Overview

URL rkiz.ru/
IP45.130.41.35
ASNBeget LLC
Location Russia
Report completed2022-09-22 04:23:35 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-22 2 rkiz.ru/ Malware
2022-09-22 2 rkiz.ru/ Malware
2022-09-22 2 investstable.ru/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons.css?v (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 Malware
2022-09-22 2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/ (...) Malware
2022-09-22 2 investstable.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/custom.js Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-social-likes/css/social-likes_classic (...) Malware
2022-09-22 2 investstable.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-social-likes/js/social-likes.min.js?v (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/fo (...) Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar. (...) Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js Malware
2022-09-22 2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons_class (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend.min.css?ve (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/rate-my-post/public/js/rate-my-post.js?v (...) Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/ResizeSensor.min.js Malware
2022-09-22 2 investstable.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?v (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend-legacy.min (...) Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js Malware
2022-09-22 2 investstable.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 Malware
2022-09-22 2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/css/ (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/js/m (...) Malware
2022-09-22 2 investstable.ru/wp-content/themes/elegantwp/assets/js/navigation.js Malware
2022-09-22 2 investstable.ru/wp-content/plugins/rate-my-post/public/css/rate-my-post.css (...) Malware
2022-09-22 2 investstable.ru/ Malware
2022-09-22 2 investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/asse (...) Malware
2022-09-22 2 investstable.ru/wp-content/plugins/google-analytics-for-wordpress/assets/js (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (80)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ads.adlook.me (1) 43352 2018-11-28 12:50:19 UTC 2022-09-21 22:00:10 UTC 5.200.43.131
mnemonic passive DNS match.new-programmatic.com (1) 33613 2020-02-18 20:50:06 UTC 2022-09-21 22:00:10 UTC 217.65.2.150
mnemonic passive DNS googleads.g.doubleclick.net (1) 42 2021-02-20 15:43:32 UTC 2022-09-21 23:50:47 UTC 142.250.74.130
mnemonic passive DNS b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com (1) 0 No data No data 176.9.8.252 Domain (upravel.com) ranked at: 27764
mnemonic passive DNS tech.rtb.mts.ru (1) 27360 2017-04-17 12:41:30 UTC 2022-09-21 22:00:11 UTC 213.87.44.187
mnemonic passive DNS r3.o.lencr.org (25) 344 2020-12-02 08:52:13 UTC 2022-09-21 04:18:22 UTC 23.36.77.32
mnemonic passive DNS dm-eu.hybrid.ai (1) 28847 2021-01-25 11:48:59 UTC 2022-09-21 23:08:21 UTC 37.18.103.21
mnemonic passive DNS dmp.gotechnology.io (1) 48839 2019-06-17 16:08:58 UTC 2022-09-21 22:00:10 UTC 142.132.209.138
mnemonic passive DNS ocsp.godaddy.com (2) 698 2012-05-20 19:28:57 UTC 2022-09-21 04:19:35 UTC 192.124.249.24
mnemonic passive DNS dmg.digitaltarget.ru (4) 21471 2015-04-23 14:50:51 UTC 2022-09-22 03:04:52 UTC 185.15.175.147
mnemonic passive DNS ssp-rtb.sape.ru (1) 31166 2016-02-02 17:01:03 UTC 2022-09-21 22:00:10 UTC 193.3.184.134
mnemonic passive DNS 1a7d0cb93de32b63b6001832028f2f0c-sp.ops.beeline.ru (1) 0 No data No data 37.9.245.57 Domain (beeline.ru) ranked at: 20964
mnemonic passive DNS sync.adkernel.com (1) 4993 2017-04-19 09:25:22 UTC 2022-09-22 00:19:23 UTC 77.245.57.72
mnemonic passive DNS exchange.buzzoola.com (1) 18389 2014-10-17 15:20:27 UTC 2022-09-22 01:35:09 UTC 138.201.34.239
mnemonic passive DNS ssp.adriver.ru (2) 12439 2014-01-10 13:39:33 UTC 2022-09-21 23:08:21 UTC 195.209.111.4
mnemonic passive DNS ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2022-09-21 04:23:05 UTC 172.64.155.188
mnemonic passive DNS ssp.bidvol.com (1) 31817 2020-02-22 12:37:29 UTC 2022-09-21 22:00:10 UTC 65.108.1.47
mnemonic passive DNS ocsp.sectigo.com (6) 487 2018-12-17 11:31:55 UTC 2022-09-22 02:01:10 UTC 104.18.32.68
mnemonic passive DNS ad.adriver.ru (2) 19548 2012-08-31 17:10:27 UTC 2022-09-21 23:08:19 UTC 195.209.108.50
mnemonic passive DNS www.web-ip.ru (1) 0 2012-07-27 17:57:56 UTC 2022-09-21 09:33:30 UTC 185.12.92.39 Domain (web-ip.ru) ranked at: 59797
mnemonic passive DNS kraken.rambler.ru (3) 22756 2016-07-11 17:32:30 UTC 2022-09-21 15:42:49 UTC 81.19.89.18
mnemonic passive DNS a.utraff.com (1) 39874 2020-01-25 04:23:15 UTC 2022-09-21 22:00:10 UTC 172.67.217.151
mnemonic passive DNS ut.rktch.com (1) 41215 2018-06-04 10:29:18 UTC 2022-09-21 22:00:10 UTC 89.108.97.2
mnemonic passive DNS s.uuidksinc.net (1) 3423 2015-07-20 12:00:35 UTC 2022-09-21 22:00:10 UTC 31.220.27.134
mnemonic passive DNS ad.mail.ru (1) 7643 2012-06-22 19:38:09 UTC 2022-09-21 13:05:43 UTC 95.163.41.56
mnemonic passive DNS mc.yandex.ru (8) 2672 2017-01-29 05:34:36 UTC 2022-09-21 18:55:26 UTC 93.158.134.119
mnemonic passive DNS ads.betweendigital.com (6) 1571 2012-10-30 05:08:04 UTC 2022-09-21 15:36:36 UTC 188.42.191.196
mnemonic passive DNS x01.aidata.io (2) 12188 2016-03-31 15:36:46 UTC 2022-09-21 22:00:10 UTC 89.108.119.28
mnemonic passive DNS rc.revolvermaps.com (3) 893374 2017-01-31 14:18:34 UTC 2022-09-21 09:33:30 UTC 185.44.104.99
mnemonic passive DNS cp.beget.com (1) 150465 2016-03-24 06:31:11 UTC 2022-09-22 00:23:40 UTC 193.168.47.247
mnemonic passive DNS counter.yadro.ru (1) 7275 2014-09-09 18:41:17 UTC 2022-09-21 05:57:56 UTC 88.212.201.198
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-09-21 23:06:53 UTC 142.250.74.34
mnemonic passive DNS sync.1dmp.io (2) 10017 2016-02-09 11:52:58 UTC 2022-09-22 04:19:37 UTC 78.46.100.125
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-21 04:18:29 UTC 142.250.74.72
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-21 16:16:45 UTC 142.250.74.174
mnemonic passive DNS glopart.ru (2) 65819 2012-10-17 12:06:53 UTC 2022-09-21 23:24:17 UTC 51.250.65.231
mnemonic passive DNS informer.yandex.ru (1) 54908 2015-07-19 08:35:06 UTC 2022-09-21 21:01:56 UTC 87.250.250.119
mnemonic passive DNS s.w.org (1) 748 2017-01-30 04:56:16 UTC 2022-09-21 04:39:03 UTC 192.0.77.48
mnemonic passive DNS investstable.ru (52) 0 2015-02-17 11:08:51 UTC 2022-09-21 09:33:51 UTC 45.130.41.35 Unknown ranking
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-21 04:18:17 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS status.thawte.com (1) 5123 2017-11-27 12:33:51 UTC 2022-09-21 05:07:24 UTC 93.184.220.29
mnemonic passive DNS ocsp.globalsign.com (7) 2075 2012-05-25 06:20:55 UTC 2022-09-21 04:23:28 UTC 104.18.20.226
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-21 04:18:14 UTC 157.240.200.14
mnemonic passive DNS mediatoday.ru (1) 136083 2013-05-20 20:53:32 UTC 2022-09-21 22:00:28 UTC 139.45.228.111
mnemonic passive DNS adservice.google.com (1) 76 2021-02-20 16:10:48 UTC 2022-09-21 22:19:42 UTC 142.250.74.2
mnemonic passive DNS fcgi4.gnezdo.ru (1) 69027 2020-06-11 12:55:54 UTC 2022-09-21 22:00:10 UTC 93.95.102.105
mnemonic passive DNS www.acint.net (12) 29072 2014-02-14 21:23:16 UTC 2022-09-21 22:00:09 UTC 185.12.125.25
mnemonic passive DNS freecurrencyrates.com (9) 200816 2015-06-09 01:36:09 UTC 2022-09-21 09:33:51 UTC 74.119.195.177
mnemonic passive DNS sape-sync.rutarget.ru (1) 173587 2018-08-07 14:11:47 UTC 2022-09-21 22:00:10 UTC 178.170.196.247
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-22 04:08:59 UTC 143.204.55.110
mnemonic passive DNS ocsp2.globalsign.com (2) 1544 2012-05-21 07:12:19 UTC 2022-09-21 04:56:28 UTC 104.18.20.226
mnemonic passive DNS tag.digitaltarget.ru (2) 98193 2015-07-21 14:24:58 UTC 2022-09-21 22:00:10 UTC 185.15.175.174
mnemonic passive DNS ws.alpari.forex (1) 0 2019-11-12 13:34:55 UTC 2022-09-21 09:33:30 UTC 172.67.180.124 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-21 04:20:37 UTC 54.149.28.179
mnemonic passive DNS status.geotrust.com (2) 3662 2017-12-01 08:55:31 UTC 2022-09-21 04:28:33 UTC 93.184.220.29
mnemonic passive DNS ssp.bestssp.com (1) 90974 2017-06-10 08:55:20 UTC 2022-09-21 23:08:21 UTC 185.147.80.35
mnemonic passive DNS adlmerge.com (1) 146521 2017-04-06 07:10:27 UTC 2022-09-21 22:00:28 UTC 95.211.66.35
mnemonic passive DNS redirect.frontend.weborama.fr (2) 8348 2017-05-04 15:00:27 UTC 2022-09-22 04:19:37 UTC 35.190.24.218
mnemonic passive DNS px.adhigh.net (2) 10272 2013-01-03 21:02:08 UTC 2022-09-21 23:00:24 UTC 193.232.150.148
mnemonic passive DNS rkiz.ru (2) 0 2019-10-05 16:23:52 UTC 2022-09-21 19:49:36 UTC 45.130.41.35 Unknown ranking
mnemonic passive DNS proxy6.net (1) 59269 2016-08-05 10:52:53 UTC 2022-09-21 09:33:51 UTC 185.178.208.139
mnemonic passive DNS top-fwz1.mail.ru (5) 8936 2013-05-12 17:16:07 UTC 2022-09-22 01:00:36 UTC 95.163.52.67
mnemonic passive DNS nr.bidderstack.com (1) 352019 2019-02-11 14:43:50 UTC 2022-09-21 22:00:10 UTC 46.4.70.80
mnemonic passive DNS cs.agency2.ru (1) 0 2022-04-29 14:24:02 UTC 2022-09-21 22:00:10 UTC 23.111.107.44 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-21 14:38:57 UTC 34.120.237.76
mnemonic passive DNS an.yandex.ru (2) 2577 2017-01-30 05:11:51 UTC 2022-09-22 03:12:18 UTC 213.180.193.90
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-21 19:08:12 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-21 04:20:37 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (15) 175 2017-06-14 07:23:31 UTC 2022-09-22 04:10:57 UTC 142.250.74.3
mnemonic passive DNS sync.republer.com (1) 45392 2015-04-29 11:49:27 UTC 2022-09-21 22:00:10 UTC 23.88.82.46
mnemonic passive DNS stat.adlabs.ru (1) 200922 2012-07-23 15:58:30 UTC 2022-09-21 22:00:10 UTC 109.248.237.36
mnemonic passive DNS ocsp.digicert.com (6) 86 2012-05-21 07:02:23 UTC 2022-09-22 04:12:14 UTC 93.184.220.29
mnemonic passive DNS adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-09-21 04:19:09 UTC 142.250.74.66
mnemonic passive DNS sm.rtb.mts.ru (2) 27154 2019-03-26 14:10:01 UTC 2022-09-21 22:00:10 UTC 217.66.147.33
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-21 22:16:00 UTC 216.58.211.10
mnemonic passive DNS acint.net (2) 22962 2014-02-14 21:23:16 UTC 2022-09-21 22:00:28 UTC 185.12.125.25
mnemonic passive DNS sync.dmp.otm-r.com (1) 19534 2017-02-03 07:19:51 UTC 2022-09-21 23:08:18 UTC 195.201.8.30
mnemonic passive DNS sync.upravel.com (2) 28097 2017-05-29 09:13:46 UTC 2022-09-22 03:09:38 UTC 148.251.236.118
mnemonic passive DNS sync.bumlam.com (2) 3243 2015-08-10 21:04:25 UTC 2022-09-22 04:00:45 UTC 31.172.81.160
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-21 04:11:59 UTC 157.240.200.35


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.130.41.35

Date UQ / IDS / BL URL IP
2022-10-08 18:18:08 +0000
0 - 0 - 11 www.vikupkvart.ru/ 45.130.41.35
2022-10-07 11:05:25 +0000
0 - 0 - 2 www.dolservis.store/ 45.130.41.35
2022-10-06 00:11:35 +0000
0 - 0 - 26 www.engineers01.ru/ 45.130.41.35
2022-09-22 04:23:35 +0000
0 - 0 - 32 rkiz.ru/ 45.130.41.35
2022-09-21 09:33:40 +0000
0 - 0 - 31 rkiz.ru/ 45.130.41.35

Last 5 reports on ASN: Beget LLC

Date UQ / IDS / BL URL IP
2022-11-30 03:46:14 +0000
0 - 0 - 31 expresselectro.ru/uslugi-inzheneriya/slabotoc (...) 5.101.153.188
2022-11-30 02:48:45 +0000
0 - 0 - 30 expresselectro.ru/uslugi-inzheneriya/elektric (...) 5.101.153.188
2022-11-30 02:20:14 +0000
0 - 0 - 1 black-base.ru/1ca9a6e53cecbcd0a154811be8e5a39 (...) 87.236.16.213
2022-11-30 01:30:23 +0000
0 - 0 - 1 a918639t.beget.tech/ 185.50.25.50
2022-11-30 01:30:19 +0000
0 - 0 - 1 a918639t.beget.tech/ 185.50.25.50

Last 2 reports on domain: rkiz.ru

Date UQ / IDS / BL URL IP
2022-09-22 04:23:35 +0000
0 - 0 - 32 rkiz.ru/ 45.130.41.35
2022-09-21 09:33:40 +0000
0 - 0 - 31 rkiz.ru/ 45.130.41.35

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-21 09:33:40 +0000
0 - 0 - 31 rkiz.ru/ 45.130.41.35


JavaScript

Executed Scripts (62)


Executed Evals (1)

#1 JavaScript::Eval (size: 31, repeated: 1) - SHA256: 6e4c074bba968f3a2899edcbccf9e893ebdad7a5a533463e4d9630f28f3baed1

                                        (a = 0) => {
    let b;
    const c = class {};
}
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 726, repeated: 1) - SHA256: 1f36217ce709cf7ddf3774f25f37e017c3cb9256a87bb9fce2747a8c778796ef

                                        < a href = '//www.liveinternet.ru/click'
target = _blank > < img src = '//counter.yadro.ru/hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.3680274001724315'
alt = ''
title = 'LiveInternet: ?>:070=> G8A;> ?@>A<>B@>2 70 24 G0A0, ?>A5B8B5;59 70 24 G0A0 8 70 A53>4=O'
border = '0'
width = '88'
height = '31' > < /a>
                                    

#2 JavaScript::Write (size: 65, repeated: 1) - SHA256: 4d568d638caa54f96a0f3219cb5a8926a47b1d4ea7833b96ad6a19345a894736

                                        < div id = "glopart-adunit-17775"
data - glopart - adunit = "17775" > < /div>
                                    


HTTP Transactions (250)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: rkiz.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.130.41.35
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:23 GMT
Content-Length: 295
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://rkiz.ru/
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 05:23:23 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   295
Md5:    f1de6dd79e12a0f236b14f8018478b0d
Sha1:   0c3ad0178736ca21c168bce8a7497436cadedfd0
Sha256: 30b3ec617a92aaf8821ae4f1b39d54ab05afb1b6cb5bfbfb3277e1baf3f8fe7f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 04:13:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IUxIPf20MNy2yDpDQ201RbuWUZ9EoOXdMEeYSw-MNS6Tz60633ZwQA==
Age: 567


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    804f8bbb7f556d51a5f52d5ebd5b6eef
Sha1:   922cd7e06df278615a04abb81d811d14596c8180
Sha256: ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2677
Expires: Thu, 22 Sep 2022 05:08:00 GMT
Date: Thu, 22 Sep 2022 04:23:23 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VgEtaYX77GfZm-GZ0ThgOobpv63SSuQKVess54lvGPNjr8SID6UdAg==
age: 85690
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:23 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21804161E7FD5975BF665DB807D39466C91AD92D3028327029D6219DE9E4DC8D"
Last-Modified: Thu, 22 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Thu, 22 Sep 2022 10:22:52 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 04:03:23 GMT
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 04:54:52 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PT_09t1uA_uoxbzKrf7YkVRwjqXUhS_X3TZsWROSvBCq_7ag0w259Q==
Age: 1202


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET / HTTP/1.1 
Host: rkiz.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.130.41.35
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 0
vary: X-Forwarded-Proto,Accept-Encoding
x-powered-by: PHP/7.3.31
x-redirect-by: WordPress
location: https://investstable.ru/
cache-control: max-age=3600
expires: Thu, 22 Sep 2022 05:23:24 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5160
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:24 GMT
Last-Modified: Thu, 22 Sep 2022 02:57:24 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6A644FA058890A19071C6CF17848AACC8C2DB7E7C22E805F91BF9B40ADFD4C3E"
Last-Modified: Wed, 21 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 22 Sep 2022 10:23:24 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tbhnmVlIhsz82uP3ZcQWdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.28.179
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZMv1blO4ECVTSNkIyIqL8/90ToM=

                                        
                                            GET /wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 4824
last-modified: Sat, 03 Sep 2022 08:53:46 GMT
etag: "6313161a-12d8"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ratemypost \012- data
Size:   4824
Md5:    5772d7b0d9851e23e062eafadaf7729f
Sha1:   c774ae6a5da5dd14342db3281735dc2812da1d3d
Sha256: 40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=UA-150971850-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 Sep 2022 04:23:24 GMT
expires: Thu, 22 Sep 2022 04:23:24 GMT
cache-control: private, max-age=900
last-modified: Thu, 22 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42209
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   42209
Md5:    0a7a3f4a6157c1f7b9b4f4ea7f883699
Sha1:   2be7cf1d6b733cbddfa261025b3b9c7a69d83150
Sha256: d791561d2eeb561644c631498ec0cd7160cf3cb9fc8665f111c8b5124f8443c1
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BB3D92000B07CCF43BF2DE131A37712A6D12EC4A22266505D6A3E9C50D25F2C5"
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16690
Expires: Thu, 22 Sep 2022 09:01:34 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2022/09/vk_dm-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 39518
last-modified: Sat, 03 Sep 2022 09:22:48 GMT
etag: "63131ce8-9a5e"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   39518
Md5:    5dc73406aae193005e9cf3a7c204d3b1
Sha1:   87cca995b9d938e450bfb3d0ff54ac039f7e2b52
Sha256: 24b9e3b9009e663dabb5cdc28d3da5a218a01ef3e7f32261a2834234f1562fbf
                                        
                                            GET /wp-content/uploads/2020/05/banner-1-728x90-1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 59669
last-modified: Tue, 12 May 2020 09:00:10 GMT
etag: "5eba659a-e915"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 728x90, components 3\012- data
Size:   59669
Md5:    164506b5e3543299d93d1817b850d98c
Sha1:   b4a644d177c37bf75f56c09208aadc92b522e8cd
Sha256: 2df22e26878a25ee43d3ec4093ef68515ea2561fd7430f071b03754c12e0db4e
                                        
                                            GET /wp-content/uploads/2020/05/a-markets.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 26988
last-modified: Mon, 25 May 2020 15:27:50 GMT
etag: "5ecbe3f6-696c"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   26988
Md5:    756a565565df6e0f2cec2c9b4b76e296
Sha1:   387773b21ffcab31cb1d89e7f96d0d6b547506ba
Sha256: 09caa68834995289b636e847fceb545272b5a5350333b2e720093cb400d6aaba
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C7C343B86640657ED68C70CA0C9FE150B8F8C9ED8CB32428D52FD161FC6F2477"
Last-Modified: Wed, 21 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5644
Expires: Thu, 22 Sep 2022 05:57:29 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2020/05/250x250-pamm.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 50534
last-modified: Mon, 25 May 2020 16:02:52 GMT
etag: "5ecbec2c-c566"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 250 x 250\012- data
Size:   50534
Md5:    cd3b0f639f22b2f35bd583ac16571cdb
Sha1:   a9ce0bc972d8963f8a88ae83a38c379e0a07a5ee
Sha256: 73de70b14b33570c9783b994522506583c50840edf538a76094151877e433df1
                                        
                                            GET /wp-content/uploads/2020/05/ndb_1500_250x250_ru.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 48403
last-modified: Mon, 25 May 2020 16:01:08 GMT
etag: "5ecbebc4-bd13"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   48403
Md5:    14b49bbf12791190c668c54e5c867feb
Sha1:   52d144e242b973942da49d1f8500cac301ac6f1c
Sha256: 79b20d7cf1871bfed16ef693560ba0d8c29b93980c25be6e2e4ead025d85bfaa
                                        
                                            GET /wp-content/uploads/2020/12/viboom.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 46261
last-modified: Tue, 15 Dec 2020 08:18:05 GMT
etag: "5fd8713d-b4b5"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 225\012- data
Size:   46261
Md5:    6da112ed7073c836748ec4198f5bb858
Sha1:   4908acad4b3151a2042719d59a0524f9c3766ad6
Sha256: df0a9e760593a0d61e1e8d5cc12a435be6153d0ccad00790854c55b86e4289fb
                                        
                                            GET /wp-content/uploads/2020/10/1b60f5f5164148019a12f2f47c7b28b1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 51586
last-modified: Sun, 18 Oct 2020 12:36:20 GMT
etag: "5f8c36c4-c982"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   51586
Md5:    8863ca88093cdcc7381f2c0e3ee55ff0
Sha1:   e1a2a3aee11ace0d95b1d584a292379326ebc7bd
Sha256: da63cc478ddb4c84036814cefd918f548f5d29f1c8dcff64aedb10b1a43c9a3b
                                        
                                            GET /wp-content/uploads/2020/05/banner-6-240x400-1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-length: 82546
last-modified: Tue, 12 May 2020 09:05:43 GMT
etag: "5eba66e7-14272"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x400, components 3\012- data
Size:   82546
Md5:    51a4c1b3683215db55b49b09fb070068
Sha1:   b910ddaa2402e7442d1a40383ac7b69727c83047
Sha256: ff68e86ea261a9a70a60a7b7f4f605d020701449d50a899702db69d5269a2169
                                        
                                            GET /wp-content/uploads/2019/08/6912627ce8ddb69676858d981b62973d.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:24 GMT
Content-Length: 33460
Last-Modified: Fri, 01 May 2020 14:11:51 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5eac2e27-82b4"
Expires: Sat, 22 Oct 2022 04:23:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x600, components 3\012- data
Size:   33460
Md5:    d622aded8f2ecc17082f2a48cfe6b57c
Sha1:   c940eb282e634fef78a2a65167d4c457e27065d3
Sha256: 51c0031ad4194403f9dc6f6648d37e0467b69e7c1f2c2570079581e2094cbb1d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-social-likes/css/custom-buttons.css?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-1dbd"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5191
Md5:    2af5940958d7381ab3bc08138f49f5c1
Sha1:   6ac626bfc6429081ac4ca1767f5d90bdd9688a02
Sha256: 0621a91b10af42386887ad7c00ce9bfc439fd0debb348ce2c73f132ba02bce01

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /static/img/b/7.28x90.png HTTP/1.1 
Host: proxy6.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.178.208.139
HTTP/2 200 OK
content-type: image/png
                                        
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ti5npL2TK8nn6rpjPnb1; Domain=.proxy6.net; HttpOnly; Path=/; Expires=Fri, 22-Sep-2023 04:23:25 GMT
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 22901
last-modified: Fri, 14 Apr 2017 17:35:01 GMT
etag: "58f10845-5975"
expires: Thu, 22 Sep 2022 09:33:30 GMT
cache-control: max-age=86400
accept-ranges: bytes
age: 67795
ddg-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Size:   22901
Md5:    535a8e53835eabedf0f9436dc0a01c4f
Sha1:   96faf73445971f7f81e6b23416ae7fe76c287847
Sha256: 1b4b102a9932253604ff516491a2d43fa9f17534213cc76894c4f482b4ba7eed
                                        
                                            GET /0/0/6.js?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Last-Modified: Fri, 23 Jun 2017 15:59:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Content-Length: 975
Keep-Alive: timeout=4, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1829), with no line terminators
Size:   975
Md5:    6f2cff312815e129e65971e1f7aa0b6c
Sha1:   f07651ab0ae9b95ef1007782e8d1bbf0fae53f66
Sha256: 26a7a91762ec29a98d90e879584a0218e49e6733c98504d5c15d156f39d72446
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C09A3FA0E696DC69870866FDAD3789D5833C81C94ED2A1C8B667E980850F19C3"
Last-Modified: Wed, 21 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8070
Expires: Thu, 22 Sep 2022 06:37:55 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2019/09/etxt-top.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Length: 25516
Last-Modified: Fri, 27 Sep 2019 19:03:04 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5d8e5ce8-63ac"
Expires: Sat, 22 Oct 2022 04:23:25 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 240 x 400, 8-bit colormap, non-interlaced\012- data
Size:   25516
Md5:    cb8cfd79a3d7e07dba22b9c5fe4f3d96
Sha1:   078c915b31f98b58f033506c0b84091dfe72274f
Sha256: 6c818e114473a3bf43c626772ebc5d4fb573e8c4043167c0d03b77e29548c3da
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Fri, 02 Sep 2022 05:07:05 GMT
vary: Accept-Encoding
etag: W/"63118f79-2fb3"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   105678
Md5:    a446c8c2286e6b26934382b6abe7f1a4
Sha1:   a737c346179c0f09541a5cc4a331b13ab334a2f2
Sha256: ab806b516e3b0f2a7d54e082727a8bb35643d495738a28963f9cae8d58441b66

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 77160
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
etag: "632880bf-12d68"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Sat, 31 Jul 2021 16:31:34 GMT
vary: Accept-Encoding
etag: W/"61057ae6-15db1"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   31425
Md5:    142904507a9348288d2d5a5cde218014
Sha1:   45db2c602bff1c3e7c8bd71857767f95bfd0e4a9
Sha256: 54e673d35b3102192d8dd277067627365f14140f3ad1d6cc9361e25c23703c06

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2014/08/tinkoffkredkart.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Length: 129292
Last-Modified: Mon, 20 Mar 2017 18:39:50 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "58d021f6-1f90c"
Expires: Sat, 22 Oct 2022 04:23:25 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 240 x 400\012- data
Size:   129292
Md5:    0fa05fbdc4547a05ce7ca2812aaf1813
Sha1:   8eedb0688f90845d21205cc7839a3aaf0b0967f7
Sha256: 3b31ece620ceac4155c47e03e3e01c4d775c96e2a64b2b4155d66b838010e053
                                        
                                            GET /images/200-300.gif HTTP/1.1 
Host: www.web-ip.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         185.12.92.39
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.16.1
Date: Thu, 22 Sep 2022 04:23:24 GMT
Content-Length: 399657
Last-Modified: Tue, 16 Oct 2018 18:33:51 GMT
Connection: close
ETag: "5bc62f0f-61929"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 200 x 300\012- data
Size:   399657
Md5:    3106053a699c9ac521a5b73ab06a017a
Sha1:   12bf12c0fca502f94a33cf50b026854c977dbdad
Sha256: e32c410d8e8353778912a3338dcf8b5c2535c55c31988def5a202d01b9f68b7b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5916
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 02:44:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 31 May 2021 18:47:51 GMT
vary: Accept-Encoding
etag: W/"60b52f57-176"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   711
Md5:    36a069bcad1c488c09ca8674bb43213e
Sha1:   8ec5c49b2070c89ad9197bb093f272ec1717133e
Sha256: c5b3e01c0391f4146d68a53da545c8a11d9e7e00f2b7a442838cc9f79b74302b

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/elegantwp/assets/js/custom.js HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-11fe"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1554
Md5:    98cbe118a07cc68913eb411ae499d181
Sha1:   e0933357c9b8b7e1cfe1653ea107b31f4cd84a1c
Sha256: b3feacee00a2b459e5d968084dba7203adf40eef2f7b60f414cd258ca4d1c9bb

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /s/domine/v19/L0x8DFMnlVwD4h3hu_qn.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27624
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 22:03:28 GMT
expires: Sat, 16 Sep 2023 22:03:28 GMT
cache-control: public, max-age=31536000
age: 454797
last-modified: Mon, 11 Jul 2022 19:06:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 27624, version 1.0\012- data
Size:   27624
Md5:    1f72af2c5d07489f5ac244943db9d7eb
Sha1:   49aa6096e9b9b9d4949a79794a72cb31b744d0de
Sha256: 02fbcf6cd136ae3bfc98aecbbc0f0b1f348c05d96390d63a89cdc323a6dda70c
                                        
                                            GET /wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Sat, 28 Oct 2017 03:27:10 GMT
vary: Accept-Encoding
etag: W/"59f3f90e-46f"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   11293
Md5:    a4ea945c835124e715d67ac3355ed217
Sha1:   63b9ed5dc9a017065de43a12ac722d53c14240d2
Sha256: 5de51efd9ad0db144cbbaf2b520afc3eadbaf89fcde944b5efbdf8ee91be5804

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "129B206FB2FB9BF6FD161FDFA28B0551FA0E2D1E8365CB079B521AB7D93AC196"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11061
Expires: Thu, 22 Sep 2022 07:27:46 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/plugins/wp-social-likes/css/social-likes_classic.css?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-38b9"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6605
Md5:    03b5c68c55f395ac3f17d8e747e85608
Sha1:   26acc347350f73bc6ae3d441c249f4c2f54b4664
Sha256: 384ce638fa96f4cabc89d46f77a21d2b22e1067de90091233496bcc1c7d9a9a4

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Fri, 02 Sep 2022 05:07:19 GMT
vary: Accept-Encoding
etag: W/"63118f87-1f50"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   20740
Md5:    4f179db97b8758f939d83616ae022bce
Sha1:   36d2de77b05dd786cd71ab353aa73e32ca601226
Sha256: 8f842ab45e0edb4f2203b3ee19e08f1bc987247fb211cbd0bea9976377e342db
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Wed, 25 May 2022 15:16:06 GMT
vary: Accept-Encoding
etag: W/"628e4836-48b9"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   12820
Md5:    c463ce7d08a5054d2fb613e0bf728b8b
Sha1:   f85b1655f2452af7ec98e4b9cb91327a06c74650
Sha256: 5ee2e46027c49736f593a3a5c42e5e1964247d7e8a6d6e9c7a98d5d99329fe45

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/advanced-responsive-video-embedder/build/main.js?ver=54d2e76056851d3b806e HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Fri, 02 Sep 2022 05:07:02 GMT
vary: Accept-Encoding
etag: W/"63118f76-413"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/uploads/2022/08/vk_fra-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 26973
last-modified: Fri, 05 Aug 2022 16:46:24 GMT
etag: "62ed4960-695d"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   26973
Md5:    7a59ac2b35bba946e86997dd5248e0e0
Sha1:   792e85f57b6c46bff81789a8dee4635575e16707
Sha256: 510c549bdc189926dc97923d7dfad2dda9911ff6f9b119bb87100d7f84f32ad4
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /aci.js HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 7461
last-modified: Mon, 16 May 2022 07:14:50 GMT
etag: "6281f9ea-1d25"
content-encoding: gzip
expires: Thu, 22 Sep 2022 16:23:25 GMT
cache-control: max-age=43200
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1408)
Size:   7461
Md5:    ae0aab6c5a2ae2e1168e74f6e6ae4741
Sha1:   2c00f69ee4bbe2ec96c0f7bb33b5f827a6195af8
Sha256: a47a88a9b6c7635e5074c25c6e3c92f399fdf8772376e94f077167241e59f9de
                                        
                                            GET /wp-content/uploads/2022/07/vk_zr-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 38506
last-modified: Thu, 28 Jul 2022 16:02:30 GMT
etag: "62e2b316-966a"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   38506
Md5:    8d6bcbf88b4ae3562a832d18b68ea6fa
Sha1:   b82db24050e494f63389dfd15b096c3bd97829b2
Sha256: 5f622bd93fdd8e279d18b588799a2cef833694dff83aa3810831b7a2d0c2382f
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Thu, 10 Dec 2020 09:02:02 GMT
vary: Accept-Encoding
etag: W/"5fd1e40a-2bd8"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   34133
Md5:    129b3cb3749d3295cbd4d8e53c7deb56
Sha1:   42b23f49098b8c605636a31d9afa4cc97e3ab62f
Sha256: 782e0a7134e2322f59d18e014452fe79a2078b292e37d67634eca1c777e48bad
                                        
                                            GET /promo_data/static/static300x1050_1.png HTTP/1.1 
Host: cp.beget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         193.168.47.247
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 195182
last-modified: Wed, 21 Sep 2022 15:20:45 GMT
etag: "632b2bcd-2fa6e"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 1050, 8-bit/color RGB, non-interlaced\012- data
Size:   195182
Md5:    474880296b5c1093c659428dc8219836
Sha1:   8fe108787dc4901e3236c77289b835f85572f0b8
Sha256: 70343f8f68fda9cba779e49233eabc34bb3cd8fc8b8b1ca1c7d01eefdc342902
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "952D6667435A59323784DF8373A3FC303B91B5B067CD037CFEB241D86239BC64"
Last-Modified: Wed, 21 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12905
Expires: Thu, 22 Sep 2022 07:58:30 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/plugins/wp-social-likes/js/social-likes.min.js?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-24f8"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   40222
Md5:    89587bda52679af8b02ad2943c481f1f
Sha1:   e83bb96d7b6498de5557b05eef5d7ea8e741b614
Sha256: 77b8e5e9eb2f5847ff160cc57f9eabc634abce63967ebf526324cce86edd5317

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /js/r.php?i=21vr2g6pimi&l=https%3A%2F%2Finveststable.ru%2F&r=1663820604903 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Content-Length: 43
Keep-Alive: timeout=4, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    6d22e4f2d2057c6e8d6fab098e76e80f
Sha1:   b80b11203d97fe01c5597ca3be70406ea48f5709
Sha256: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
                                        
                                            GET /wp-content/plugins/wp-social-likes/js/custom-buttons.js?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-6da"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   33342
Md5:    ac0faead0e0536cab6bf4f199e0e2619
Sha1:   76004f2b3c901f0f494126cc353d0d340b85ba9e
Sha256: fe724357842e6e658877c98a3d07c0fa6959b0f81f59cbd855b8e22e08162249
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
vary: Accept-Encoding
etag: W/"632880bf-7917"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   16088
Md5:    2e43186fd87f3e038c6858330a7f02e7
Sha1:   f2ef23c89a268540e7ed804f4d7a1648255ee798
Sha256: e817e3883c8a5be9896d6787a18a1126dc0c646e2be99093dea19fe5051a486b

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /w/6/a/a2.php?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=4, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32541), with no line terminators
Size:   11240
Md5:    38c061c4a06aa91f396ef1fe99df4ac7
Sha1:   26f80bfb65cf273163e1315f52f68f9973cae1d4
Sha256: 8c8de3862a2ecf26dbb5fd1d040e244d481fa7f1ce1fb349de5ff23ffc7b4a16
                                        
                                            GET /wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar.min.js HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-1535"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (5370)
Size:   2315
Md5:    8576ed958e57c8e78686ae1cf9df7dee
Sha1:   152be91a9fc541a9a6d07750a15609bf87aad141
Sha256: ccf0c3db02df5c4ddc02fa1b111f7eff7aa54841ef9bb2f18cfdc140dfed07e9

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/elegantwp/style.css HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-11264"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   11034
Md5:    2d1bc9388c76becd9af7d6ca649029e6
Sha1:   614a6f496211bcbd9b197e5de2fe3c721fa79a7f
Sha256: cab50faa0e8d981a028ff82d3f61901a6db4442c9e3cd7c7396e9b6a4307c9b2
                                        
                                            GET /mc/?dp=10 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 302 Found
content-type: text/html
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 154
location: /mc/?dp=10&tc=1
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Thu, 22-Sep-22 04:33:25 GMT aid=uQx9GmMr4z0yGAC2DC+PAtzKKVYNbhYnlvyheL46I2sqKJCf; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
                                        
                                            GET /wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-724"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (11701), with CRLF, LF line terminators
Size:   6224
Md5:    8764b5f36586cadf25df81de151ac404
Sha1:   0872b5d64969381d3756ea48a613640771fef34c
Sha256: 0cfa702e0854a2dad8bee375a44006b516566e777eb0b81adef2412a6de99c36

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:02:48 GMT
ETag: "f24c0a55aad97550975218a01a94a6152bfd427a"
Last-Modified: Thu, 22 Sep 2022 03:02:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 496
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e01bf80afe-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    5ce27a2722c4b3282daf324239bdb076
Sha1:   f24c0a55aad97550975218a01a94a6152bfd427a
Sha256: a40ad9473b0407b211e372c94ce4a2325a805d10bd4045e9393b197186775671
                                        
                                            GET /userip HTTP/1.1 
Host: kraken.rambler.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         81.19.89.18
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx/1.19.4
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 12
access-control-allow-origin: https://investstable.ru
x-srv: 0kraken-prod0002.ad.rambler.tech
set-cookie: ruid=1CIAAD3jK2N7CqJuASdTWgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ proto_uid=1CIAAD3jK2N7CqJuASdTWgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   12
Md5:    35b0bce9d250429df012c0426f88d0bd
Sha1:   f81d80af9cbeb0011316fbba3da8002b32251f7a
Sha256: da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d
                                        
                                            GET /wp-content/uploads/2019/10/cropped-26939-520-32x32.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663820604939; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=0b8e7dea-cc28-4ac9-a90d-4e0f5622228f; adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4%3Ainveststable.ru; top100_id=t1.6699530.320768010.1663820605061; t3_sid_6699530=s1.777191712.1663820605062.1663820605062.1.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 2402
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-962"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2402
Md5:    93f0cd2b3e24f6d8a35bd8960022f7ef
Sha1:   641413117c5083469194ce81347e100a9a57ec62
Sha256: f6aba205f53b839f33daff5ab64e9fbd4bf6d32252fd0c501704107e0d20ec1c
                                        
                                            GET /wp-content/uploads/2019/10/cropped-26939-520-192x192.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663820604939; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=0b8e7dea-cc28-4ac9-a90d-4e0f5622228f; adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4%3Ainveststable.ru; top100_id=t1.6699530.320768010.1663820605061; t3_sid_6699530=s1.777191712.1663820605062.1663820605062.1.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 50173
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-c3fd"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   50173
Md5:    e44d85614d8292ccfd0d2f66283315a7
Sha1:   ba7defd7ea00c5796cc6a5eaf7a3f24e3a7ad596
Sha256: fd5b43b6831c55cc360e720b2f1dd2ce08d5c086641c69a09a735d18974a340e
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 22 Sep 2022 02:41:10 GMT
expires: Thu, 22 Sep 2022 04:41:10 GMT
cache-control: public, max-age=7200
age: 6135
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /flags/24/us.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:19:00 GMT
content-length: 656
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-290"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 265


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   656
Md5:    ae506a6c014bfeb8d8cbfdfbe94c14c9
Sha1:   f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
Sha256: bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
                                        
                                            GET /hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.3680274001724315 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         88.212.201.198
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Length: 795
Connection: keep-alive
Expires: Tue, 21 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 31\012- data
Size:   795
Md5:    0a6723b4cddaa3f9c01670dde4ce4ad6
Sha1:   8d5e93a5015c83243f72c6d0dc7e2b32817b26e1
Sha256: 1dbd5b1cf882a22863f941f7bf1f3c89f0a34950e6aad15f9a27de1525f8ad8b
                                        
                                            GET /uploads/images/563563/5fa33659e4724d789547de912bbe3be8.png HTTP/1.1 
Host: glopart.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.250.65.231
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 54145
etag: "feb7022cd81177a74fa1cce597a22c5d"
last-modified: Sat, 19 Mar 2022 01:43:03 GMT
accept-ranges: bytes
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 220 x 150, 8-bit/color RGB, non-interlaced\012- data
Size:   54145
Md5:    feb7022cd81177a74fa1cce597a22c5d
Sha1:   a9cc151224b0d3e3ad30c532de2be412f7863c32
Sha256: bcf62557e5fba352e9873be7c6dc05f01146da67739da6dc9f18e8c495a1a792
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2462
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 03:42:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7FD86E8D25BF5ED74A813015BB868FA3F5A0EC08829278713FE3F7D914C9823C"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6392
Expires: Thu, 22 Sep 2022 06:09:57 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive

                                        
                                            GET /flags/24/ru.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:21:24 GMT
content-length: 403
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-193"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 122


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   403
Md5:    d8df89b036e6afb48f72d2440831bad0
Sha1:   04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
Sha256: 2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
                                        
                                            GET /pagead/js/adsbygoogle.js?client=ca-ca-pub-8209382010145353 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.34
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Thu, 22 Sep 2022 04:23:25 GMT
expires: Thu, 22 Sep 2022 04:23:25 GMT
cache-control: private, max-age=3600
etag: 4542725982730089919
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 58022
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2903)
Size:   58022
Md5:    44331e0d46150c5f5408050eae70c8d0
Sha1:   a66165880dd1d7a1459ecda533a841014a196cb2
Sha256: b73c4f2453b3d507611bf2cdfff7ea28c12bf07336b3a18254d7b5024e9072ce
                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 37MSD4Ug3FWVZlZzMnHXeH8CKGZQ+cWjGqdLilGCtGY1PdA5kZ4cCELQ7OJDrfAvT6plVeg7wLap/rI+VE5p+A==
content-length: 26839
x-fb-trip-id: 1679558926
date: Thu, 22 Sep 2022 04:23:25 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26839
Md5:    9ecd89752214ef749272eef344b9089a
Sha1:   70a58a49c08934265ee34c74efb01d6b3124095d
Sha256: f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
                                        
                                            GET /match?id=106&vid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: dm-eu.hybrid.ai
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         37.18.103.21
HTTP/2 204 No Content
                                        
date: Thu, 22 Sep 2022 04:23:25 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=f8e26917492f96376841; expires=Fri, 22 Sep 2023 04:23:23 GMT; domain=.hybrid.ai; path=/; samesite=none
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 523
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: Hybrid Web Server
X-Firefox-Spdy: h2

                                        
                                            GET /rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D HTTP/1.1 
Host: ssp-rtb.sape.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         193.3.184.134
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: openresty
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=wQO4imMr4z20hQAc3nlPAiIsv1F0L6Obn58+x/8pg8Az+Zv8; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   142
Md5:    82c98e8e012b79c922655461171cc2fa
Sha1:   0828d79135573276005b04be42d79a8a3291292b
Sha256: 745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
                                        
                                            GET /flags/24/gb.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:23:12 GMT
content-length: 1177
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-499"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1177
Md5:    33a79546e65bf38629ec0bf90a0bcc3d
Sha1:   5afd0a44d0f4c8cadd3fea1ec866ddeb67e4afdd
Sha256: 9d5579d2ae226889e9cc592035a86cbe20c570edbdeb6394ec7ebc23c4246571
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6519
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 02:34:46 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /flags/24/cn.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:22:42 GMT
content-length: 604
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-25c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 44


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   604
Md5:    933a5fd60bc9e9b3f152937065ba2142
Sha1:   c161d6d280949b5499111704f3e6f94e8b9d4b78
Sha256: 1afc41cd907186a8d6e578fc119c9b491d411ba4f5c33f02eb5714dd0f657fb6
                                        
                                            GET /flags/24/eu.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:18:48 GMT
content-length: 909
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-38d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 277


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   909
Md5:    94eea2fb562263ef9a777380e3eba8fe
Sha1:   3f74d28639adf5c9fc35450da396da37cb43e2c8
Sha256: f880ef6584845869e5d81b2960b8eb81ec470b88ea8859dd75a2ef80f56fe8dd
                                        
                                            GET /flags/24/ua.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:22:48 GMT
content-length: 476
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-1dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 37


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   476
Md5:    8cf366da149b92da8713850df92cc2a7
Sha1:   8848474af0b13f8912c4e9b97004aad53d186adc
Sha256: 70549240fea1a10a4c0ec5804693af68a23eeaaff15c9cd1883c0138c81847e3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2FEECC37EFCB78815586BBCCF04F5A9154859C02DCD11D4144207CBE937757B8"
Last-Modified: Wed, 21 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1873
Expires: Thu, 22 Sep 2022 04:54:39 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D HTTP/1.1 
Host: ads.adlook.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         5.200.43.131
HTTP/2 302 Found
                                        
location: https://acint.net/match?dp=110&euid=9288d38b302542f1adc454827a2bae69
server: Kestrel
set-cookie: adlm_userId=9288d38b302542f1adc454827a2bae69; expires=Thu, 21 Sep 2023 21:00:00 GMT; path=/; SameSite=None; secure
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /flags/24/btc.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:20:55 GMT
content-length: 890
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-37a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 151


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 4-bit colormap, non-interlaced\012- data
Size:   890
Md5:    ee5ca44996167f948e9a7ef54687c16c
Sha1:   e05e6b5d566a829628f7d4f8f577128979bf4e6c
Sha256: dae692b8bba4d06e448f9724b4787312125a21b78b92e54b6496606f4e6d6055
                                        
                                            POST / HTTP/1.1 
Host: status.geotrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5364
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 02:54:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: status.geotrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5364
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 02:54:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 938
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:04:16 GMT
ETag: "72957e4dadfa484c88ca302bfa53af608d4d9441"
Last-Modified: Thu, 22 Sep 2022 03:04:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1974
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e38df20afe-OSL

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 938
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:04:16 GMT
ETag: "72957e4dadfa484c88ca302bfa53af608d4d9441"
Last-Modified: Thu, 22 Sep 2022 03:04:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1974
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e3ae020afe-OSL

                                        
                                            GET /match?dsp=sape HTTP/1.1 
Host: sync.republer.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.88.82.46
HTTP/2 204 No Content
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
strict-transport-security: max-age=0
X-Firefox-Spdy: h2

                                        
                                            GET /match?dp=110&euid=9288d38b302542f1adc454827a2bae69 HTTP/1.1 
Host: acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE HTTP/1.1 
Host: acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /sync?ssp=sape HTTP/1.1 
Host: a.utraff.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.217.151
HTTP/2 204 No Content
content-type: text/plain
                                        
date: Thu, 22 Sep 2022 04:23:26 GMT
set-cookie: preutid=1; Expires=Sat, 22 Oct 2022 07:23:26 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/ preutid=1; Expires=Sat, 22 Oct 2022 07:23:26 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTIM4NSRSuxBe7Z0x%2Fyw3Hkxo91WsWGHD5xNwl%2FRPvIIMSB3k55P4wXpgc7gYqTgqEugBj1JBLhHaV107kLzmX%2B1Y3qaG749cSwYwzY%2FLN8A3kaq5rm5%2FUS1CuQY%2BTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e843e33a59fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /counter?id=2554513;t=466;l=1 HTTP/1.1 
Host: top-fwz1.mail.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         95.163.52.67
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?id=2554513;t=466;l=1
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2

                                        
                                            GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         78.46.100.125
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT; SameSite=None; Secure uid-legacy=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT
location: /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1
X-Firefox-Spdy: h2

                                        
                                            GET /font/roboto.googlefonts/Roboto-Medium.woff2 HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: application/octet-stream
                                        
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:18:44 GMT
content-length: 62228
last-modified: Sun, 03 Jul 2016 17:43:11 GMT
etag: "57794eaf-f314"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 281


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 62228, version 2.0\012- data
Size:   62228
Md5:    4a6c203d3f824fa9ce159965a0ab3156
Sha1:   024f9f4466d9eca4b612629001b32dbaff3c5b6f
Sha256: e9817ff441c7044f2d126a3e12b02f624bd2fff669e3f6092d9c92324313df13
                                        
                                            GET /matchspm?pi=1000005&pui=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: ut.rktch.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         89.108.97.2
HTTP/1.1 302 Found
                                        
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
Set-Cookie: b_uid=732678de9bc285cf80ef083629712be434ce; Max-Age=2592000; Expires=Sat, 22 Oct 2022 04:23:26 GMT; Domain=rktch.com; Secure; SameSite=None
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true

                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:07:55 GMT
ETag: "7f15a94279ecffa259a9ad47bb02d7e9228a11e8"
Last-Modified: Thu, 22 Sep 2022 03:07:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3316
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e40ac0b523-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    f04ce05b42a0c19c66bdcb839d5f97b7
Sha1:   7f15a94279ecffa259a9ad47bb02d7e9228a11e8
Sha256: 1cd1234da8a72142c30b03e8225178bbf3ee10b26e9543692227fc6333d3c5a5
                                        
                                            GET /informer/25781042/3_0_375139FF_173119FF_1_pageviews HTTP/1.1 
Host: informer.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         87.250.250.119
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1414
last-modified: Thu, 22-Sep-2022 04:23:26 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:26 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 88 x 31, 8-bit/color RGBA, non-interlaced\012- data
Size:   1414
Md5:    233e41aee2e901f6bccedb722c78b9a5
Sha1:   e7ba743d2d344fd68e483b193733a204cd76f727
Sha256: 3b7a76217d240520da0b88d950dd438fdf5c39a3a7e8bcca79436abbb7b25211
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C634AD12A5E310D19A3EB677C2DF49830A1B9C0866C39060D7A72213A6A7AD83"
Last-Modified: Thu, 22 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15911
Expires: Thu, 22 Sep 2022 08:48:37 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "98EB4F13374017F6A9FFA4C8098D19C2BAD0060407D05DFAD0DD1178DEC9B2A5"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9686
Expires: Thu, 22 Sep 2022 07:04:52 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         78.46.100.125
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 35
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT; SameSite=None; Secure uid-legacy=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "001910DD201CD45C40EE95296F514D936BFF35622C0BD8F88C4E03FC16F489A9"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4733
Expires: Thu, 22 Sep 2022 05:42:19 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         195.201.8.30
HTTP/2 204 No Content
                                        
server: nginx/1.21.6
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9FF0F01363DBFB8A16C5BA064B6AD8AAAF50C69CD6181E65C41AC1E46CF891AD"
Last-Modified: Tue, 20 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3589
Expires: Thu, 22 Sep 2022 05:23:15 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D HTTP/1.1 
Host: ssp.bestssp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.147.80.35
HTTP/1.1 302 Found
                                        
Server: nginx/1.16.1
Date: Thu, 22 Sep 2022 04:23:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.acint.net/match?dp=95&euid=YUDLUPZX
Set-Cookie: uid=YUDLUPZX; Expires=Thu, 22 Sep 2032 00:00:00 GMT; mf2=1; Expires=Sat, 22 Oct 2022 00:00:00 GMT;

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "76FF37DB05ADDE13EA3133803A3CDB259411857BF1F412F084440F20857DEA48"
Last-Modified: Wed, 21 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16687
Expires: Thu, 22 Sep 2022 09:01:33 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /userbind?src=sape&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: match.new-programmatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         217.65.2.150
HTTP/1.1 204 No Content
                                        
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Vary: Origin

                                        
                                            GET /sape/sync HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         148.251.236.118
HTTP/2 302 Found
content-type: image/png
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
set-cookie: session_tptc=1663820606145;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180 session_tptc-legacy=1663820606145;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2

                                        
                                            GET /sape/cm?user_id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: nr.bidderstack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         46.4.70.80
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 44
Connection: keep-alive
Set-Cookie: uid=5b053f66-22be-42ec-b77f-4f08e3741fba; domain=.bidderstack.com; path=/; expires=Fri, 22-Sep-2023 04:23:26 GMT;
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   44
Md5:    f9d60352c70a2ba15616d1c9421f3844
Sha1:   e9abc8bea7721a4b6a50295850d13c515006a95c
Sha256: 82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0C3B6835B2E7AA2BB66466305608B1AB6236431FADAFA3A6FE32530F516DC23A"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10258
Expires: Thu, 22 Sep 2022 07:14:24 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /match/396/?remote_uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: s.uuidksinc.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.220.27.134
HTTP/2 302 Found
                                        
server: nginx/1.19.0
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://www.acint.net/match?dp=127&euid=yIwAbFDfg6sY9BTrzowV
set-cookie: jcsuuid=yIwAbFDfg6sY9BTrzowV; expires=Fri, 22 Sep 2023 04:23:26 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /usersync?dspcsid=8&redirect=1 HTTP/1.1 
Host: ssp.bidvol.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         65.108.1.47
HTTP/2 302 Found
                                        
server: nginx/1.23.0
date: Thu, 22 Sep 2022 04:23:26 GMT
x-request-id: 3edf7383-2a83-4e94-a22e-9d81779aa3ba
set-cookie: bvuid=ypsz5uwkkv; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None bvuid2=ypsz5uwkkv; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
location: https://www.acint.net/match?dp=129&euid=ypsz5uwkkv
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /match?dp=95&euid=YUDLUPZX HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F466DF82A3CAABA6E6C4FA8157B943874477C2F0C001C5F73E660D9549F0D00"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15010
Expires: Thu, 22 Sep 2022 08:33:36 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:41:05 GMT
Expires: Tue, 27 Sep 2022 15:41:04 GMT
Etag: "aebee3a96cea231a0783a21220205be0b72058a7"
Cache-Control: max-age=472057,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e489f4b4f9-OSL

                                        
                                            GET /?src=sap1&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: sync.bumlam.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.172.81.160
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Wed, 17 Sep 2042 04:23:26 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3
ETag: 4d86869e-3a2e-11ed-8644-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

                                        
                                            GET /merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: stat.adlabs.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         109.248.237.36
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 22 Sep 2022 04:11:05 GMT
content-length: 0
location: //adlmerge.com/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
X-Firefox-Spdy: h2

                                        
                                            GET /core/match.gif?s=32&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: mediatoday.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.228.111
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx/1.22.0
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
p3p: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
cache-control: no-cache, max-age=0, must-revalidate, no-store
pragma: no-cache
expires: Thursday, 01-Jan-1970 00:00:00 GMT
set-cookie: idntfy=VUz5fGQurjcAGsY; expires=Sun, 19-Sep-2032 04:23:26 GMT; domain=mediatoday.ru; path=/core; SameSite=None; Secure
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    325472601571f31e1bf00674c368d335
Sha1:   2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
Sha256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
                                        
                                            GET /match?dp=127&euid=yIwAbFDfg6sY9BTrzowV HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2463
Cache-Control: 'max-age=158059'
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 03:42:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /p?ssp=sp&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1 
Host: cs.agency2.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.111.107.44
HTTP/1.1 301 Moved Permanently
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Server: fasthttp
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.acint.net/match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684
Set-Cookie: uuid=db43a2ab-80b8-4b99-8552-6f6a55442684; expires=Wed, 13 Sep 2023 04:23:26 GMT; domain=agency2.ru; path=/; secure; SameSite=None
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
X-Host: 23.111.107.44

                                        
                                            GET /sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0 HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: session_tptc=1663820606145
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         148.251.236.118
HTTP/2 302 Found
content-type: image/png
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com/sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19
set-cookie: user_id=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000 user_id-legacy=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2

                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 26 Sep 2022 00:07:10 GMT
ETag: "d3c0ed1397634edc3f957d14f8f51ec052a0f57d"
Last-Modified: Thu, 22 Sep 2022 00:07:11 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1495
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e50ec00afe-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    856835c6c101421c02f097aadb367da2
Sha1:   d3c0ed1397634edc3f957d14f8f51ec052a0f57d
Sha256: f6f2f35a035fd5c2f8d1eab96c5781c9cd1c9dea792d010fcb1fc9f267110c55
                                        
                                            GET /cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP/1.1 
Host: exchange.buzzoola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         138.201.34.239
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 115
location: https://www.acint.net/match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98
serverid: TODO
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   115
Md5:    10f48967cd928a161ecc4fe02022e934
Sha1:   e42e5135d3c585472145b8038904a7048bf04cc4
Sha256: db1af76cc19d7a2fbea559e293490c22cd671de9d43da0eae1c52e1de6c427fc
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         93.158.134.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 72207
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
etag: "63295b76-11a0f"
expires: Thu, 22 Sep 2022 05:23:26 GMT
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Size:   72207
Md5:    27e20c7dbfa3e9cb49571531093d3023
Sha1:   a0f047f86b421891cef771da8171160e831a8471
Sha256: f25ce8f6f6a4fe1fda545849cc37eada3d1f12779d6411b02fcd16e5345e6d5d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36673ded-0a09-4aa6-b4c8-c3e3be3b0e4a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8058
x-amzn-requestid: 78d8a4f9-b85f-4055-a17e-90ccd231e462
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshUOE7jIAMFm-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632815b4-7d0717045b5fd71d5a41ccdb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:09:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Y-EsbrGZSY3WtqlLDDm4MLHjqeLlrzjqCRsSt7r_jSXr0LswkHP_yQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 13:08:32 GMT
age: 54894
etag: "fcc0cdd72a5c97f13b0c59e5b39e06a6add18a9c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8058
Md5:    2b5c8545323317489392c1f56707078e
Sha1:   fcc0cdd72a5c97f13b0c59e5b39e06a6add18a9c
Sha256: c79efda3b792026233b13c07a2c69e3dff0fdbccfb081c768ffc7e52aa744668
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f4b0.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:50:59 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2649)
Size:   1554
Md5:    2a8a33739fa4ecd2023f5ee79122012f
Sha1:   1583a224aa3913d9dc334c2132d595e760767b15
Sha256: ceb4a7a9a2c0272ae1ec068b1e759916cdb2b51814c750dc670132879b09b6f7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8748
x-amzn-requestid: 83c28267-4d10-476d-8b11-08b48b046985
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG6CGtroAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab840-1167c5285b6837d311bfe2a9;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xo0ilY8z0C3rDISFOM5EixEK7HAelSut4hgNNwGYAVQIfPP8C6pUCg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:08:33 GMT
age: 76493
etag: "7c27c02029eb49e726a076679be2c793da696e45"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8748
Md5:    888247c1153f8770b880395734749107
Sha1:   7c27c02029eb49e726a076679be2c793da696e45
Sha256: 515852e0d38cdaf86bce45fa5e0df453d08ca36cf6ecfa0c4b868c2143afe333
                                        
                                            GET /match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3 HTTP/1.1 
Host: sync.bumlam.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.172.81.160
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Wed, 17 Sep 2042 04:23:26 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8861
x-amzn-requestid: 873e88ab-7afc-4b14-b428-d90ec2079741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO2wuE0AoAMF7Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3804-0d25ab397a16c78907914e23;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:08:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E3CxTY9UbUKfKS16_Os-lp6w8b_bIIbWqcIzaGOOc0iwrSOzj6NNqQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 03:25:37 GMT
age: 3469
etag: "56f228d7358ba9deef000f53214dc7c1dc358109"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8861
Md5:    a504981ee10d8341b64f19001464ae8a
Sha1:   56f228d7358ba9deef000f53214dc7c1dc358109
Sha256: 0ea3b6ed12f3adf9d56e7d9b61f284d28107d99f28ee4e66b4c078a9a1a0cbee
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UoQTXSP0LgR4LwELp2Avm27hUekfO9TU9yfvNbIlmUtB-FrU9MGRbg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 23707
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8549
Md5:    62818de3c50f957b2e5680851a1768c9
Sha1:   80e48c9ae48c89598780736b089c98e22d58df9a
Sha256: 16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /pagead/html/r20220919/r20190131/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.130
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4420
x-xss-protection: 0
date: Wed, 21 Sep 2022 21:20:10 GMT
expires: Wed, 05 Oct 2022 21:20:10 GMT
cache-control: public, max-age=1209600
age: 25396
etag: 9671129459699598864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Size:   4420
Md5:    682bf699cccbc0ff817e1fcb7b95262a
Sha1:   11ad3edf0008f52b733c2d6d7199e1f052318d58
Sha256: bd42f773d589f85cf6884d7893746d5d4e0c082f78e1c80511cf3aefa1c69a0f
                                        
                                            GET /counter?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144 HTTP/1.1 
Host: top-fwz1.mail.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         95.163.52.67
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive

                                        
                                            GET /counter2?id=2554513;t=466;l=1 HTTP/1.1 
Host: top-fwz1.mail.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         95.163.52.67
HTTP/2 200 OK
content-type: image/gif