.187204 No Content 0 B IP 213.87.44.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tech.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.2
Date: Sat, 03 Sep 2022 20:35:44 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: mts_id=bd0e2cdc-21b1-478c-8352-fbc5e4fc473c; Domain=mts.ru; expires=Mon, 12 Jul 2032 20:35:44 GMT; SameSite=None; Secure
mts_id_last_sync=1662237344; Domain=mts.ru; expires=Mon, 12 Jul 2032 20:35:44 GMT; SameSite=None; Secure
Access-Control-Allow-Origin: null
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
lookmeet.tv/main/bundle.6fef8576.js
104.21.2.166200 OK 0 B URL HTTP/2 lookmeet.tv/main/bundle.6fef8576.js
IP 104.21.2.166:0
GET /main/bundle.6fef8576.js HTTP/1.1
Host: lookmeet.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lookmeet.tv/index.php?r=iframe/index&id=5763
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 13:27:08 GMT
etag: W/"62fe3e2c-5817f"
cf-cache-status: HIT
age: 6035
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNJBGJthizI50RSDmULzOsDvHb3a8L88aft6XNGitxDPP8SE2npHvDjTilBRoMmcOtPrnoScRHcLSnar3RW4SzDS5zS7J4LW3fe2Z9Il1GoIYPDFR6jtROum1XvgUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 745145eb9fe5b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lookmeet.tv/index.php?r=iframe/index&id=5763
104.21.2.166200 OK 0 B URL HTTP/2 lookmeet.tv/index.php?r=iframe/index&id=5763
IP 104.21.2.166:0
GET /index.php?r=iframe/index&id=5763 HTTP/1.1
Host: lookmeet.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am15.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: text/html
last-modified: Thu, 18 Aug 2022 13:27:08 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsOicNXTA6vW74sXPOwkmjOj64cyKZqAoJ6w3BRJS24Cpfe4noU5NA4Ta5LVZQFRAJ%2BnU5ockyyPIhaU0L7weEYFhwnTLMpozJb5GfYGziRFuD7SNCHNcUV1RUU%2BWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745145eb8fcfb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
an.yandex.ru/mapuid/kadamis/V6UbAblzZ7U8lumNo6B5?redir-setuniq=1
93.158.134.90200 OK 0 B URL HTTP/2 an.yandex.ru/mapuid/kadamis/V6UbAblzZ7U8lumNo6B5?redir-setuniq=1
IP 93.158.134.90:0
GET /mapuid/kadamis/V6UbAblzZ7U8lumNo6B5?redir-setuniq=1 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
timing-allow-origin: *
date: Sat, 03 Sep 2022 20:35:40 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03 Sep 2022 20:35:40 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Sat, 03 Sep 2022 20:35:40 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif; charset=utf-8
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
nintendo.moy.su/.s/src/uwnd.min.js
193.109.247.235200 OK 0 B URL HTTP/1.1 nintendo.moy.su/.s/src/uwnd.min.js
IP 193.109.247.235:0
ASN #204343 Compubyte Limited
Analyzer Verdict Alert fortinet Malware
GET /.s/src/uwnd.min.js HTTP/1.1
Host: nintendo.moy.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/load/adventure/legend_of_zelda_a_link_to_the_past_four_swords/111-1-0-6651
Cookie: 7nintendold=+xmkuhNj; 7nintendouzll=1662237348; 7nintendopushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 20:35:48 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Fri, 23 Sep 2022 20:35:48 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
fonts.googleapis.com/css2?family=Roboto&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto&display=swap
IP 142.250.74.10:0
GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 20:35:42 GMT
date: Sat, 03 Sep 2022 20:35:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
31.220.27.135200 OK 0 B URL HTTP/2 hdbcode.com/get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
GET /get_data?v=default&page=https%253A%252F%252Fucoz.ru%252F&domain=nintendo.moy.su&blockID=322613&width=566&height=170&windowWidth=1280&gdpr=0&gdprConsent=&limit=1&format=json&sspUid=f0304f86-6d81-4c06-a568-0c7963ece4e8 HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://nintendo.moy.su
Connection: keep-alive
Cookie: dmpUid=V6UbAblzZ7U8lumNo6B5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://nintendo.moy.su
content-encoding: gzip
X-Firefox-Spdy: h2
an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
93.158.134.90302 Found 0 B URL HTTP/2 an.yandex.ru/mapuid/targetrtbis/?sign=4272434558
IP 93.158.134.90:0
GET /mapuid/targetrtbis/?sign=4272434558 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://lookmeet.tv/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0
TE: trailers
HTTP/2 302 Found
timing-allow-origin: *
location: https://an.yandex.ru/mapuid/targetrtbis/?redir-setuniq=1&sign=4272434558
date: Sat, 03 Sep 2022 20:35:43 GMT
set-cookie: yandexuid=9999348771662237343; domain=.yandex.ru; path=/; expires=Tue, 31-Aug-2032 20:35:43 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03 Sep 2022 20:35:43 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Sat, 03 Sep 2022 20:35:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr
104.21.4.128200 OK 0 B URL HTTP/2 ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr
IP 104.21.4.128:0
GET /?ce=gi4tqn3fmu5ha3ddf4ztmmjr HTTP/1.1
Host: ct.mediaboom.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=b2e53a22-6ab4-4a8e-b50a-0170b07cd186; expires=Mon, 03-Oct-2022 20:35:39 GMT; Max-Age=2592000; path=/; SameSite=None; domain=ct.mediaboom.site; secure
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lfekY4GCOjlgTW7%2BYu65RNgmSSJvepbTP%2FJRfbxklHeHIv3nQqDZSqQrA4ENNNiXumHqwnlpbe6yV1cZEZT%2BmWcg6q1sl%2BcOgWefIBcPKj1V%2BcoRHnanIq4S1fsqu42w8q0sow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745145e8cbf6b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hdbcode.com/kkqahhd3.js
31.220.27.135200 OK 0 B IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
GET /kkqahhd3.js HTTP/1.1
Host: hdbcode.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:35:39 GMT
content-type: application/javascript
last-modified: Thu, 01 Sep 2022 15:56:41 GMT
vary: Accept-Encoding
etag: W/"6310d639-54f9"
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/73418029?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/73418029?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
GET /watch/73418029?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20(%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20)%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nintendo.moy.su
Connection: keep-alive
Referer: https://nintendo.moy.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/73418029/1?wmode=7&page-url=https%3A%2F%2Fnintendo.moy.su%2Fload%2Fadventure%2Flegend_of_zelda_a_link_to_the_past_four_swords%2F111-1-0-6651&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1077%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A779902989878%3Ahid%3A515330531%3Az%3A0%3Ai%3A20220903203538%3Aet%3A1662237338%3Ac%3A1%3Arn%3A974398774%3Arqn%3A1%3Au%3A1662237338780269482%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1662237334940%3Ads%3A0%2C94%2C151%2C1%2C249%2C0%2C%2C710%2C23%2C%2C%2C%2C1287%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1662237338%3At%3ALegend%20of%20Zelda%20-%20A%20Link%20to%20the%20Past%20%26%20Four%20Swords%20-%20Adventure%20-%20Game%20Boy%20Advance%2FGBA%20Roms%20%28%20%D1%80%D0%BE%D0%BC%D1%8B%2C%20%D0%B8%D0%B3%D1%80%D1%8B%20%29%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20-%20Nintendo%20-%20%D0%BF%D1%80%D0%B8%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B8%D0%B3%D1%80%D1%8B%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC%20%D1%8F%D0%B7%D1%8B%D0%BA%D0%B5%20%D1%82%D0%BE%D1%80%D1%80%D0%B5%D0%BD%D1%82%D0%BE%D0%BC&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 03 Sep 2022 20:35:41 GMT
access-control-allow-origin: https://nintendo.moy.su
set-cookie: yandexuid=6626066471662237341; Expires=Sun, 03-Sep-2023 20:35:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6626066471662237341; Expires=Sun, 03-Sep-2023 20:35:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2238264281662237341; Path=/; SameSite=None; Secure
i=E9JatBk4wtGAQdRm+UollHv+FIwV7C+myXzeey9vw1TZxFU0ANMJ2W/PG9xuADBraa9qUrsxR6CfN56rICzeUKy6n3E=; Expires=Tue, 31-Aug-2032 20:35:40 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1693773341.yrts.1662237341#1693773341.yrtsi.1662237341; Expires=Sun, 03-Sep-2023 20:35:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 03-Sep-2022 20:35:41 GMT
last-modified: Sat, 03-Sep-2022 20:35:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2