rkiz.ru/
45.130.41.35301 Moved Permanently 295 B IP 45.130.41.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f1de6dd79e12a0f236b14f8018478b0d
0c3ad0178736ca21c168bce8a7497436cadedfd0
30b3ec617a92aaf8821ae4f1b39d54ab05afb1b6cb5bfbfb3277e1baf3f8fe7f
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: rkiz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:23 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://rkiz.ru/
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 05:23:23 GMT
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 804f8bbb7f556d51a5f52d5ebd5b6eef
922cd7e06df278615a04abb81d811d14596c8180
ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 04:13:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IUxIPf20MNy2yDpDQ201RbuWUZ9EoOXdMEeYSw-MNS6Tz60633ZwQA==
Age: 567
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2677
Expires: Thu, 22 Sep 2022 05:08:00 GMT
Date: Thu, 22 Sep 2022 04:23:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VgEtaYX77GfZm-GZ0ThgOobpv63SSuQKVess54lvGPNjr8SID6UdAg==
age: 85690
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c5d70569b15d83122d49273bbfb59deb
38b4f8bf43e94affdd89067661e0f1add0d8bf27
21804161e7fd5975bf665db807d39466c91ad92d3028327029d6219de9e4dc8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21804161E7FD5975BF665DB807D39466C91AD92D3028327029D6219DE9E4DC8D"
Last-Modified: Thu, 22 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Thu, 22 Sep 2022 10:22:52 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 04:03:23 GMT
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 04:54:52 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PT_09t1uA_uoxbzKrf7YkVRwjqXUhS_X3TZsWROSvBCq_7ag0w259Q==
Age: 1202
rkiz.ru/
45.130.41.35301 Moved Permanently 0 B IP 45.130.41.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: rkiz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/html
content-length: 0
vary: X-Forwarded-Proto,Accept-Encoding
x-powered-by: PHP/7.3.31
x-redirect-by: WordPress
location: https://investstable.ru/
cache-control: max-age=3600
expires: Thu, 22 Sep 2022 05:23:24 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff6d50919e56aed75c47feb45ee2f2ec
98f558a4b2d4f3c271abc93d0b74ece4ad7a59ef
b1b6f0e78b5a1e2092cba6d71d0d5a918066c0486176cef0a19f51e2d5a9962e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5160
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:24 GMT
Last-Modified: Thu, 22 Sep 2022 02:57:24 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0a91b65217c1d31a1bfc386ebb39253c
6094865b9c7e6dc4e14475f24a4d441a3ee48603
6a644fa058890a19071c6cf17848aacc8c2db7e7c22e805f91bf9b40adfd4c3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A644FA058890A19071C6CF17848AACC8C2DB7E7C22E805F91BF9B40ADFD4C3E"
Last-Modified: Wed, 21 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 22 Sep 2022 10:23:24 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.28.179101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.28.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tbhnmVlIhsz82uP3ZcQWdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZMv1blO4ECVTSNkIyIqL8/90ToM=
investstable.ru/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf
45.130.41.35200 OK 4.8 kB URL HTTP/2 investstable.ru/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf
IP 45.130.41.35:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ratemypost \012- data
Hash 5772d7b0d9851e23e062eafadaf7729f
c774ae6a5da5dd14342db3281735dc2812da1d3d
40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/octet-stream
content-length: 4824
last-modified: Sat, 03 Sep 2022 08:53:46 GMT
etag: "6313161a-12d8"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 35343b6981ed4c9eb2cd90bc8c2146cd
4e49432e50195a2bc528fb1745a2899306c79db8
cf55f53534e3e8b62513618cda90832a7b9bcd0d15b1a8f6bb51db6eb60daefd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c8ac2005f83e8a3a9da1a9837b6c2ff3
7c05f49683e49232c1e11b91253e684d2f96ab83
b0b42743b4c7e4b528fd78aadc5429ef34c2e127f3d5147330d428a47203dc0a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-150971850-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-150971850-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 0a7a3f4a6157c1f7b9b4f4ea7f883699
2be7cf1d6b733cbddfa261025b3b9c7a69d83150
d791561d2eeb561644c631498ec0cd7160cf3cb9fc8665f111c8b5124f8443c1
GET /gtag/js?id=UA-150971850-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 Sep 2022 04:23:24 GMT
expires: Thu, 22 Sep 2022 04:23:24 GMT
cache-control: private, max-age=900
last-modified: Thu, 22 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42209
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a3eb510be514b751c4d44febef0ad233
2a6066485e0b14b5a86c968c033eea85da230083
bb3d92000b07ccf43bf2de131a37712a6d12ec4a22266505d6a3e9c50d25f2c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB3D92000B07CCF43BF2DE131A37712A6D12EC4A22266505D6A3E9C50D25F2C5"
Last-Modified: Tue, 20 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16690
Expires: Thu, 22 Sep 2022 09:01:34 GMT
Date: Thu, 22 Sep 2022 04:23:24 GMT
Connection: keep-alive
investstable.ru/wp-content/uploads/2022/09/vk_dm-480x360.jpg
45.130.41.35200 OK 40 kB URL HTTP/2 investstable.ru/wp-content/uploads/2022/09/vk_dm-480x360.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 5dc73406aae193005e9cf3a7c204d3b1
87cca995b9d938e450bfb3d0ff54ac039f7e2b52
24b9e3b9009e663dabb5cdc28d3da5a218a01ef3e7f32261a2834234f1562fbf
GET /wp-content/uploads/2022/09/vk_dm-480x360.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 39518
last-modified: Sat, 03 Sep 2022 09:22:48 GMT
etag: "63131ce8-9a5e"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/05/banner-1-728x90-1.jpg
45.130.41.35200 OK 60 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/banner-1-728x90-1.jpg
IP 45.130.41.35:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 728x90, components 3\012- data
Hash 164506b5e3543299d93d1817b850d98c
b4a644d177c37bf75f56c09208aadc92b522e8cd
2df22e26878a25ee43d3ec4093ef68515ea2561fd7430f071b03754c12e0db4e
GET /wp-content/uploads/2020/05/banner-1-728x90-1.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 59669
last-modified: Tue, 12 May 2020 09:00:10 GMT
etag: "5eba659a-e915"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/05/a-markets.jpg
45.130.41.35200 OK 27 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/a-markets.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Hash 756a565565df6e0f2cec2c9b4b76e296
387773b21ffcab31cb1d89e7f96d0d6b547506ba
09caa68834995289b636e847fceb545272b5a5350333b2e720093cb400d6aaba
GET /wp-content/uploads/2020/05/a-markets.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 26988
last-modified: Mon, 25 May 2020 15:27:50 GMT
etag: "5ecbe3f6-696c"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 54bff19a8a3ab371cf3de96e4a08b60a
2d6aebb0b50132011f2cca206a30b94476b824c9
c7c343b86640657ed68c70ca0c9fe150b8f8c9ed8cb32428d52fd161fc6f2477
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7C343B86640657ED68C70CA0C9FE150B8F8C9ED8CB32428D52FD161FC6F2477"
Last-Modified: Wed, 21 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5644
Expires: Thu, 22 Sep 2022 05:57:29 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive
investstable.ru/wp-content/uploads/2020/05/250x250-pamm.gif
45.130.41.35200 OK 50 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/250x250-pamm.gif
IP 45.130.41.35:0
File type GIF image data, version 89a, 250 x 250\012- data
Hash cd3b0f639f22b2f35bd583ac16571cdb
a9ce0bc972d8963f8a88ae83a38c379e0a07a5ee
73de70b14b33570c9783b994522506583c50840edf538a76094151877e433df1
GET /wp-content/uploads/2020/05/250x250-pamm.gif HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/gif
content-length: 50534
last-modified: Mon, 25 May 2020 16:02:52 GMT
etag: "5ecbec2c-c566"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/05/ndb_1500_250x250_ru.jpg
45.130.41.35200 OK 48 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/ndb_1500_250x250_ru.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Hash 14b49bbf12791190c668c54e5c867feb
52d144e242b973942da49d1f8500cac301ac6f1c
79b20d7cf1871bfed16ef693560ba0d8c29b93980c25be6e2e4ead025d85bfaa
GET /wp-content/uploads/2020/05/ndb_1500_250x250_ru.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 48403
last-modified: Mon, 25 May 2020 16:01:08 GMT
etag: "5ecbebc4-bd13"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/12/viboom.gif
45.130.41.35200 OK 46 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/12/viboom.gif
IP 45.130.41.35:0
File type GIF image data, version 89a, 300 x 225\012- data
Hash 6da112ed7073c836748ec4198f5bb858
4908acad4b3151a2042719d59a0524f9c3766ad6
df0a9e760593a0d61e1e8d5cc12a435be6153d0ccad00790854c55b86e4289fb
GET /wp-content/uploads/2020/12/viboom.gif HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/gif
content-length: 46261
last-modified: Tue, 15 Dec 2020 08:18:05 GMT
etag: "5fd8713d-b4b5"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/10/1b60f5f5164148019a12f2f47c7b28b1.jpg
45.130.41.35200 OK 52 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/10/1b60f5f5164148019a12f2f47c7b28b1.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Hash 8863ca88093cdcc7381f2c0e3ee55ff0
e1a2a3aee11ace0d95b1d584a292379326ebc7bd
da63cc478ddb4c84036814cefd918f548f5d29f1c8dcff64aedb10b1a43c9a3b
GET /wp-content/uploads/2020/10/1b60f5f5164148019a12f2f47c7b28b1.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 51586
last-modified: Sun, 18 Oct 2020 12:36:20 GMT
etag: "5f8c36c4-c982"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/05/banner-6-240x400-1.jpg
45.130.41.35200 OK 82 kB URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/banner-6-240x400-1.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x400, components 3\012- data
Hash 51a4c1b3683215db55b49b09fb070068
b910ddaa2402e7442d1a40383ac7b69727c83047
ff68e86ea261a9a70a60a7b7f4f605d020701449d50a899702db69d5269a2169
GET /wp-content/uploads/2020/05/banner-6-240x400-1.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 82546
last-modified: Tue, 12 May 2020 09:05:43 GMT
etag: "5eba66e7-14272"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2019/08/6912627ce8ddb69676858d981b62973d.jpg
45.130.41.35200 OK 34 kB URL HTTP/1.1 investstable.ru/wp-content/uploads/2019/08/6912627ce8ddb69676858d981b62973d.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x600, components 3\012- data
Hash d622aded8f2ecc17082f2a48cfe6b57c
c940eb282e634fef78a2a65167d4c457e27065d3
51c0031ad4194403f9dc6f6648d37e0467b69e7c1f2c2570079581e2094cbb1d
GET /wp-content/uploads/2019/08/6912627ce8ddb69676858d981b62973d.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:24 GMT
Content-Type: image/jpeg
Content-Length: 33460
Last-Modified: Fri, 01 May 2020 14:11:51 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5eac2e27-82b4"
Expires: Sat, 22 Oct 2022 04:23:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 35343b6981ed4c9eb2cd90bc8c2146cd
4e49432e50195a2bc528fb1745a2899306c79db8
cf55f53534e3e8b62513618cda90832a7b9bcd0d15b1a8f6bb51db6eb60daefd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons.css?ver=6.0.2
45.130.41.35200 OK 5.2 kB URL HTTP/2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons.css?ver=6.0.2
IP 45.130.41.35:0
Hash 2af5940958d7381ab3bc08138f49f5c1
6ac626bfc6429081ac4ca1767f5d90bdd9688a02
0621a91b10af42386887ad7c00ce9bfc439fd0debb348ce2c73f132ba02bce01
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-social-likes/css/custom-buttons.css?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-1dbd"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
proxy6.net/static/img/b/7.28x90.png
185.178.208.139200 OK 23 kB URL HTTP/2 proxy6.net/static/img/b/7.28x90.png
IP 185.178.208.139:0
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Hash 535a8e53835eabedf0f9436dc0a01c4f
96faf73445971f7f81e6b23416ae7fe76c287847
1b4b102a9932253604ff516491a2d43fa9f17534213cc76894c4f482b4ba7eed
GET /static/img/b/7.28x90.png HTTP/1.1
Host: proxy6.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ti5npL2TK8nn6rpjPnb1; Domain=.proxy6.net; HttpOnly; Path=/; Expires=Fri, 22-Sep-2023 04:23:25 GMT
date: Wed, 21 Sep 2022 09:33:30 GMT
content-type: image/png
content-length: 22901
last-modified: Fri, 14 Apr 2017 17:35:01 GMT
etag: "58f10845-5975"
expires: Thu, 22 Sep 2022 09:33:30 GMT
cache-control: max-age=86400
accept-ranges: bytes
age: 67795
ddg-cache-status: HIT
X-Firefox-Spdy: h2
rc.revolvermaps.com/0/0/6.js?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0
185.44.104.99200 OK 975 B URL HTTP/1.1 rc.revolvermaps.com/0/0/6.js?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0
IP 185.44.104.99:0
ASN #34549 meerfarbig GmbH & Co. KG
File type ASCII text, with very long lines (1829), with no line terminators
Hash 6f2cff312815e129e65971e1f7aa0b6c
f07651ab0ae9b95ef1007782e8d1bbf0fae53f66
26a7a91762ec29a98d90e879584a0218e49e6733c98504d5c15d156f39d72446
GET /0/0/6.js?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1
Host: rc.revolvermaps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Last-Modified: Fri, 23 Jun 2017 15:59:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Content-Length: 975
Keep-Alive: timeout=4, max=100
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b7df2cd103ef61cb4f4ac5e9e9ea455
a6bdf36ed01c1ebca4bb4aac903e22a7b4abff72
c09a3fa0e696dc69870866fdad3789d5833c81c94ed2a1c8b667e980850f19c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C09A3FA0E696DC69870866FDAD3789D5833C81C94ED2A1C8B667E980850F19C3"
Last-Modified: Wed, 21 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8070
Expires: Thu, 22 Sep 2022 06:37:55 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive
investstable.ru/wp-content/uploads/2019/09/etxt-top.png
45.130.41.35200 OK 26 kB URL HTTP/1.1 investstable.ru/wp-content/uploads/2019/09/etxt-top.png
IP 45.130.41.35:0
File type PNG image data, 240 x 400, 8-bit colormap, non-interlaced\012- data
Hash cb8cfd79a3d7e07dba22b9c5fe4f3d96
078c915b31f98b58f033506c0b84091dfe72274f
6c818e114473a3bf43c626772ebc5d4fb573e8c4043167c0d03b77e29548c3da
GET /wp-content/uploads/2019/09/etxt-top.png HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Type: image/png
Content-Length: 25516
Last-Modified: Fri, 27 Sep 2019 19:03:04 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5d8e5ce8-63ac"
Expires: Sat, 22 Oct 2022 04:23:25 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
investstable.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
45.130.41.35200 OK 106 kB URL HTTP/2 investstable.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 45.130.41.35:0
Size 106 kB (105678 bytes)
Hash a446c8c2286e6b26934382b6abe7f1a4
a737c346179c0f09541a5cc4a331b13ab334a2f2
ab806b516e3b0f2a7d54e082727a8bb35643d495738a28963f9cae8d58441b66
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Fri, 02 Sep 2022 05:07:05 GMT
vary: Accept-Encoding
etag: W/"63118f79-2fb3"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
45.130.41.35200 OK 77 kB URL HTTP/2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 45.130.41.35:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: application/font-woff2
content-length: 77160
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
etag: "632880bf-12d68"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
investstable.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
45.130.41.35200 OK 31 kB URL HTTP/2 investstable.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 45.130.41.35:0
Hash 142904507a9348288d2d5a5cde218014
45db2c602bff1c3e7c8bd71857767f95bfd0e4a9
54e673d35b3102192d8dd277067627365f14140f3ad1d6cc9361e25c23703c06
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Sat, 31 Jul 2021 16:31:34 GMT
vary: Accept-Encoding
etag: W/"61057ae6-15db1"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2014/08/tinkoffkredkart.gif
45.130.41.35200 OK 129 kB URL HTTP/1.1 investstable.ru/wp-content/uploads/2014/08/tinkoffkredkart.gif
IP 45.130.41.35:0
File type GIF image data, version 89a, 240 x 400\012- data
Size 129 kB (129292 bytes)
Hash 0fa05fbdc4547a05ce7ca2812aaf1813
8eedb0688f90845d21205cc7839a3aaf0b0967f7
3b31ece620ceac4155c47e03e3e01c4d775c96e2a64b2b4155d66b838010e053
GET /wp-content/uploads/2014/08/tinkoffkredkart.gif HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Type: image/gif
Content-Length: 129292
Last-Modified: Mon, 20 Mar 2017 18:39:50 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "58d021f6-1f90c"
Expires: Sat, 22 Oct 2022 04:23:25 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
www.web-ip.ru/images/200-300.gif
185.12.92.39200 OK 400 kB URL HTTP/1.1 www.web-ip.ru/images/200-300.gif
IP 185.12.92.39:0
File type GIF image data, version 89a, 200 x 300\012- data
Size 400 kB (399657 bytes)
Hash 3106053a699c9ac521a5b73ab06a017a
12bf12c0fca502f94a33cf50b026854c977dbdad
e32c410d8e8353778912a3338dcf8b5c2535c55c31988def5a202d01b9f68b7b
GET /images/200-300.gif HTTP/1.1
Host: www.web-ip.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Thu, 22 Sep 2022 04:23:24 GMT
Content-Type: image/gif
Content-Length: 399657
Last-Modified: Tue, 16 Oct 2018 18:33:51 GMT
Connection: close
ETag: "5bc62f0f-61929"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43d102660a55b32b0f3a90b39356f0c1
05173fb073e9501c4f91f0554c238f88211af446
5ca1016ea27d448316328f395ec31d1d75368e5539af4e9202a2fb8b8ebb1e08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5916
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 02:44:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
investstable.ru/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
45.130.41.35200 OK 711 B URL HTTP/2 investstable.ru/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
IP 45.130.41.35:0
Hash 36a069bcad1c488c09ca8674bb43213e
8ec5c49b2070c89ad9197bb093f272ec1717133e
c5b3e01c0391f4146d68a53da545c8a11d9e7e00f2b7a442838cc9f79b74302b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 31 May 2021 18:47:51 GMT
vary: Accept-Encoding
etag: W/"60b52f57-176"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/assets/js/custom.js
45.130.41.35200 OK 1.6 kB URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/custom.js
IP 45.130.41.35:0
Hash 98cbe118a07cc68913eb411ae499d181
e0933357c9b8b7e1cfe1653ea107b31f4cd84a1c
b3feacee00a2b459e5d968084dba7203adf40eef2f7b60f414cd258ca4d1c9bb
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/custom.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-11fe"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qn.woff2
142.250.74.163200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qn.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 27624, version 1.0\012- data
Hash 1f72af2c5d07489f5ac244943db9d7eb
49aa6096e9b9b9d4949a79794a72cb31b744d0de
02fbcf6cd136ae3bfc98aecbbc0f0b1f348c05d96390d63a89cdc323a6dda70c
GET /s/domine/v19/L0x8DFMnlVwD4h3hu_qn.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27624
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 22:03:28 GMT
expires: Sat, 16 Sep 2023 22:03:28 GMT
cache-control: public, max-age=31536000
age: 454797
last-modified: Mon, 11 Jul 2022 19:06:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js
45.130.41.35200 OK 11 kB URL HTTP/2 investstable.ru/wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js
IP 45.130.41.35:0
Hash a4ea945c835124e715d67ac3355ed217
63b9ed5dc9a017065de43a12ac722d53c14240d2
5de51efd9ad0db144cbbaf2b520afc3eadbaf89fcde944b5efbdf8ee91be5804
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Sat, 28 Oct 2017 03:27:10 GMT
vary: Accept-Encoding
etag: W/"59f3f90e-46f"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 408a3493bdbf02872d790eea31256aeb
6ce0310e6d6d28fe8078d1a78acb79c3998a56ff
129b206fb2fb9bf6fd161fdfa28b0551fa0e2d1e8365cb079b521ab7d93ac196
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "129B206FB2FB9BF6FD161FDFA28B0551FA0E2D1E8365CB079B521AB7D93AC196"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11061
Expires: Thu, 22 Sep 2022 07:27:46 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive
investstable.ru/wp-content/plugins/wp-social-likes/css/social-likes_classic.css?ver=6.0.2
45.130.41.35200 OK 6.6 kB URL HTTP/2 investstable.ru/wp-content/plugins/wp-social-likes/css/social-likes_classic.css?ver=6.0.2
IP 45.130.41.35:0
Hash 03b5c68c55f395ac3f17d8e747e85608
26acc347350f73bc6ae3d441c249f4c2f54b4664
384ce638fa96f4cabc89d46f77a21d2b22e1067de90091233496bcc1c7d9a9a4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-social-likes/css/social-likes_classic.css?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-38b9"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
45.130.41.35200 OK 21 kB URL HTTP/2 investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
IP 45.130.41.35:0
Hash 4f179db97b8758f939d83616ae022bce
36d2de77b05dd786cd71ab353aa73e32ca601226
8f842ab45e0edb4f2203b3ee19e08f1bc987247fb211cbd0bea9976377e342db
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Fri, 02 Sep 2022 05:07:19 GMT
vary: Accept-Encoding
etag: W/"63118f87-1f50"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
45.130.41.35200 OK 13 kB URL HTTP/2 investstable.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 45.130.41.35:0
Hash c463ce7d08a5054d2fb613e0bf728b8b
f85b1655f2452af7ec98e4b9cb91327a06c74650
5ee2e46027c49736f593a3a5c42e5e1964247d7e8a6d6e9c7a98d5d99329fe45
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Wed, 25 May 2022 15:16:06 GMT
vary: Accept-Encoding
etag: W/"628e4836-48b9"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build/main.js?ver=54d2e76056851d3b806e
45.130.41.35200 OK 535 B URL HTTP/2 investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build/main.js?ver=54d2e76056851d3b806e
IP 45.130.41.35:0
Hash a09e4bf4c07dca511633e004f6cc6a01
3508a45dadf8530e89c0510de8cdbaff88d9726a
07c5526b71c3afc34f96180f0ae212c31d95fbcb320e27a26be7b1848d7ba099
GET /wp-content/plugins/advanced-responsive-video-embedder/build/main.js?ver=54d2e76056851d3b806e HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Fri, 02 Sep 2022 05:07:02 GMT
vary: Accept-Encoding
etag: W/"63118f76-413"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2022/08/vk_fra-480x360.jpg
45.130.41.35200 OK 27 kB URL HTTP/2 investstable.ru/wp-content/uploads/2022/08/vk_fra-480x360.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 7a59ac2b35bba946e86997dd5248e0e0
792e85f57b6c46bff81789a8dee4635575e16707
510c549bdc189926dc97923d7dfad2dda9911ff6f9b119bb87100d7f84f32ad4
GET /wp-content/uploads/2022/08/vk_fra-480x360.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/jpeg
content-length: 26973
last-modified: Fri, 05 Aug 2022 16:46:24 GMT
etag: "62ed4960-695d"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.acint.net/aci.js
185.12.125.25200 OK 7.5 kB IP 185.12.125.25:0
File type ASCII text, with very long lines (1408)
Hash ae0aab6c5a2ae2e1168e74f6e6ae4741
2c00f69ee4bbe2ec96c0f7bb33b5f827a6195af8
a47a88a9b6c7635e5074c25c6e3c92f399fdf8772376e94f077167241e59f9de
GET /aci.js HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: application/x-javascript
content-length: 7461
last-modified: Mon, 16 May 2022 07:14:50 GMT
etag: "6281f9ea-1d25"
content-encoding: gzip
expires: Thu, 22 Sep 2022 16:23:25 GMT
cache-control: max-age=43200
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2022/07/vk_zr-480x360.jpg
45.130.41.35200 OK 38 kB URL HTTP/2 investstable.ru/wp-content/uploads/2022/07/vk_zr-480x360.jpg
IP 45.130.41.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 8d6bcbf88b4ae3562a832d18b68ea6fa
b82db24050e494f63389dfd15b096c3bd97829b2
5f622bd93fdd8e279d18b588799a2cef833694dff83aa3810831b7a2d0c2382f
GET /wp-content/uploads/2022/07/vk_zr-480x360.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/jpeg
content-length: 38506
last-modified: Thu, 28 Jul 2022 16:02:30 GMT
etag: "62e2b316-966a"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
45.130.41.35200 OK 34 kB URL HTTP/2 investstable.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 45.130.41.35:0
Hash 129b3cb3749d3295cbd4d8e53c7deb56
42b23f49098b8c605636a31d9afa4cc97e3ab62f
782e0a7134e2322f59d18e014452fe79a2078b292e37d67634eca1c777e48bad
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Thu, 10 Dec 2020 09:02:02 GMT
vary: Accept-Encoding
etag: W/"5fd1e40a-2bd8"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
cp.beget.com/promo_data/static/static300x1050_1.png
193.168.47.247200 OK 195 kB URL HTTP/2 cp.beget.com/promo_data/static/static300x1050_1.png
IP 193.168.47.247:0
File type PNG image data, 300 x 1050, 8-bit/color RGB, non-interlaced\012- data
Size 195 kB (195182 bytes)
Hash 474880296b5c1093c659428dc8219836
8fe108787dc4901e3236c77289b835f85572f0b8
70343f8f68fda9cba779e49233eabc34bb3cd8fc8b8b1ca1c7d01eefdc342902
GET /promo_data/static/static300x1050_1.png HTTP/1.1
Host: cp.beget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/png
content-length: 195182
last-modified: Wed, 21 Sep 2022 15:20:45 GMT
etag: "632b2bcd-2fa6e"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 97b0cc71139fe0c18337f7437d1cb7c1
0d58d151589885eb12c1ef65364995eb65d92be8
952d6667435a59323784df8373a3fc303b91b5b067cd037cfeb241d86239bc64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952D6667435A59323784DF8373A3FC303B91B5B067CD037CFEB241D86239BC64"
Last-Modified: Wed, 21 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12905
Expires: Thu, 22 Sep 2022 07:58:30 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive
investstable.ru/wp-content/plugins/wp-social-likes/js/social-likes.min.js?ver=6.0.2
45.130.41.35200 OK 40 kB URL HTTP/2 investstable.ru/wp-content/plugins/wp-social-likes/js/social-likes.min.js?ver=6.0.2
IP 45.130.41.35:0
Hash 89587bda52679af8b02ad2943c481f1f
e83bb96d7b6498de5557b05eef5d7ea8e741b614
77b8e5e9eb2f5847ff160cc57f9eabc634abce63967ebf526324cce86edd5317
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-social-likes/js/social-likes.min.js?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-24f8"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
rc.revolvermaps.com/js/r.php?i=21vr2g6pimi&l=https%3A%2F%2Finveststable.ru%2F&r=1663820604903
185.44.104.99200 OK 43 B URL HTTP/1.1 rc.revolvermaps.com/js/r.php?i=21vr2g6pimi&l=https%3A%2F%2Finveststable.ru%2F&r=1663820604903
IP 185.44.104.99:0
ASN #34549 meerfarbig GmbH & Co. KG
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /js/r.php?i=21vr2g6pimi&l=https%3A%2F%2Finveststable.ru%2F&r=1663820604903 HTTP/1.1
Host: rc.revolvermaps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Content-Length: 43
Keep-Alive: timeout=4, max=98
Connection: Keep-Alive
Content-Type: image/gif
investstable.ru/wp-content/plugins/wp-social-likes/js/custom-buttons.js?ver=6.0.2
45.130.41.35200 OK 33 kB URL HTTP/2 investstable.ru/wp-content/plugins/wp-social-likes/js/custom-buttons.js?ver=6.0.2
IP 45.130.41.35:0
Hash ac0faead0e0536cab6bf4f199e0e2619
76004f2b3c901f0f494126cc353d0d340b85ba9e
fe724357842e6e658877c98a3d07c0fa6959b0f81f59cbd855b8e22e08162249
GET /wp-content/plugins/wp-social-likes/js/custom-buttons.js?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-6da"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
45.130.41.35200 OK 16 kB URL HTTP/2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 45.130.41.35:0
Hash 2e43186fd87f3e038c6858330a7f02e7
f2ef23c89a268540e7ed804f4d7a1648255ee798
e817e3883c8a5be9896d6787a18a1126dc0c646e2be99093dea19fe5051a486b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
vary: Accept-Encoding
etag: W/"632880bf-7917"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
rc.revolvermaps.com/w/6/a/a2.php?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0
185.44.104.99200 OK 11 kB URL HTTP/1.1 rc.revolvermaps.com/w/6/a/a2.php?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0
IP 185.44.104.99:0
ASN #34549 meerfarbig GmbH & Co. KG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32541), with no line terminators
Hash 38c061c4a06aa91f396ef1fe99df4ac7
26f80bfb65cf273163e1315f52f68f9973cae1d4
8c8de3862a2ecf26dbb5fd1d040e244d481fa7f1ce1fb349de5ff23ffc7b4a16
GET /w/6/a/a2.php?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1
Host: rc.revolvermaps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:25 GMT
Server: Apache
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=4, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
investstable.ru/wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar.min.js
45.130.41.35200 OK 2.3 kB URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar.min.js
IP 45.130.41.35:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (5370)
Hash 8576ed958e57c8e78686ae1cf9df7dee
152be91a9fc541a9a6d07750a15609bf87aad141
ccf0c3db02df5c4ddc02fa1b111f7eff7aa54841ef9bb2f18cfdc140dfed07e9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar.min.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-1535"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/style.css
45.130.41.35200 OK 11 kB URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/style.css
IP 45.130.41.35:0
Hash 2d1bc9388c76becd9af7d6ca649029e6
614a6f496211bcbd9b197e5de2fe3c721fa79a7f
cab50faa0e8d981a028ff82d3f61901a6db4442c9e3cd7c7396e9b6a4307c9b2
GET /wp-content/themes/elegantwp/style.css HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-11264"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
www.acint.net/mc/?dp=10
185.12.125.25302 Found 154 B IP 185.12.125.25:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /mc/?dp=10 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: text/html
content-length: 154
location: /mc/?dp=10&tc=1
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Thu, 22-Sep-22 04:33:25 GMT
aid=uQx9GmMr4z0yGAC2DC+PAtzKKVYNbhYnlvyheL46I2sqKJCf; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js
45.130.41.35200 OK 6.2 kB URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js
IP 45.130.41.35:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (11701), with CRLF, LF line terminators
Hash 8764b5f36586cadf25df81de151ac404
0872b5d64969381d3756ea48a613640771fef34c
0cfa702e0854a2dad8bee375a44006b516566e777eb0b81adef2412a6de99c36
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-724"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 5ce27a2722c4b3282daf324239bdb076
f24c0a55aad97550975218a01a94a6152bfd427a
a40ad9473b0407b211e372c94ce4a2325a805d10bd4045e9393b197186775671
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:02:48 GMT
ETag: "f24c0a55aad97550975218a01a94a6152bfd427a"
Last-Modified: Thu, 22 Sep 2022 03:02:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 496
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e01bf80afe-OSL
kraken.rambler.ru/userip
81.19.89.18200 OK 12 B IP 81.19.89.18:0
ASN #24638 Rambler Internet Holding LLC
File type ASCII text, with no line terminators
Hash 35b0bce9d250429df012c0426f88d0bd
f81d80af9cbeb0011316fbba3da8002b32251f7a
da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d
GET /userip HTTP/1.1
Host: kraken.rambler.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.4
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: application/octet-stream
content-length: 12
access-control-allow-origin: https://investstable.ru
x-srv: 0kraken-prod0002.ad.rambler.tech
set-cookie: ruid=1CIAAD3jK2N7CqJuASdTWgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
proto_uid=1CIAAD3jK2N7CqJuASdTWgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2019/10/cropped-26939-520-32x32.png
45.130.41.35200 OK 2.4 kB URL HTTP/2 investstable.ru/wp-content/uploads/2019/10/cropped-26939-520-32x32.png
IP 45.130.41.35:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 93f0cd2b3e24f6d8a35bd8960022f7ef
641413117c5083469194ce81347e100a9a57ec62
f6aba205f53b839f33daff5ab64e9fbd4bf6d32252fd0c501704107e0d20ec1c
GET /wp-content/uploads/2019/10/cropped-26939-520-32x32.png HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663820604939; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=0b8e7dea-cc28-4ac9-a90d-4e0f5622228f; adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4%3Ainveststable.ru; top100_id=t1.6699530.320768010.1663820605061; t3_sid_6699530=s1.777191712.1663820605062.1663820605062.1.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/png
content-length: 2402
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-962"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2019/10/cropped-26939-520-192x192.png
45.130.41.35200 OK 50 kB URL HTTP/2 investstable.ru/wp-content/uploads/2019/10/cropped-26939-520-192x192.png
IP 45.130.41.35:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e44d85614d8292ccfd0d2f66283315a7
ba7defd7ea00c5796cc6a5eaf7a3f24e3a7ad596
fd5b43b6831c55cc360e720b2f1dd2ce08d5c086641c69a09a735d18974a340e
GET /wp-content/uploads/2019/10/cropped-26939-520-192x192.png HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663820604939; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=0b8e7dea-cc28-4ac9-a90d-4e0f5622228f; adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4%3Ainveststable.ru; top100_id=t1.6699530.320768010.1663820605061; t3_sid_6699530=s1.777191712.1663820605062.1663820605062.1.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/png
content-length: 50173
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-c3fd"
expires: Sat, 22 Oct 2022 04:23:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 22 Sep 2022 02:41:10 GMT
expires: Thu, 22 Sep 2022 04:41:10 GMT
cache-control: public, max-age=7200
age: 6135
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
freecurrencyrates.com/flags/24/us.png
74.119.195.177200 OK 656 B URL HTTP/1.1 freecurrencyrates.com/flags/24/us.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /flags/24/us.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:19:00 GMT
content-type: image/png
content-length: 656
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-290"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 265
counter.yadro.ru/hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.3680274001724315
88.212.201.198200 OK 795 B URL HTTP/1.1 counter.yadro.ru/hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.3680274001724315
IP 88.212.201.198:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash 0a6723b4cddaa3f9c01670dde4ce4ad6
8d5e93a5015c83243f72c6d0dc7e2b32817b26e1
1dbd5b1cf882a22863f941f7bf1f3c89f0a34950e6aad15f9a27de1525f8ad8b
GET /hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.3680274001724315 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Type: image/gif
Content-Length: 795
Connection: keep-alive
Expires: Tue, 21 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
glopart.ru/uploads/images/563563/5fa33659e4724d789547de912bbe3be8.png
51.250.65.231200 OK 54 kB URL HTTP/2 glopart.ru/uploads/images/563563/5fa33659e4724d789547de912bbe3be8.png
IP 51.250.65.231:0
ASN #200350 Yandex.Cloud LLC
File type PNG image data, 220 x 150, 8-bit/color RGB, non-interlaced\012- data
Hash feb7022cd81177a74fa1cce597a22c5d
a9cc151224b0d3e3ad30c532de2be412f7863c32
bcf62557e5fba352e9873be7c6dc05f01146da67739da6dc9f18e8c495a1a792
GET /uploads/images/563563/5fa33659e4724d789547de912bbe3be8.png HTTP/1.1
Host: glopart.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: image/png
content-length: 54145
etag: "feb7022cd81177a74fa1cce597a22c5d"
last-modified: Sat, 19 Mar 2022 01:43:03 GMT
accept-ranges: bytes
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c3dc89ea2daeec65f3255371661f2b1b
42d925fc09fe78ce664ba07b49883f027a024c5b
055a012e5b0c2d2f0c633da56e79db5744a2aad1d43fd52237fac385128fc7df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2462
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 03:42:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15af330272b65861c93c7f989a284e90
e3cf4e4108bc8e68819f82722fb6ca11392cdb34
7ebccd17f3283cfcd086121a089c9de4699284acf5809695d7a364835518ec1a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0af5c2dcb101c1bc972472be5205bcc0
9776105102f7c307cd95105772211624e6198c8b
7fd86e8d25bf5ed74a813015bb868fa3f5a0ec08829278713fe3f7d914c9823c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FD86E8D25BF5ED74A813015BB868FA3F5A0EC08829278713FE3F7D914C9823C"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6392
Expires: Thu, 22 Sep 2022 06:09:57 GMT
Date: Thu, 22 Sep 2022 04:23:25 GMT
Connection: keep-alive
freecurrencyrates.com/flags/24/ru.png
74.119.195.177200 OK 403 B URL HTTP/1.1 freecurrencyrates.com/flags/24/ru.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /flags/24/ru.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:21:24 GMT
content-type: image/png
content-length: 403
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-193"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 122
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-ca-pub-8209382010145353
142.250.74.34200 OK 58 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-ca-pub-8209382010145353
IP 142.250.74.34:0
File type ASCII text, with very long lines (2903)
Hash 44331e0d46150c5f5408050eae70c8d0
a66165880dd1d7a1459ecda533a841014a196cb2
b73c4f2453b3d507611bf2cdfff7ea28c12bf07336b3a18254d7b5024e9072ce
GET /pagead/js/adsbygoogle.js?client=ca-ca-pub-8209382010145353 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Thu, 22 Sep 2022 04:23:25 GMT
expires: Thu, 22 Sep 2022 04:23:25 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 4542725982730089919
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 58022
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 37MSD4Ug3FWVZlZzMnHXeH8CKGZQ+cWjGqdLilGCtGY1PdA5kZ4cCELQ7OJDrfAvT6plVeg7wLap/rI+VE5p+A==
content-length: 26839
x-fb-trip-id: 1679558926
date: Thu, 22 Sep 2022 04:23:25 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dm-eu.hybrid.ai/match?id=106&vid=1A7D0CB93DE32B63B6001832028F2F0C
37.18.103.21204 No Content 0 B URL HTTP/2 dm-eu.hybrid.ai/match?id=106&vid=1A7D0CB93DE32B63B6001832028F2F0C
IP 37.18.103.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?id=106&vid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 22 Sep 2022 04:23:25 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=f8e26917492f96376841; expires=Fri, 22 Sep 2023 04:23:23 GMT; domain=.hybrid.ai; path=/; samesite=none
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 523
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: Hybrid Web Server
X-Firefox-Spdy: h2
ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
193.3.184.134302 Moved Temporarily 142 B URL HTTP/1.1 ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
IP 193.3.184.134:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c
GET /rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 22 Sep 2022 04:23:25 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=wQO4imMr4z20hQAc3nlPAiIsv1F0L6Obn58+x/8pg8Az+Zv8; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None
freecurrencyrates.com/flags/24/gb.png
74.119.195.177200 OK 1.2 kB URL HTTP/1.1 freecurrencyrates.com/flags/24/gb.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 33a79546e65bf38629ec0bf90a0bcc3d
5afd0a44d0f4c8cadd3fea1ec866ddeb67e4afdd
9d5579d2ae226889e9cc592035a86cbe20c570edbdeb6394ec7ebc23c4246571
GET /flags/24/gb.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:23:12 GMT
content-type: image/png
content-length: 1177
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-499"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f5319213ed93a1c1f299560d39d99afd
a38d0e250c4e9bc99a4e9f2ba29b3ee7e743d4ad
cf04df94490e37316e5a10db1407cf4e70014a3c02bbb01648512466c8e5b102
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6519
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:25 GMT
Last-Modified: Thu, 22 Sep 2022 02:34:46 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
freecurrencyrates.com/flags/24/cn.png
74.119.195.177200 OK 604 B URL HTTP/1.1 freecurrencyrates.com/flags/24/cn.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 933a5fd60bc9e9b3f152937065ba2142
c161d6d280949b5499111704f3e6f94e8b9d4b78
1afc41cd907186a8d6e578fc119c9b491d411ba4f5c33f02eb5714dd0f657fb6
GET /flags/24/cn.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:22:42 GMT
content-type: image/png
content-length: 604
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-25c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 44
freecurrencyrates.com/flags/24/eu.png
74.119.195.177200 OK 909 B URL HTTP/1.1 freecurrencyrates.com/flags/24/eu.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 94eea2fb562263ef9a777380e3eba8fe
3f74d28639adf5c9fc35450da396da37cb43e2c8
f880ef6584845869e5d81b2960b8eb81ec470b88ea8859dd75a2ef80f56fe8dd
GET /flags/24/eu.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:18:48 GMT
content-type: image/png
content-length: 909
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-38d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 277
freecurrencyrates.com/flags/24/ua.png
74.119.195.177200 OK 476 B URL HTTP/1.1 freecurrencyrates.com/flags/24/ua.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 8cf366da149b92da8713850df92cc2a7
8848474af0b13f8912c4e9b97004aad53d186adc
70549240fea1a10a4c0ec5804693af68a23eeaaff15c9cd1883c0138c81847e3
GET /flags/24/ua.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:22:48 GMT
content-type: image/png
content-length: 476
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-1dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 37
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f20a9f003d32172677d295210586486f
88bd861f6a4fc2f7824894709a47245801418315
2feecc37efcb78815586bbccf04f5a9154859c02dcd11d4144207cbe937757b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2FEECC37EFCB78815586BBCCF04F5A9154859C02DCD11D4144207CBE937757B8"
Last-Modified: Wed, 21 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1873
Expires: Thu, 22 Sep 2022 04:54:39 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
ads.adlook.me/csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
5.200.43.131302 Found 0 B URL HTTP/2 ads.adlook.me/csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D
IP 5.200.43.131:0
ASN #48096 Enterprise Cloud Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://acint.net/match?dp=110&euid=9288d38b302542f1adc454827a2bae69
server: Kestrel
set-cookie: adlm_userId=9288d38b302542f1adc454827a2bae69; expires=Thu, 21 Sep 2023 21:00:00 GMT; path=/; SameSite=None; secure
date: Thu, 22 Sep 2022 04:23:25 GMT
content-length: 0
X-Firefox-Spdy: h2
freecurrencyrates.com/flags/24/btc.png
74.119.195.177200 OK 890 B URL HTTP/1.1 freecurrencyrates.com/flags/24/btc.png
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type PNG image data, 24 x 24, 4-bit colormap, non-interlaced\012- data
Hash ee5ca44996167f948e9a7ef54687c16c
e05e6b5d566a829628f7d4f8f577128979bf4e6c
dae692b8bba4d06e448f9724b4787312125a21b78b92e54b6496606f4e6d6055
GET /flags/24/btc.png HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:20:55 GMT
content-type: image/png
content-length: 890
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-37a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 151
status.geotrust.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 97e124df64b07a232caedf15c86719a4
96208dc99ceb483f516f78b1c183f7a47cf16040
fb1694f585fc023ab490f8dfc0100ef09bb84408672c1d228580ac861e7ddc9b
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5364
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 02:54:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
status.geotrust.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 97e124df64b07a232caedf15c86719a4
96208dc99ceb483f516f78b1c183f7a47cf16040
fb1694f585fc023ab490f8dfc0100ef09bb84408672c1d228580ac861e7ddc9b
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5364
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 02:54:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 136a78fb443220cd8d45cdca37f8b017
72957e4dadfa484c88ca302bfa53af608d4d9441
b2fa65f54a89dabb14998908b24e8deafd7c524dcbc8ed6fa6d9c5750ebac214
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:04:16 GMT
ETag: "72957e4dadfa484c88ca302bfa53af608d4d9441"
Last-Modified: Thu, 22 Sep 2022 03:04:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1974
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e38df20afe-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 136a78fb443220cd8d45cdca37f8b017
72957e4dadfa484c88ca302bfa53af608d4d9441
b2fa65f54a89dabb14998908b24e8deafd7c524dcbc8ed6fa6d9c5750ebac214
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:04:16 GMT
ETag: "72957e4dadfa484c88ca302bfa53af608d4d9441"
Last-Modified: Thu, 22 Sep 2022 03:04:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1974
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e3ae020afe-OSL
sync.republer.com/match?dsp=sape
23.88.82.46204 No Content 0 B URL HTTP/2 sync.republer.com/match?dsp=sape
IP 23.88.82.46:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?dsp=sape HTTP/1.1
Host: sync.republer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
acint.net/match?dp=110&euid=9288d38b302542f1adc454827a2bae69
185.12.125.25200 OK 43 B URL HTTP/2 acint.net/match?dp=110&euid=9288d38b302542f1adc454827a2bae69
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=110&euid=9288d38b302542f1adc454827a2bae69 HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
acint.net/match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE
185.12.125.25200 OK 43 B URL HTTP/2 acint.net/match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=14&euid=8AB803C13DE32B631C0085B4024F79DE HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
a.utraff.com/sync?ssp=sape
172.67.217.151204 No Content 0 B URL HTTP/2 a.utraff.com/sync?ssp=sape
IP 172.67.217.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=sape HTTP/1.1
Host: a.utraff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: text/plain
set-cookie: preutid=1; Expires=Sat, 22 Oct 2022 07:23:26 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/
preutid=1; Expires=Sat, 22 Oct 2022 07:23:26 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTIM4NSRSuxBe7Z0x%2Fyw3Hkxo91WsWGHD5xNwl%2FRPvIIMSB3k55P4wXpgc7gYqTgqEugBj1JBLhHaV107kLzmX%2B1Y3qaG749cSwYwzY%2FLN8A3kaq5rm5%2FUS1CuQY%2BTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e843e33a59fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter?id=2554513;t=466;l=1
95.163.52.67302 Found 0 B URL HTTP/2 top-fwz1.mail.ru/counter?id=2554513;t=466;l=1
IP 95.163.52.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /counter?id=2554513;t=466;l=1 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?id=2554513;t=466;l=1
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C
78.46.100.125302 Found 0 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C
IP 78.46.100.125:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT; SameSite=None; Secure
uid-legacy=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT
location: /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1
X-Firefox-Spdy: h2
freecurrencyrates.com/font/roboto.googlefonts/Roboto-Medium.woff2
74.119.195.177200 OK 62 kB URL HTTP/1.1 freecurrencyrates.com/font/roboto.googlefonts/Roboto-Medium.woff2
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type Web Open Font Format (Version 2), TrueType, length 62228, version 2.0\012- data
Hash 4a6c203d3f824fa9ce159965a0ab3156
024f9f4466d9eca4b612629001b32dbaff3c5b6f
e9817ff441c7044f2d126a3e12b02f624bd2fff669e3f6092d9c92324313df13
GET /font/roboto.googlefonts/Roboto-Medium.woff2 HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:18:44 GMT
content-type: application/octet-stream
content-length: 62228
last-modified: Sun, 03 Jul 2016 17:43:11 GMT
etag: "57794eaf-f314"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 281
ut.rktch.com/matchspm?pi=1000005&pui=1A7D0CB93DE32B63B6001832028F2F0C
89.108.97.2302 Found 0 B URL HTTP/1.1 ut.rktch.com/matchspm?pi=1000005&pui=1A7D0CB93DE32B63B6001832028F2F0C
IP 89.108.97.2:0
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /matchspm?pi=1000005&pui=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: ut.rktch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
Set-Cookie: b_uid=732678de9bc285cf80ef083629712be434ce; Max-Age=2592000; Expires=Sat, 22 Oct 2022 04:23:26 GMT; Domain=rktch.com; Secure; SameSite=None
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f04ce05b42a0c19c66bdcb839d5f97b7
7f15a94279ecffa259a9ad47bb02d7e9228a11e8
1cd1234da8a72142c30b03e8225178bbf3ee10b26e9543692227fc6333d3c5a5
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:07:55 GMT
ETag: "7f15a94279ecffa259a9ad47bb02d7e9228a11e8"
Last-Modified: Thu, 22 Sep 2022 03:07:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3316
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e40ac0b523-OSL
informer.yandex.ru/informer/25781042/3_0_375139FF_173119FF_1_pageviews
87.250.250.119200 OK 1.4 kB URL HTTP/2 informer.yandex.ru/informer/25781042/3_0_375139FF_173119FF_1_pageviews
IP 87.250.250.119:0
File type PNG image data, 88 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash 233e41aee2e901f6bccedb722c78b9a5
e7ba743d2d344fd68e483b193733a204cd76f727
3b7a76217d240520da0b88d950dd438fdf5c39a3a7e8bcca79436abbb7b25211
GET /informer/25781042/3_0_375139FF_173119FF_1_pageviews HTTP/1.1
Host: informer.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 1414
last-modified: Thu, 22-Sep-2022 04:23:26 GMT
content-type: image/png
pragma: no-cache
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:26 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3a85e065fb3d37ea4379348f49aebf1d
f409134b5dda18d4b84b066712235a998cefecd3
c634ad12a5e310d19a3eb677c2df49830a1b9c0866c39060d7a72213a6a7ad83
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C634AD12A5E310D19A3EB677C2DF49830A1B9C0866C39060D7A72213A6A7AD83"
Last-Modified: Thu, 22 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15911
Expires: Thu, 22 Sep 2022 08:48:37 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91fef14af07501cbfe3aa878f2b6fe62
14777b99d4fec0d1af12964d20c0bb9a5f9dc282
98eb4f13374017f6a9ffa4c8098d19c2bad0060407d05dfad0dd1178dec9b2a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98EB4F13374017F6A9FFA4C8098D19C2BAD0060407D05DFAD0DD1178DEC9B2A5"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9686
Expires: Thu, 22 Sep 2022 07:04:52 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1
78.46.100.125200 OK 35 B URL HTTP/2 sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1
IP 78.46.100.125:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=1A7D0CB93DE32B63B6001832028F2F0C&cs=1 HTTP/1.1
Host: sync.1dmp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 35
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT; SameSite=None; Secure
uid-legacy=4d72a8e0-3a2e-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Fri, 22 Sep 2023 04:23:26 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b0549cb56b50a5b9c7eace7ebed561d0
4b412bf232649631a080f0b693726aa3fd768401
001910dd201cd45c40ee95296f514d936bff35622c0bd8f88c4e03fc16f489a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "001910DD201CD45C40EE95296F514D936BFF35622C0BD8F88C4E03FC16F489A9"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4733
Expires: Thu, 22 Sep 2022 05:42:19 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
sync.dmp.otm-r.com/match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C
195.201.8.30204 No Content 0 B URL HTTP/2 sync.dmp.otm-r.com/match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C
IP 195.201.8.30:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: sync.dmp.otm-r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.21.6
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c7ca79d72f3bb10c15342f56e9ada97
faa1ae6c5664dbc8fb0a61607bad123c33230c70
9ff0f01363dbfb8a16c5ba064b6ad8aaaf50c69cd6181e65c41ac1e46cf891ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FF0F01363DBFB8A16C5BA064B6AD8AAAF50C69CD6181E65C41AC1E46CF891AD"
Last-Modified: Tue, 20 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3589
Expires: Thu, 22 Sep 2022 05:23:15 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
185.147.80.35302 Found 0 B URL HTTP/1.1 ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D
IP 185.147.80.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D HTTP/1.1
Host: ssp.bestssp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.16.1
Date: Thu, 22 Sep 2022 04:23:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.acint.net/match?dp=95&euid=YUDLUPZX
Set-Cookie: uid=YUDLUPZX; Expires=Thu, 22 Sep 2032 00:00:00 GMT; mf2=1; Expires=Sat, 22 Oct 2022 00:00:00 GMT;
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 11534d2a984cddccf1616ac185818bec
579f97ed00fdddafb037f7e66fe0c30d1488ed28
76ff37db05adde13ea3133803a3cdb259411857bf1f412f084440f20857dea48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76FF37DB05ADDE13EA3133803A3CDB259411857BF1F412F084440F20857DEA48"
Last-Modified: Wed, 21 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16687
Expires: Thu, 22 Sep 2022 09:01:33 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
match.new-programmatic.com/userbind?src=sape&id=1A7D0CB93DE32B63B6001832028F2F0C
217.65.2.150204 No Content 0 B URL HTTP/1.1 match.new-programmatic.com/userbind?src=sape&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 217.65.2.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /userbind?src=sape&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: match.new-programmatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.22.0
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Vary: Origin
sync.upravel.com/sape/sync
148.251.236.118302 Found 0 B URL HTTP/2 sync.upravel.com/sape/sync
IP 148.251.236.118:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/png
content-length: 0
location: https://sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
set-cookie: session_tptc=1663820606145;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
session_tptc-legacy=1663820606145;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
nr.bidderstack.com/sape/cm?user_id=1A7D0CB93DE32B63B6001832028F2F0C
46.4.70.80200 OK 44 B URL HTTP/1.1 nr.bidderstack.com/sape/cm?user_id=1A7D0CB93DE32B63B6001832028F2F0C
IP 46.4.70.80:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash f9d60352c70a2ba15616d1c9421f3844
e9abc8bea7721a4b6a50295850d13c515006a95c
82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9
GET /sape/cm?user_id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: nr.bidderstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: image/gif
Content-Length: 44
Connection: keep-alive
Set-Cookie: uid=5b053f66-22be-42ec-b77f-4f08e3741fba; domain=.bidderstack.com; path=/; expires=Fri, 22-Sep-2023 04:23:26 GMT;
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d55db53fcebb4f51429de306e63545a7
87522c33be4f0a7767dd60551ab9cfc9958e9e4d
0c3b6835b2e7aa2bb66466305608b1ab6236431fadafa3a6fe32530f516dc23a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C3B6835B2E7AA2BB66466305608B1AB6236431FADAFA3A6FE32530F516DC23A"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10258
Expires: Thu, 22 Sep 2022 07:14:24 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
s.uuidksinc.net/match/396/?remote_uid=1A7D0CB93DE32B63B6001832028F2F0C
31.220.27.134302 Found 0 B URL HTTP/2 s.uuidksinc.net/match/396/?remote_uid=1A7D0CB93DE32B63B6001832028F2F0C
IP 31.220.27.134:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/396/?remote_uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://www.acint.net/match?dp=127&euid=yIwAbFDfg6sY9BTrzowV
set-cookie: jcsuuid=yIwAbFDfg6sY9BTrzowV; expires=Fri, 22 Sep 2023 04:23:26 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
ssp.bidvol.com/usersync?dspcsid=8&redirect=1
65.108.1.47302 Found 43 B URL HTTP/2 ssp.bidvol.com/usersync?dspcsid=8&redirect=1
IP 65.108.1.47:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /usersync?dspcsid=8&redirect=1 HTTP/1.1
Host: ssp.bidvol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.23.0
date: Thu, 22 Sep 2022 04:23:26 GMT
x-request-id: 3edf7383-2a83-4e94-a22e-9d81779aa3ba
set-cookie: bvuid=ypsz5uwkkv; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None
bvuid2=ypsz5uwkkv; Max-Age=2147483647; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
location: https://www.acint.net/match?dp=129&euid=ypsz5uwkkv
X-Firefox-Spdy: h2
www.acint.net/match?dp=95&euid=YUDLUPZX
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=95&euid=YUDLUPZX
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=95&euid=YUDLUPZX HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ff598de96a0c9d468c76598aef375b3
93cabc937a938866e78d28c74977eb12d0902ba7
1f466df82a3caaba6e6c4fa8157b943874477c2f0c001c5f73e660d9549f0d00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F466DF82A3CAABA6E6C4FA8157B943874477C2F0C001C5F73E660D9549F0D00"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15010
Expires: Thu, 22 Sep 2022 08:33:36 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b8af0969096ba66a33e914033d107d7b
aebee3a96cea231a0783a21220205be0b72058a7
58e271f1b73aa23e0a0338cd99f3f0f203807e4057f05d50f230bdd9a991b1ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 15:41:05 GMT
Expires: Tue, 27 Sep 2022 15:41:04 GMT
Etag: "aebee3a96cea231a0783a21220205be0b72058a7"
Cache-Control: max-age=472057,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e489f4b4f9-OSL
sync.bumlam.com/?src=sap1&uid=1A7D0CB93DE32B63B6001832028F2F0C
31.172.81.160302 Moved Temporarily 0 B URL HTTP/1.1 sync.bumlam.com/?src=sap1&uid=1A7D0CB93DE32B63B6001832028F2F0C
IP 31.172.81.160:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Wed, 17 Sep 2042 04:23:26 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3
ETag: 4d86869e-3a2e-11ed-8644-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
stat.adlabs.ru/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
109.248.237.36302 Found 0 B URL HTTP/2 stat.adlabs.ru/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 109.248.237.36:0
ASN #201009 Centre of server systems Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: stat.adlabs.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:11:05 GMT
content-length: 0
location: //adlmerge.com/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
X-Firefox-Spdy: h2
mediatoday.ru/core/match.gif?s=32&id=1A7D0CB93DE32B63B6001832028F2F0C
139.45.228.111200 OK 43 B URL HTTP/2 mediatoday.ru/core/match.gif?s=32&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 139.45.228.111:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /core/match.gif?s=32&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: mediatoday.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.22.0
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
p3p: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
cache-control: no-cache, max-age=0, must-revalidate, no-store
pragma: no-cache
expires: Thursday, 01-Jan-1970 00:00:00 GMT
set-cookie: idntfy=VUz5fGQurjcAGsY; expires=Sun, 19-Sep-2032 04:23:26 GMT; domain=mediatoday.ru; path=/core; SameSite=None; Secure
X-Firefox-Spdy: h2
www.acint.net/match?dp=127&euid=yIwAbFDfg6sY9BTrzowV
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=127&euid=yIwAbFDfg6sY9BTrzowV
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=127&euid=yIwAbFDfg6sY9BTrzowV HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15af330272b65861c93c7f989a284e90
e3cf4e4108bc8e68819f82722fb6ca11392cdb34
7ebccd17f3283cfcd086121a089c9de4699284acf5809695d7a364835518ec1a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c3dc89ea2daeec65f3255371661f2b1b
42d925fc09fe78ce664ba07b49883f027a024c5b
055a012e5b0c2d2f0c633da56e79db5744a2aad1d43fd52237fac385128fc7df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2463
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 03:42:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
cs.agency2.ru/p?ssp=sp&uid=1A7D0CB93DE32B63B6001832028F2F0C
23.111.107.44301 Moved Permanently 0 B URL HTTP/1.1 cs.agency2.ru/p?ssp=sp&uid=1A7D0CB93DE32B63B6001832028F2F0C
IP 23.111.107.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sp&uid=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: cs.agency2.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: keep-alive
Server: fasthttp
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.acint.net/match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684
Set-Cookie: uuid=db43a2ab-80b8-4b99-8552-6f6a55442684; expires=Wed, 13 Sep 2023 04:23:26 GMT; domain=agency2.ru; path=/; secure; SameSite=None
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
X-Host: 23.111.107.44
sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
148.251.236.118302 Found 0 B URL HTTP/2 sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
IP 148.251.236.118:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0 HTTP/1.1
Host: sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: session_tptc=1663820606145
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/png
content-length: 0
location: https://b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com/sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19
set-cookie: user_id=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 856835c6c101421c02f097aadb367da2
d3c0ed1397634edc3f957d14f8f51ec052a0f57d
f6f2f35a035fd5c2f8d1eab96c5781c9cd1c9dea792d010fcb1fc9f267110c55
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 26 Sep 2022 00:07:10 GMT
ETag: "d3c0ed1397634edc3f957d14f8f51ec052a0f57d"
Last-Modified: Thu, 22 Sep 2022 00:07:11 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1495
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e50ec00afe-OSL
exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
138.201.34.239301 Moved Permanently 115 B URL HTTP/2 exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
IP 138.201.34.239:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 10f48967cd928a161ecc4fe02022e934
e42e5135d3c585472145b8038904a7048bf04cc4
db1af76cc19d7a2fbea559e293490c22cd671de9d43da0eae1c52e1de6c427fc
GET /cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP/1.1
Host: exchange.buzzoola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: text/html; charset=utf-8
content-length: 115
location: https://www.acint.net/match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98
serverid: TODO
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 27e20c7dbfa3e9cb49571531093d3023
a0f047f86b421891cef771da8171160e831a8471
f25ce8f6f6a4fe1fda545849cc37eada3d1f12779d6411b02fcd16e5345e6d5d
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72207
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
etag: "63295b76-11a0f"
expires: Thu, 22 Sep 2022 05:23:26 GMT
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
www.acint.net/match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=186&euid=db43a2ab-80b8-4b99-8552-6f6a55442684 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36673ded-0a09-4aa6-b4c8-c3e3be3b0e4a.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36673ded-0a09-4aa6-b4c8-c3e3be3b0e4a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b5c8545323317489392c1f56707078e
fcc0cdd72a5c97f13b0c59e5b39e06a6add18a9c
c79efda3b792026233b13c07a2c69e3dff0fdbccfb081c768ffc7e52aa744668
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36673ded-0a09-4aa6-b4c8-c3e3be3b0e4a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8058
x-amzn-requestid: 78d8a4f9-b85f-4055-a17e-90ccd231e462
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshUOE7jIAMFm-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632815b4-7d0717045b5fd71d5a41ccdb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:09:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Y-EsbrGZSY3WtqlLDDm4MLHjqeLlrzjqCRsSt7r_jSXr0LswkHP_yQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 13:08:32 GMT
age: 54894
etag: "fcc0cdd72a5c97f13b0c59e5b39e06a6add18a9c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f4b0.svg
192.0.77.48200 OK 1.6 kB URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f4b0.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2649)
Hash 2a8a33739fa4ecd2023f5ee79122012f
1583a224aa3913d9dc334c2132d595e760767b15
ceb4a7a9a2c0272ae1ec068b1e759916cdb2b51814c750dc670132879b09b6f7
GET /images/core/emoji/14.0.0/svg/1f4b0.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:50:59 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 888247c1153f8770b880395734749107
7c27c02029eb49e726a076679be2c793da696e45
515852e0d38cdaf86bce45fa5e0df453d08ca36cf6ecfa0c4b868c2143afe333
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f33332-2080-459e-ab54-a452b2278994.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8748
x-amzn-requestid: 83c28267-4d10-476d-8b11-08b48b046985
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG6CGtroAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab840-1167c5285b6837d311bfe2a9;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xo0ilY8z0C3rDISFOM5EixEK7HAelSut4hgNNwGYAVQIfPP8C6pUCg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:08:33 GMT
age: 76493
etag: "7c27c02029eb49e726a076679be2c793da696e45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.acint.net/match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=126&euid=fb75b094-2aec-41ea-5e8d-5a689933be98 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
sync.bumlam.com/?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3
31.172.81.160200 OK 0 B URL HTTP/1.1 sync.bumlam.com/?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3
IP 31.172.81.160:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?src=sap1&s_data=CAIQARi-xq-ZBmIgMUE3RDBDQjkzREUzMkI2M0I2MDAxODMyMDI4RjJGMEOiARBNhoaeOi4R7YZEACWQyCQ3 HTTP/1.1
Host: sync.bumlam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ0ZDg2ODY5ZS0zYTJlLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Wed, 17 Sep 2042 04:23:26 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a504981ee10d8341b64f19001464ae8a
56f228d7358ba9deef000f53214dc7c1dc358109
0ea3b6ed12f3adf9d56e7d9b61f284d28107d99f28ee4e66b4c078a9a1a0cbee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8861
x-amzn-requestid: 873e88ab-7afc-4b14-b428-d90ec2079741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO2wuE0AoAMF7Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3804-0d25ab397a16c78907914e23;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:08:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E3CxTY9UbUKfKS16_Os-lp6w8b_bIIbWqcIzaGOOc0iwrSOzj6NNqQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 03:25:37 GMT
age: 3469
etag: "56f228d7358ba9deef000f53214dc7c1dc358109"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62818de3c50f957b2e5680851a1768c9
80e48c9ae48c89598780736b089c98e22d58df9a
16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UoQTXSP0LgR4LwELp2Avm27hUekfO9TU9yfvNbIlmUtB-FrU9MGRbg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 23707
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 77f9b5e468180a8976a641e40dceedbf
9873db160721dc9f41d3ff2d711db700d6f5d4d7
cae6929c00ed37fc097432c9ac1d6800244479d3877b17662c67bafeeff23aba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
googleads.g.doubleclick.net/pagead/html/r20220919/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220919/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 682bf699cccbc0ff817e1fcb7b95262a
11ad3edf0008f52b733c2d6d7199e1f052318d58
bd42f773d589f85cf6884d7893746d5d4e0c082f78e1c80511cf3aefa1c69a0f
GET /pagead/html/r20220919/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4420
x-xss-protection: 0
date: Wed, 21 Sep 2022 21:20:10 GMT
expires: Wed, 05 Oct 2022 21:20:10 GMT
cache-control: public, max-age=1209600
age: 25396
etag: 9671129459699598864
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
95.163.52.67302 Found 0 B URL HTTP/2 top-fwz1.mail.ru/counter?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
IP 95.163.52.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /counter?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
top-fwz1.mail.ru/counter2?id=2554513;t=466;l=1
95.163.52.67200 OK 2.3 kB URL HTTP/2 top-fwz1.mail.ru/counter2?id=2554513;t=466;l=1
IP 95.163.52.67:0
File type GIF image data, version 89a, 88 x 31\012- data
Hash 4b0d802be8f2c256469952346e56c217
2115bcac7bfdd652e4cbd6783fcde60a775fabc6
875d7705bb527a94f8c347cf5533758bf60d1a3af2f817cecd5bf220dfce47bf
GET /counter2?id=2554513;t=466;l=1 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 2289
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
1a7d0cb93de32b63b6001832028f2f0c-sp.ops.beeline.ru/p?ssp=sp&id=1A7D0CB93DE32B63B6001832028F2F0C
37.9.245.57301 Moved Permanently 0 B URL HTTP/2 1a7d0cb93de32b63b6001832028f2f0c-sp.ops.beeline.ru/p?ssp=sp&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 37.9.245.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sp&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: 1a7d0cb93de32b63b6001832028f2f0c-sp.ops.beeline.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://www.acint.net/match?dp=111&euid=c04305e3-b912-4632-a550-116e16c3088d
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: BeeAID=c04305e3-b912-4632-a550-116e16c3088d; expires=Wed, 13 Sep 2023 04:23:26 GMT; domain=ops.beeline.ru; path=/; secure; SameSite=None
access-control-allow-credentials: true, true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
x-route: http://upstream_cookiesync
x-host: 192.168.152.34
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 22 Sep 2022 06:02:26 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c92e76-c63f-4c49-a4f1-56d030e97e10.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c92e76-c63f-4c49-a4f1-56d030e97e10.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37687ec8382ef481897d1e65bf14010a
6ce495268093b256875ec1c4d6a05fc1f3d25446
24cc6f8715bb5b0b8a27a3f40831f9fed6cc4c5a882622633e1865dca6e50531
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c92e76-c63f-4c49-a4f1-56d030e97e10.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3372
x-amzn-requestid: 10d24c22-0b3d-402b-9a10-6cbfc9a699a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG5QHJRoAMFaPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab83b-37ba740c7eba56b30e2ea528;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:39 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VM9vtBQFJEEX58Q_SYVC7L18jDp-kxDCIk1QMjyaaLc6DNUSJ9uivg==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:08:36 GMT
age: 76490
etag: "6ce495268093b256875ec1c4d6a05fc1f3d25446"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
freecurrencyrates.com/font/roboto.googlefonts/Roboto-Regular.woff2
74.119.195.177200 OK 62 kB URL HTTP/1.1 freecurrencyrates.com/font/roboto.googlefonts/Roboto-Regular.woff2
IP 74.119.195.177:0
ASN #43624 Pq Hosting S.r.l.
File type Web Open Font Format (Version 2), TrueType, length 61604, version 2.0\012- data
Hash 8eec98e0eb4f8d9f82fa2c1adbd327fd
87a0c5824a950d21f3b93d42e82ccc033e3b5329
f05b6f9877fc4a3f9b4587aba72a9c63c60ce1e26398993498187816366de818
GET /font/roboto.googlefonts/Roboto-Regular.woff2 HTTP/1.1
Host: freecurrencyrates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx/1.18.0
date: Thu, 22 Sep 2022 04:22:46 GMT
content-type: application/octet-stream
content-length: 61604
last-modified: Sun, 03 Jul 2016 17:43:11 GMT
etag: "57794eaf-f0a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 40
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f5319213ed93a1c1f299560d39d99afd
a38d0e250c4e9bc99a4e9f2ba29b3ee7e743d4ad
cf04df94490e37316e5a10db1407cf4e70014a3c02bbb01648512466c8e5b102
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 02:34:46 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2a93061bd322ab19506481e93b8747af
763cd2ef97bb14ea8d9681f7cb0e549e6ccb4132
298bef3425e2cb72335ce485f94ae41ee7eb69a588011d0ef8934c48138de71d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 23:26:47 GMT
Expires: Wed, 28 Sep 2022 23:26:46 GMT
Etag: "763cd2ef97bb14ea8d9681f7cb0e549e6ccb4132"
Cache-Control: max-age=586399,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e4aa230b02-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 826155b5ffc8b2b7f76d5900474d8ebd
edec4211b869f523f9567c35428578af1de7749e
0d90c8dfeeca5dae2c8ea3c648735a85146196a74f308775d6426aa37142b0af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D90C8DFEECA5DAE2C8EA3C648735A85146196A74F308775D6426AA37142B0AF"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17948
Expires: Thu, 22 Sep 2022 09:22:34 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 77f9b5e468180a8976a641e40dceedbf
9873db160721dc9f41d3ff2d711db700d6f5d4d7
cae6929c00ed37fc097432c9ac1d6800244479d3877b17662c67bafeeff23aba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kraken.rambler.ru/cnt/?et=pv&v=3.10.9&pid=6699530&tid=t1.6699530.320768010.1663820605061&rid=1663820605.06-150034304&fid=pA8AAENKs1er0heJAXvnWwA%3D&fip=pA8AAENKs1dky%2B7aATvR3QA%3D&aduid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&aduidsc=investstable.ru&stid=777191712_1663820605062&sn=1&sen=0&en=UTF-8&ce=1&bs=1268x939&rf&pt=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&sr=1280x1024&cd=24-bit&la=en-US&ja=0&acn=Mozilla&an=Netscape&pl=Linux%20x86_64&tz=0&le=2&ct=web&url=https%3A%2F%2Finveststable.ru%2F&lv&exp=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&meta=%7B%22is_first%22%3A1%7D&rn=461899263&eid=501860531031730
81.19.89.18200 OK 595 B URL HTTP/2 kraken.rambler.ru/cnt/?et=pv&v=3.10.9&pid=6699530&tid=t1.6699530.320768010.1663820605061&rid=1663820605.06-150034304&fid=pA8AAENKs1er0heJAXvnWwA%3D&fip=pA8AAENKs1dky%2B7aATvR3QA%3D&aduid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&aduidsc=investstable.ru&stid=777191712_1663820605062&sn=1&sen=0&en=UTF-8&ce=1&bs=1268x939&rf&pt=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&sr=1280x1024&cd=24-bit&la=en-US&ja=0&acn=Mozilla&an=Netscape&pl=Linux%20x86_64&tz=0&le=2&ct=web&url=https%3A%2F%2Finveststable.ru%2F&lv&exp=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&meta=%7B%22is_first%22%3A1%7D&rn=461899263&eid=501860531031730
IP 81.19.89.18:0
ASN #24638 Rambler Internet Holding LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash ab7587316a539078f47cbc113810a1eb
27e636702c39cc363b5fcdbdb463d84d023de8a3
292ec7c404a8403839ffe25a1dffc0369d499e43e3e584d525016eaa0681db25
GET /cnt/?et=pv&v=3.10.9&pid=6699530&tid=t1.6699530.320768010.1663820605061&rid=1663820605.06-150034304&fid=pA8AAENKs1er0heJAXvnWwA%3D&fip=pA8AAENKs1dky%2B7aATvR3QA%3D&aduid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&aduidsc=investstable.ru&stid=777191712_1663820605062&sn=1&sen=0&en=UTF-8&ce=1&bs=1268x939&rf&pt=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&sr=1280x1024&cd=24-bit&la=en-US&ja=0&acn=Mozilla&an=Netscape&pl=Linux%20x86_64&tz=0&le=2&ct=web&url=https%3A%2F%2Finveststable.ru%2F&lv&exp=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&meta=%7B%22is_first%22%3A1%7D&rn=461899263&eid=501860531031730 HTTP/1.1
Host: kraken.rambler.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.4
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 595
last-modified: Tue, 12 Nov 2019 12:50:59 GMT
etag: "5dcaaab3-253"
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: content-type
access-control-allow-credentials: true
x-srv: 0kraken-prod0002.ad.rambler.tech
set-cookie: ruid=1CIAAD7jK2OEChtwAbSuWQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
proto_uid=1CIAAD7jK2OEChtwAbSuWQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
accept-ranges: bytes
X-Firefox-Spdy: h2
kraken.rambler.ru/cnt/v2/?event_name=page_view&event_type=base&project_id=6699530&request_id=1663820605.06-150034304&event_id=509460531174430&meta=%7B%22browser_size%22%3A%221268x939%22%2C%22title%22%3A%22%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.%22%2C%22screen_size%22%3A%7B%22cr%22%3A1280%2C%22hr%22%3A1024%7D%2C%22color_depth%22%3A%2224-bit%22%2C%22language%22%3A%22en-US%22%2C%22browser%22%3A%22Netscape%22%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22timezone%22%3A0%2C%22referer%22%3A%22%22%2C%22is_first%22%3A1%7D&url=https%3A%2F%2Finveststable.ru%2F&session_id=777191712_1663820605062&session_number=1&session_event_number=1&tid=t1.6699530.320768010.1663820605061&adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&adtech_uid_scope=investstable.ru&fingerprint=pA8AAENKs1er0heJAXvnWwA%3D&fingerprint_ip=pA8AAENKs1dky%2B7aATvR3QA%3D&version=3.10.9&counter_type=web&experiment=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&rn=1178247215
81.19.89.18200 OK 595 B URL HTTP/2 kraken.rambler.ru/cnt/v2/?event_name=page_view&event_type=base&project_id=6699530&request_id=1663820605.06-150034304&event_id=509460531174430&meta=%7B%22browser_size%22%3A%221268x939%22%2C%22title%22%3A%22%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.%22%2C%22screen_size%22%3A%7B%22cr%22%3A1280%2C%22hr%22%3A1024%7D%2C%22color_depth%22%3A%2224-bit%22%2C%22language%22%3A%22en-US%22%2C%22browser%22%3A%22Netscape%22%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22timezone%22%3A0%2C%22referer%22%3A%22%22%2C%22is_first%22%3A1%7D&url=https%3A%2F%2Finveststable.ru%2F&session_id=777191712_1663820605062&session_number=1&session_event_number=1&tid=t1.6699530.320768010.1663820605061&adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&adtech_uid_scope=investstable.ru&fingerprint=pA8AAENKs1er0heJAXvnWwA%3D&fingerprint_ip=pA8AAENKs1dky%2B7aATvR3QA%3D&version=3.10.9&counter_type=web&experiment=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&rn=1178247215
IP 81.19.89.18:0
ASN #24638 Rambler Internet Holding LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash ab7587316a539078f47cbc113810a1eb
27e636702c39cc363b5fcdbdb463d84d023de8a3
292ec7c404a8403839ffe25a1dffc0369d499e43e3e584d525016eaa0681db25
GET /cnt/v2/?event_name=page_view&event_type=base&project_id=6699530&request_id=1663820605.06-150034304&event_id=509460531174430&meta=%7B%22browser_size%22%3A%221268x939%22%2C%22title%22%3A%22%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.%22%2C%22screen_size%22%3A%7B%22cr%22%3A1280%2C%22hr%22%3A1024%7D%2C%22color_depth%22%3A%2224-bit%22%2C%22language%22%3A%22en-US%22%2C%22browser%22%3A%22Netscape%22%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22timezone%22%3A0%2C%22referer%22%3A%22%22%2C%22is_first%22%3A1%7D&url=https%3A%2F%2Finveststable.ru%2F&session_id=777191712_1663820605062&session_number=1&session_event_number=1&tid=t1.6699530.320768010.1663820605061&adtech_uid=7ac34b03-0ef2-4352-bd4b-e03a79275fd4&adtech_uid_scope=investstable.ru&fingerprint=pA8AAENKs1er0heJAXvnWwA%3D&fingerprint_ip=pA8AAENKs1dky%2B7aATvR3QA%3D&version=3.10.9&counter_type=web&experiment=%5B%5B%22exp_bot%22%2C%22split_a%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&rn=1178247215 HTTP/1.1
Host: kraken.rambler.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.4
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 595
last-modified: Tue, 12 Nov 2019 12:50:59 GMT
etag: "5dcaaab3-253"
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: content-type
access-control-allow-credentials: true
x-srv: 0kraken-prod0002.ad.rambler.tech
set-cookie: ruid=1CIAAD7jK2OEChtwAbWuWQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
proto_uid=1CIAAD7jK2OEChtwAbWuWQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
accept-ranges: bytes
X-Firefox-Spdy: h2
dmp.gotechnology.io/match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C
142.132.209.138302 Found 0 B URL HTTP/2 dmp.gotechnology.io/match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C
IP 142.132.209.138:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: dmp.gotechnology.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://dmp.gotechnology.io/match/sape?id=1A7D0CB93DE32B63B6001832028F2F0C&chk=1
set-cookie: chk=1; path=/; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com/sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19
176.9.8.252302 Found 0 B URL HTTP/2 b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com/sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19
IP 176.9.8.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19 HTTP/1.1
Host: b8885a49-6ba9-421d-8a3b-9196aefe5ad8.sync.upravel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: session_tptc=1663820606145; user_id=b8885a49-6ba9-421d-8a3b-9196aefe5ad8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/png
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: user_id=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
user_id-legacy=b8885a49-6ba9-421d-8a3b-9196aefe5ad8;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
location: https://www.acint.net/match?dp=71&euid=b8885a49-6ba9-421d-8a3b-9196aefe5ad8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2
www.acint.net/match?dp=111&euid=c04305e3-b912-4632-a550-116e16c3088d
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=111&euid=c04305e3-b912-4632-a550-116e16c3088d
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=111&euid=c04305e3-b912-4632-a550-116e16c3088d HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
www.acint.net/match?dp=71&euid=b8885a49-6ba9-421d-8a3b-9196aefe5ad8
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=71&euid=b8885a49-6ba9-421d-8a3b-9196aefe5ad8
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=71&euid=b8885a49-6ba9-421d-8a3b-9196aefe5ad8 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter2?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
95.163.52.67200 OK 43 B URL HTTP/2 top-fwz1.mail.ru/counter2?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144
IP 95.163.52.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /counter2?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;title=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1663820605847%3A1663820605869%3A1%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga;visible=true;_=0.405147068190144 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
set-cookie: FTID=1RMYgQ0tkIIC:1663820606:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 682477608532cf0f939b82148a7d996c
53f5564723f8ca88bf990fb2e4de8ffd8000c96f
4f89314a758da9c42d7ab1c97f8794e3c10ed59112f6bad7f02f8b63fc24a3a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
etag: "63295b76-2b"
expires: Thu, 22 Sep 2022 05:23:26 GMT
accept-ranges: bytes
last-modified: Tue, 20 Sep 2022 09:19:34 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f85caa32cfc5c68ae9d37dac5075d086
d98cb95e042dfdf7fcfe0bef3d83624a970ee7ab
c1d5882e2ccbee35dfb5d42d78ef6fd843882cbbbe5653cd686ff768e697ac84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 51ca5853da6ab1b45b9b9d8425056853
b912e4d1ee63203030fa6efd1a77b5f02f4f86e0
a5dd1386ea0a4adc2678a71557841daec7a91a80330c7cf3dc845963c4addd3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adlmerge.com/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
95.211.66.35200 OK 43 B URL HTTP/2 adlmerge.com/merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 95.211.66.35:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /merge_gpsid/?sid=50&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: adlmerge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
iseu: eu
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 682477608532cf0f939b82148a7d996c
53f5564723f8ca88bf990fb2e4de8ffd8000c96f
4f89314a758da9c42d7ab1c97f8794e3c10ed59112f6bad7f02f8b63fc24a3a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=investstable.ru
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=investstable.ru
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=investstable.ru HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 22 Sep 2022 04:23:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=investstable.ru
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=investstable.ru
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=investstable.ru HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 22 Sep 2022 04:23:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/25781042/1?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 442 B URL HTTP/2 mc.yandex.ru/watch/25781042/1?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (442), with no line terminators
Hash f89920bfb044d8996fb215d74342199d
b7f6ef32e46f32316306970b6f08a6f324399730
921c5a31d0fde8cffe99f9f0d1292a3759b51f8df5e1965eb5f7fbeea72cff96
GET /watch/25781042/1?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 442
date: Thu, 22 Sep 2022 04:23:26 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://investstable.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:26 GMT
last-modified: Thu, 22-Sep-2022 04:23:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 2245f09026503a7abc6e05553f1466fd
d8ae7f2acb1834239805c3e713ad056517b6153e
22a707d05434a7162a612f1c38d4466c6c1730f95717a3e100980aee8f00277c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:05:56 GMT
ETag: "d8ae7f2acb1834239805c3e713ad056517b6153e"
Last-Modified: Thu, 22 Sep 2022 03:05:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2186
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e8bd2eb523-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f675396b1827a50c78e358358f256144
451b788273e06a08f762735c23c13028e32a3f3c
6bd9e2ec423bf8f0f681a92f4ad0b28cdb53f5df6ca4b571c9697b678c20c126
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f85caa32cfc5c68ae9d37dac5075d086
d98cb95e042dfdf7fcfe0bef3d83624a970ee7ab
c1d5882e2ccbee35dfb5d42d78ef6fd843882cbbbe5653cd686ff768e697ac84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash e004b52610c97a9652a02961f759a0d7
d84c30b464c819299e337b5bbd3920cf75f1fd07
727a07635e2eec36215c490d8ebaccd0a64e595575109e22f927984e6a4586e8
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 26 Sep 2022 00:07:44 GMT
ETag: "d84c30b464c819299e337b5bbd3920cf75f1fd07"
Last-Modified: Thu, 22 Sep 2022 00:07:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3314
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e8e9200afe-OSL
sync.adkernel.com/user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D
77.245.57.72200 OK 0 B URL HTTP/1.1 sync.adkernel.com/user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D
IP 77.245.57.72:0
ASN #36057 WEBAIR-INTERNET-MTL
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /user-sync?zone=169736&t=image&r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D221%26euid%3D%7BUID%7D HTTP/1.1
Host: sync.adkernel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: close
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0c2e17d8cf31157df1a4bd2f99a54c6c
c0bbb9ac61662fda8781947855cf7074484ac540
52f7b19b0215b25985a1e67274af794f09cd838879b503fe985141aee33a5707
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 04:09:18 GMT
Expires: Tue, 27 Sep 2022 04:09:17 GMT
Etag: "c0bbb9ac61662fda8781947855cf7074484ac540"
Cache-Control: max-age=430550,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e8cc050b02-OSL
fcgi4.gnezdo.ru/cookie_matching_ssp/Sape-dsp/1A7D0CB93DE32B63B6001832028F2F0C
93.95.102.105204 No Content 0 B URL HTTP/2 fcgi4.gnezdo.ru/cookie_matching_ssp/Sape-dsp/1A7D0CB93DE32B63B6001832028F2F0C
IP 93.95.102.105:0
ASN #48347 JSC Mediasoft ekspert
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie_matching_ssp/Sape-dsp/1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
set-cookie: uid=XV9maWMr4z46I4Y1CFVAAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA
188.42.191.196302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA
IP 188.42.191.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
tuuid=b9cb20b0-5633-5209-9439-b79ff71254a1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPgAN1viSPaySEXLDB88qgs_OyKNvcr46KA==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 9edb574bef34f41a55a24129e22bfad3
5c0c0d368dafa9cdb00941b307038825554581af
8c6c43e6c2c7a0e03cf9a02816706478039741c8f9b739d74af1f2dfafb4c712
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 21 Sep 2022 23:11:47 GMT
Expires: Thu, 22 Sep 2022 23:11:47 GMT
ETag: "5c0c0d368dafa9cdb00941b307038825554581af"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=153&external_id=1A7D0CB93DE32B63B6001832028F2F0C
195.209.111.4200 OK 42 B URL HTTP/1.1 ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=153&external_id=1A7D0CB93DE32B63B6001832028F2F0C
IP 195.209.111.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cgi-bin/sync.cgi?dsp_id=153&external_id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: ssp.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691
195.209.108.50302 Moved Temporarily 0 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691
IP 195.209.108.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691 HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
Set-Cookie: cid=-4818638700; expires=Sat, 21 Sep 2024 04:23:26 GMT; path=/; domain=.adriver.ru; SameSite=None; Secure
Location: /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-4818638700
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0c2e17d8cf31157df1a4bd2f99a54c6c
c0bbb9ac61662fda8781947855cf7074484ac540
52f7b19b0215b25985a1e67274af794f09cd838879b503fe985141aee33a5707
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 04:09:18 GMT
Expires: Tue, 27 Sep 2022 04:09:17 GMT
Etag: "c0bbb9ac61662fda8781947855cf7074484ac540"
Cache-Control: max-age=430550,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e91a09b527-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1095cbeab0f073ac21b542ece43906e4
6a95016d800f003c5a9be4fb1a806178aeb263b3
cea83b7581093c0900582f4034033ef7b759a15163cd164b513f7cc47de60694
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 14:18:44 GMT
Expires: Tue, 27 Sep 2022 14:18:43 GMT
Etag: "6a95016d800f003c5a9be4fb1a806178aeb263b3"
Cache-Control: max-age=467116,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e91c3a0b02-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ddbcbecfc057efc5818baa2d00bf3be9
81959b98f864c8b48587bae773c5a8a33748b4e2
745b010b944478b94b2f6d8dad754fb395abb7dede46876df67be8f0f2283fea
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 04:18:18 GMT
Expires: Mon, 26 Sep 2022 04:18:17 GMT
Etag: "81959b98f864c8b48587bae773c5a8a33748b4e2"
Cache-Control: max-age=600121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1063
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e96fde0afa-OSL
www.facebook.com/tr/?id=1095636837296413&ev=PageView&dl=https%3A%2F%2Finveststable.ru%2F&rl=&if=false&ts=1663820606329&sw=1280&sh=1024&v=2.9.83&r=stable&a=wordpress-6.0.2-3.0.7&ec=0&o=30&fbp=fb.1.1663820606328.846943462&it=1663820605639&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=1095636837296413&ev=PageView&dl=https%3A%2F%2Finveststable.ru%2F&rl=&if=false&ts=1663820606329&sw=1280&sh=1024&v=2.9.83&r=stable&a=wordpress-6.0.2-3.0.7&ec=0&o=30&fbp=fb.1.1663820606328.846943462&it=1663820605639&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=1095636837296413&ev=PageView&dl=https%3A%2F%2Finveststable.ru%2F&rl=&if=false&ts=1663820606329&sw=1280&sh=1024&v=2.9.83&r=stable&a=wordpress-6.0.2-3.0.7&ec=0&o=30&fbp=fb.1.1663820606328.846943462&it=1663820605639&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Thu, 22 Sep 2022 04:23:26 GMT
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash c90cb360eb7fec2c6896deda463024a5
75a7e276e68b9a4b5d3f1d0cbe919a633f5c2dcd
6b7d6721b8c06e9627f2523ce366b2fd624c08d502755bc91830c2e23ef69455
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:39:05 GMT
ETag: "75a7e276e68b9a4b5d3f1d0cbe919a633f5c2dcd"
Last-Modified: Thu, 22 Sep 2022 03:39:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1063
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e9896e0afe-OSL
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
35.190.24.218302 Found 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
IP 35.190.24.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Weborama Collect Frontend
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1692211917
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Thu, 22 Sep 2022 04:23:26 GMT
set-cookie: AFFICHE_W=Gy7cTugOt2Ub95; expires=Fri, 20 Oct 2023 04:23:26 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 1d6dd9fcb77c789d7ca31b554fd39d15
4a3decd28f81e50ca81c361e58ab15209c1f2fa5
e3ba113d65a9a36310749dad7e1140588fcc3c71b32efce3cc31f623cabe9e12
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 26 Sep 2022 03:35:40 GMT
ETag: "4a3decd28f81e50ca81c361e58ab15209c1f2fa5"
Last-Modified: Thu, 22 Sep 2022 03:35:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1287
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e843e98bb60b61-OSL
ads.betweendigital.com/match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA&crf=1
188.42.191.196200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA&crf=1
IP 188.42.191.196:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=98&external_user_id=M2QwNmQ4NTkxNzY0Y2YxMA&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
tuuid=f008fec9-d152-5209-a267-5896c14cbba8; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPgAOmkj2dfe4jw2Elt0uF6KZoCc_e68ZsQ==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 32b786199a4265ae7f5f9b96afe36ffa
d763a9d026c8be4b54b2046e3bb6e952fdde9ad4
a927ff0ea553195a8071c91f8d0acd57cc0b7cae3d4b13a97ca0fc7161a66120
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 04:23:26 GMT
Last-Modified: Thu, 22 Sep 2022 03:49:28 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c9f43883942b62e69fddb651d99a3dd1
7c66254b2619fe098291f70ff23fccad3339b069
87cc1ed52f443895e5d7615695d2d1162e0bd93edf17990029727e52ce33256b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87CC1ED52F443895E5D7615695D2D1162E0BD93EDF17990029727E52CE33256B"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9725
Expires: Thu, 22 Sep 2022 07:05:31 GMT
Date: Thu, 22 Sep 2022 04:23:26 GMT
Connection: keep-alive
ads.betweendigital.com/match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C
188.42.191.196302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C
IP 188.42.191.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
tuuid=264230f3-f64a-5209-b857-b168db7c5256; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPgAOqeiaY297iMa7cUDyirTXFWkTHMDOCg==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:26 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-4818638700
195.209.108.50302 Moved Temporarily 40 B URL HTTP/1.1 ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-4818638700
IP 195.209.108.50:0
File type ASCII text, with CRLF line terminators
Hash 251630b588179b239e8fab1ac9ef6d3a
91b91a97bc481dd2bbd5e0f3fea6ba1c4e843882
c95661e0ef6975b1df5361695a439f71a021d72c345023c3e668e84f35b3c38b
GET /cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-4818638700 HTTP/1.1
Host: ad.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Set-Cookie: cid=0; expires=Sat, 21 Sep 2024 04:23:26 GMT; path=/; domain=.adriver.ru;
uid=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=.adriver.ru
Location: https://www.acint.net/rmatch?dp=45&euid=0&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D
x01.aidata.io/0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C
89.108.119.28302 Found 0 B URL HTTP/2 x01.aidata.io/0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 89.108.119.28:0
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-length: 0
location: https://x01.aidata.io/0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C&bounce=1
expires: Thu, 22 Sep 2022 04:23:25 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Thu, 22 Sep 2022 04:23:25 GMT
set-cookie: __upin=AuHlc1RDW8w06bOdX3LwCQ;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1663820606;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
sape-sync.rutarget.ru/sync
178.170.196.247302 Moved Temporarily 0 B URL HTTP/1.1 sape-sync.rutarget.ru/sync
IP 178.170.196.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync HTTP/1.1
Host: sape-sync.rutarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Length: 0
Connection: close
Location: https://www.acint.net/match?dp=104&euid=NDfFRi0PwM6Y
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=NDfFRi0PwM6Y; Path=/; Domain=.rutarget.ru; Expires=Tue, 21 Mar 2023 04:23:26 GMT; SameSite=None; Secure
ad.mail.ru/cm.gif?p=48&id=1A7D0CB93DE32B63B6001832028F2F0C
95.163.41.56200 OK 86 kB URL HTTP/2 ad.mail.ru/cm.gif?p=48&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 95.163.41.56:0
File type gzip compressed data, from Unix\012- data
Hash bb88c8e894607fedfebf8509bb34f833
60c0a4a19291346de2981310a7d38bc0bf473aa5
4ab5efc06ddae527e7f702adaa6f6214b0aebdb2e9307606b535b2f5bf82e7f5
GET /cm.gif?p=48&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: ad.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:26 GMT
content-type: image/gif
content-length: 43
set-cookie: VID=0WmAQW1BHSYC002BpY3E0OYC:::0-0-0-8463bfe:CAASEI-Ak5mW6e9eFAzwHZtdTJAaYCBv9myZDJSU01B6WHKlgSUaBsWOgNE3nzWxY3nfPNGv59MCIG8fKhlajxa2F0DTt-sjkeZwST8ARpCm7mC621mQ4gUkmGub62xIgyifxOS_pJLQ4MqQwUJdyLCM6BtQDg; path=/; expires=Sat, 23-Sep-23 04:23:26 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
expires: Thu, 22 Sep 2022 10:23:26 GMT
cache-control: max-age=21600
last-modified: Thu, 22 Sep 2022 04:23:26 GMT
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
X-Firefox-Spdy: h2
redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1692211917
35.190.24.218204 No Content 0 B URL HTTP/2 redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1692211917
IP 35.190.24.218:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D%7BWEBO_CID%7D%26noredirect&bounce=1&random=1692211917 HTTP/1.1
Host: redirect.frontend.weborama.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Weborama Collect Frontend
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Thu, 22 Sep 2022 04:23:27 GMT
set-cookie: AFFICHE_W=; expires=Tue, 10 Nov 2009 23:00:00 GMT; domain=.weborama.fr; path=/; secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.acint.net/rmatch?dp=45&euid=0&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D
185.12.125.25302 Found 154 B URL HTTP/2 www.acint.net/rmatch?dp=45&euid=0&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D
IP 185.12.125.25:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /rmatch?dp=45&euid=0&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: openresty
date: Thu, 22 Sep 2022 04:23:27 GMT
content-type: text/html
content-length: 154
location: https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=89B803C13DE32B63EF030B5B02659413
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0c2e17d8cf31157df1a4bd2f99a54c6c
c0bbb9ac61662fda8781947855cf7074484ac540
52f7b19b0215b25985a1e67274af794f09cd838879b503fe985141aee33a5707
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 04:09:18 GMT
Expires: Tue, 27 Sep 2022 04:09:17 GMT
Etag: "c0bbb9ac61662fda8781947855cf7074484ac540"
Cache-Control: max-age=430550,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e843e8cbebb4f9-OSL
ads.betweendigital.com/match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C&crf=1
188.42.191.196200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C&crf=1
IP 188.42.191.196:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=73&external_user_id=1A7D0CB93DE32B63B6001832028F2F0C&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
tuuid=4f32bd67-f49a-5209-b256-319dd17dd2a2; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPwAAPoCigm9MWD-jMhaMHtffsOQx75wVEg==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
www.acint.net/match?dp=104&euid=NDfFRi0PwM6Y
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/match?dp=104&euid=NDfFRi0PwM6Y
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /match?dp=104&euid=NDfFRi0PwM6Y HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
px.adhigh.net/p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C
193.232.150.148302 Found 0 B URL HTTP/2 px.adhigh.net/p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C
IP 193.232.150.148:0
ASN #48061 Limited Liability Company GPM Digital Technologies
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 22 Sep 2022 04:23:27 GMT
content-length: 0
x-backend-id: f15-ru
access-control-allow-origin: *
access-control-allow-credentials: true
set-cookie: gi_u=u4QvLIm7k4E.AikABlGDY2-uJQ;Path=/;Domain=.adhigh.net;Expires=Fri, 22-Sep-2023 04:23:27 GMT;Secure;SameSite=None
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
location: https://px.adhigh.net/p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C&bounced=1
X-Firefox-Spdy: h2
sm.rtb.mts.ru/p?ssp=sape&id=1A7D0CB93DE32B63B6001832028F2F0C
217.66.147.33301 Moved Permanently 0 B URL HTTP/1.1 sm.rtb.mts.ru/p?ssp=sape&id=1A7D0CB93DE32B63B6001832028F2F0C
IP 217.66.147.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p?ssp=sape&id=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://sm.rtb.mts.ru/match/second?ssp=30&exu=1A7D0CB93DE32B63B6001832028F2F0C
Set-Cookie: dspid=67499370-6d85-4ffc-af61-7caed2f993dc; expires=Wed, 13 Sep 2023 04:23:27 GMT; domain=.mts.ru; path=/; secure; SameSite=None
x01.aidata.io/0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C&bounce=1
89.108.119.28204 No Content 0 B URL HTTP/2 x01.aidata.io/0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C&bounce=1
IP 89.108.119.28:0
ASN #197695 Domain names registrar REG.RU, Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0.gif?pid=9401454&id=1A7D0CB93DE32B63B6001832028F2F0C&bounce=1 HTTP/1.1
Host: x01.aidata.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 22 Sep 2022 04:23:27 GMT
expires: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-methods: GET, POST
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
last-modified: Thu, 22 Sep 2022 04:23:26 GMT
set-cookie: __upin=sy0bQqRB5tyI+mKSyYG0Eg;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
__upints=1663820607;domain=.aidata.io;path=/;max-age=63072000;SameSite=None;Secure
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
X-Firefox-Spdy: h2
tag.digitaltarget.ru/adcm.js
185.15.175.174200 OK 3.1 kB URL HTTP/1.1 tag.digitaltarget.ru/adcm.js
IP 185.15.175.174:0
File type ASCII text, with very long lines (3051), with no line terminators
Hash e7097284185069f52fc736bcd50cda13
1cdfdf2d869841202079ddf91e0a00a8610812e6
40f2a96f78f4c8484e9da6e172f5ddd3e4d7786ca29e04b96e1067a365190e80
GET /adcm.js HTTP/1.1
Host: tag.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: application/javascript
Content-Length: 3051
Last-Modified: Thu, 22 Sep 2022 04:04:30 GMT
Connection: keep-alive
ETag: "632bdece-beb"
Accept-Ranges: bytes
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 9edb574bef34f41a55a24129e22bfad3
5c0c0d368dafa9cdb00941b307038825554581af
8c6c43e6c2c7a0e03cf9a02816706478039741c8f9b739d74af1f2dfafb4c712
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 22 Sep 2022 04:23:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 21 Sep 2022 23:11:47 GMT
Expires: Thu, 22 Sep 2022 23:11:47 GMT
ETag: "5c0c0d368dafa9cdb00941b307038825554581af"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D
188.42.191.196302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D
IP 188.42.191.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
tuuid=a4940218-2485-5209-81a5-975ee28e7461; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPwAA5nhxSTIBUWedWrbHrrzYCK9PfggyPQ==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
188.42.191.196200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1
IP 188.42.191.196:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
tuuid=eb179027-1f73-5209-83d9-4b93e0f2a8ac; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
ut=YyvjPwABpeChqKeEUQhN1BhAXpipOvkSNf_KPQ==; Max-Age=31536000; Expires=Fri, 22 Sep 2023 04:23:27 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=89B803C13DE32B63EF030B5B02659413
195.209.111.4200 OK 42 B URL HTTP/1.1 ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=89B803C13DE32B63EF030B5B02659413
IP 195.209.111.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cgi-bin/sync.cgi?ssp_id=43&external_id=89B803C13DE32B63EF030B5B02659413 HTTP/1.1
Host: ssp.adriver.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
sm.rtb.mts.ru/match/second?ssp=30&exu=1A7D0CB93DE32B63B6001832028F2F0C
217.66.147.33301 Moved Permanently 0 B URL HTTP/1.1 sm.rtb.mts.ru/match/second?ssp=30&exu=1A7D0CB93DE32B63B6001832028F2F0C
IP 217.66.147.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match/second?ssp=30&exu=1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://tech.rtb.mts.ru/
px.adhigh.net/p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C&bounced=1
193.232.150.148200 OK 49 B URL HTTP/2 px.adhigh.net/p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C&bounced=1
IP 193.232.150.148:0
ASN #48061 Limited Liability Company GPM Digital Technologies
File type GIF image data, version 89a, 1 x 1\012- data
Hash 889bc1fffc025af4685839fb516a0b8b
7f105137a4eafe93213ecd8cc34dd907c340467c
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
GET /p/cm/sape?u=1A7D0CB93DE32B63B6001832028F2F0C&bounced=1 HTTP/1.1
Host: px.adhigh.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:27 GMT
content-type: image/gif
content-length: 49
x-backend-id: f15-ru
access-control-allow-origin: *
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store
X-Firefox-Spdy: h2
tag.digitaltarget.ru/processor.js?i=322574179359567
185.15.175.174200 OK 16 kB URL HTTP/1.1 tag.digitaltarget.ru/processor.js?i=322574179359567
IP 185.15.175.174:0
File type ASCII text, with very long lines (15892), with no line terminators
Hash 9d8bbf9b7d1aaed9a324a9cf9977dda4
d3365fba7f95ca11a9564b373162d1ddb06fcdbd
0935447866da8ca59df7d65710e0b68377a6dbc62c761e83ebfc83998f905788
GET /processor.js?i=322574179359567 HTTP/1.1
Host: tag.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: application/javascript
Content-Length: 15892
Last-Modified: Thu, 22 Sep 2022 04:04:31 GMT
Connection: keep-alive
ETag: "632bdecf-3e14"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ad7c4f0a81fee0bd021875dec50a0a0
609f06a7f137688646e495e273537b0b76adb5f9
097619c12232a82a2a62098c513feca7d117ce7f08f4357eb301cfd7c6883205
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "097619C12232A82A2A62098C513FECA7D117CE7F08F4357EB301CFD7C6883205"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6587
Expires: Thu, 22 Sep 2022 06:13:14 GMT
Date: Thu, 22 Sep 2022 04:23:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ad7c4f0a81fee0bd021875dec50a0a0
609f06a7f137688646e495e273537b0b76adb5f9
097619c12232a82a2a62098c513feca7d117ce7f08f4357eb301cfd7c6883205
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "097619C12232A82A2A62098C513FECA7D117CE7F08F4357EB301CFD7C6883205"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6587
Expires: Thu, 22 Sep 2022 06:13:14 GMT
Date: Thu, 22 Sep 2022 04:23:27 GMT
Connection: keep-alive
dmg.digitaltarget.ru/1/1093/i/i?i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient
185.15.175.147307 Temporary Redirect 0 B URL HTTP/1.1 dmg.digitaltarget.ru/1/1093/i/i?i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient
IP 185.15.175.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/1093/i/i?i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient
Set-Cookie: viuserid=hCEu5aKNSewYZj77iuDR; Max-Age=93312000; Expires=Sat, 06 Sep 2025 04:23:27 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
dmg.digitaltarget.ru/1/1093/i/i?i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
185.15.175.147307 Temporary Redirect 0 B URL HTTP/1.1 dmg.digitaltarget.ru/1/1093/i/i?i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
IP 185.15.175.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/1093/i/i?i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
Set-Cookie: viuserid=1ropYBANS8PnYN77iWDA; Max-Age=93312000; Expires=Sat, 06 Sep 2025 04:23:27 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient
185.15.175.147200 OK 64 B URL HTTP/1.1 dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient
IP 185.15.175.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8
GET /awg/custom/1093/i/i?call_source=awg&i=708685429849768.69130839483309&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 2
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
185.15.175.147200 OK 64 B URL HTTP/1.1 dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
IP 185.15.175.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8
GET /awg/custom/1093/i/i?call_source=awg&i=708685429849768.137079353861132&a=77&e=1A7D0CB93DE32B63B6001832028F2F0C&pref=https%3A%2F%2Finveststable.ru%2F&c=ss:77.up:1A7D0CB93DE32B63B6001832028F2F0C.sync:up.xdua:duMg4ySzyq0AmClGbuYx2Lcr.xps:xpssnzooxsqaC5hX4zSV5R3ak.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only
tech.rtb.mts.ru/
213.87.44.187204 No Content 0 B IP 213.87.44.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tech.rtb.mts.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.2
Date: Thu, 22 Sep 2022 04:23:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: mts_id=4cd13125-4da4-497d-b8aa-62afcae2765c; Domain=mts.ru; expires=Sat, 31 Jul 2032 04:23:27 GMT; SameSite=None; Secure
mts_id_last_sync=1663820607; Domain=mts.ru; expires=Sat, 31 Jul 2032 04:23:27 GMT; SameSite=None; Secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
www.acint.net/ping/?v=0.4.0&uid=8bf1351e-ec32-4dc2-a854-1974f6068526&dp=10&tz=%2B00%3A00&nc=53671022&dT=2022-09-22T04%3A23%3A28.052
185.12.125.25200 OK 43 B URL HTTP/2 www.acint.net/ping/?v=0.4.0&uid=8bf1351e-ec32-4dc2-a854-1974f6068526&dp=10&tz=%2B00%3A00&nc=53671022&dT=2022-09-22T04%3A23%3A28.052
IP 185.12.125.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /ping/?v=0.4.0&uid=8bf1351e-ec32-4dc2-a854-1974f6068526&dp=10&tz=%2B00%3A00&nc=53671022&dT=2022-09-22T04%3A23%3A28.052 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Cookie: aid=wQO4iWMr4z1bCwPvE5RlAlr4GXScKj4lskDtuHFknScqPhWz; test_cookie=CheckForPermission; cSyncDp7v2=1663820605; cSyncDp14v3=1663820605; cSyncDp17=1663820605; cSyncDp32=1663820605; cSyncDp45v3=1663820605; cSyncDp53=1663820605; cSyncDp54v2=1663820605; cSyncDp62=1663820605; cSyncDp67v2=1663820605; cSyncDp68=1663820605; cSyncDp71=1663820605; cSyncDp77=1663820605; cSyncDp84=1663820605; cSyncDp85=1663820605; cSyncDp95v3=1663820605; cSyncDp101=1663820605; cSyncDp104v2=1663820605; cSyncDp107=1663820605; cSyncDp110=1663820605; cSyncDp111v2=1663820605; cSyncDp112v2=1663820605; cSyncDp125v2=1663820605; cSyncDp126=1663820605; cSyncDp127=1663820605; cSyncDp129=1663820605; cSyncDp136v2=1663820605; cSyncDp138=1663820605; cSyncDp144=1663820605; cSyncDp146=1663820605; cSyncDp148=1663820605; cSyncDp149=1663820605; cSyncDp151=1663820605; cSyncDp178=1663820605; cSyncDp179=1663820605; cSyncDp186=1663820605; cSyncDp221=1663820605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:28 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=560080598&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820609%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820609&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=560080598&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820609%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820609&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=560080598&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820609%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820609&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 129741
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 22 Sep 2022 04:23:29 GMT
access-control-allow-origin: https://investstable.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:29 GMT
last-modified: Thu, 22-Sep-2022 04:23:29 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=357801357&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1663820610%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820610&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=357801357&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1663820610%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820610&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/25781042?wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=357801357&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1663820610%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042329%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820610&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 54
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 22 Sep 2022 04:23:29 GMT
access-control-allow-origin: https://investstable.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:29 GMT
last-modified: Thu, 22-Sep-2022 04:23:29 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 069a8e60288777306e90e53763f87811
e5bb6dd623282f8db053604a852dda28e6f6de8f
48acd402e55b65f5bbde1bc7b13b604f07b58742712c3e50b07c5a57c6c109a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4ee5bbd-73ba-4da9-bcfc-b6aa9ce9eb86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10670
x-amzn-requestid: 5c5bf01a-3f05-4afe-9f13-61f7d4e0901c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GPFHSDoAMFXww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b83f9-11818e616f4e330e714fc44f;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:36:57 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KxP2AbGmfJBn-tJOQ5EE658LMbwd3euUkKqnJhbtJiFIlJgT6PJ9xw==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 23713
etag: "e5bb6dd623282f8db053604a852dda28e6f6de8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
top-fwz1.mail.ru/tracker?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;detect=0;lvid=1663820605847%3A1663820612504%3A2%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.5527941684515029;e=RT/unload;et=1663820612502;pvt=7553;vtauto=6661
95.163.52.67200 OK 43 B URL HTTP/2 top-fwz1.mail.ru/tracker?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;detect=0;lvid=1663820605847%3A1663820612504%3A2%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.5527941684515029;e=RT/unload;et=1663820612502;pvt=7553;vtauto=6661
IP 95.163.52.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /tracker?js=13;id=2554513;u=https%3A//investstable.ru/;st=1663820604949;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=0a3d51b32fc7b5d4;ver=60.3.0;tz=0%2FUTC;ni=;detect=0;lvid=1663820605847%3A1663820612504%3A2%3A3459262b6ea38eaed0b756fbf9828028;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.5527941684515029;e=RT/unload;et=1663820612502;pvt=7553;vtauto=6661 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 04:23:32 GMT
content-type: image/gif
content-length: 43
set-cookie: FTID=1RMYgQ0tkIIC:1663820612:2554513:::; path=/; expires=Sat, 23-Sep-23 04:23:32 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/25781042?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/25781042?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/25781042?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/25781042/1?wmode=7&page-url=https%3A%2F%2Finveststable.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abkhw48i07cggsex1juigo%3Afp%3A1735%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A903%3Acn%3A1%3Adp%3A0%3Als%3A273495068857%3Ahid%3A133847619%3Az%3A0%3Ai%3A20220922042326%3Aet%3A1663820606%3Ac%3A1%3Arn%3A585103671%3Arqn%3A1%3Au%3A1663820606830078311%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A60%2C232%2C88%2C0%2C869%2C0%2C%2C516%2C13%2C%2C%2C%2C1781%3Ans%3A1663820603180%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663820606%3At%3A%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 22 Sep 2022 04:23:26 GMT
access-control-allow-origin: https://investstable.ru
set-cookie: yandexuid=4059398881663820606; Expires=Fri, 22-Sep-2023 04:23:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4059398881663820606; Expires=Fri, 22-Sep-2023 04:23:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2391377811663820606; Path=/; SameSite=None; Secure
i=cGJAt5IavkyWnkrI70fWUPaTPvifDnSVTqbYYJ3KGFiiTkDfiRGJO9GVUzGeJ2CxoV3ocl6pvBkRtcvQoyPwbaNfq3M=; Expires=Sun, 19-Sep-2032 04:23:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695356606.yrts.1663820606#1695356606.yrtsi.1663820606; Expires=Fri, 22-Sep-2023 04:23:26 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:26 GMT
last-modified: Thu, 22-Sep-2022 04:23:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/25781042?wv-check=15020&wv-type=0&wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=1040480113&browser-info=gdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/25781042?wv-check=15020&wv-type=0&wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=1040480113&browser-info=gdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/25781042?wv-check=15020&wv-type=0&wmode=0&wv-part=1&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=1040480113&browser-info=gdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 108
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 22 Sep 2022 04:23:32 GMT
access-control-allow-origin: https://investstable.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:32 GMT
last-modified: Thu, 22-Sep-2022 04:23:32 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=2&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=246204096&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2)
93.158.134.119200 OK 0 B URL HTTP/2 mc.yandex.ru/webvisor/25781042?wmode=0&wv-part=2&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=246204096&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2)
IP 93.158.134.119:0
POST /webvisor/25781042?wmode=0&wv-part=2&wv-hit=133847619&page-url=https%3A%2F%2Finveststable.ru%2F&rn=246204096&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1663820613%3Aw%3A1268x939%3Av%3A903%3Az%3A0%3Ai%3A20220922042332%3Au%3A1663820606830078311%3Avf%3Abkhw48i07cggsex1juigo%3Awe%3A1%3Ast%3A1663820613&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 15
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 22 Sep 2022 04:23:32 GMT
access-control-allow-origin: https://investstable.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22-Sep-2022 04:23:32 GMT
last-modified: Thu, 22-Sep-2022 04:23:32 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons_classic.css?ver=6.0.2
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons_classic.css?ver=6.0.2
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-social-likes/css/custom-buttons_classic.css?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-16d"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.6
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.6
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.6 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
vary: Accept-Encoding
etag: W/"632880bf-28722"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/rate-my-post/public/js/rate-my-post.js?ver=3.3.6
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/rate-my-post/public/js/rate-my-post.js?ver=3.3.6
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/rate-my-post/public/js/rate-my-post.js?ver=3.3.6 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Sat, 03 Sep 2022 08:53:46 GMT
vary: Accept-Encoding
etag: W/"6313161a-5f96"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/assets/js/ResizeSensor.min.js
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/ResizeSensor.min.js
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/ResizeSensor.min.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-c29"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 05:07:05 GMT
vary: Accept-Encoding
etag: W/"63118f79-aab"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.6
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.6
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.6 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
vary: Accept-Encoding
etag: W/"632880bf-35ed"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
an.yandex.ru/mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C
213.180.193.90302 Found 0 B URL HTTP/2 an.yandex.ru/mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C
IP 213.180.193.90:0
GET /mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
location: https://an.yandex.ru/mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C?redir-setuniq=1
date: Thu, 22 Sep 2022 04:23:27 GMT
set-cookie: yandexuid=1802841561663820607; domain=.yandex.ru; path=/; expires=Sun, 19-Sep-2032 04:23:27 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22 Sep 2022 04:23:27 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Thu, 22 Sep 2022 04:23:27 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-342"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Playfair+Display:400,400i,700,700i|Domine:400,700|Oswald:400,700|Poppins:400,400i,700,700i
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Playfair+Display:400,400i,700,700i|Domine:400,700|Oswald:400,700|Poppins:400,400i,700,700i
IP 216.58.211.10:0
GET /css?family=Playfair+Display:400,400i,700,700i|Domine:400,700|Oswald:400,700|Poppins:400,400i,700,700i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 22 Sep 2022 04:23:24 GMT
date: Thu, 22 Sep 2022 04:23:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
investstable.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Sat, 16 Jul 2022 13:39:05 GMT
vary: Accept-Encoding
etag: W/"62d2bf79-15b64"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/extension.min.css?ver=2.4.20
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/extension.min.css?ver=2.4.20
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/extension.min.css?ver=2.4.20 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Mon, 19 Sep 2022 14:46:29 GMT
vary: Accept-Encoding
etag: W/"632880c5-45b"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
www.acint.net/mc/?dp=10&tc=1
185.12.125.25200 OK 0 B URL HTTP/2 www.acint.net/mc/?dp=10&tc=1
IP 185.12.125.25:0
GET /mc/?dp=10&tc=1 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: aid=uQx9GmMr4z0yGAC2DC+PAtzKKVYNbhYnlvyheL46I2sqKJCf; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: text/html
set-cookie: cSyncDp7v2=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp14v3=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp17=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp32=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp45v3=1663820605; expires=Fri, 23-Sep-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp53=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp54v2=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp62=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp67v2=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp68=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp71=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp77=1663820605; expires=Thu, 06-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp84=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp85=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp95v3=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp101=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp104v2=1663820605; expires=Thu, 06-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp107=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp110=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp111v2=1663820605; expires=Thu, 06-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp112v2=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp125v2=1663820605; expires=Fri, 07-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp126=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp127=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp129=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp136v2=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp138=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp144=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp146=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp148=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp149=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp151=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp178=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp179=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp186=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
cSyncDp221=1663820605; expires=Sat, 22-Oct-22 04:23:25 GMT; path=/; Secure; SameSite=None; domain=.acint.net
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=2.4.20
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=2.4.20
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=2.4.20 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Sep 2022 14:46:29 GMT
vary: Accept-Encoding
etag: W/"632880c5-117ab"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/uploads/2020/05/cropped-vsyo-o-zarabotke-v-internete-scaled-1.jpg
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/uploads/2020/05/cropped-vsyo-o-zarabotke-v-internete-scaled-1.jpg
IP 45.130.41.35:0
GET /wp-content/uploads/2020/05/cropped-vsyo-o-zarabotke-v-internete-scaled-1.jpg HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: image/jpeg
content-length: 104731
last-modified: Sun, 17 May 2020 17:28:39 GMT
etag: "5ec17447-1991b"
expires: Sat, 22 Oct 2022 04:23:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
investstable.ru/wp-content/themes/elegantwp/assets/js/navigation.js
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/themes/elegantwp/assets/js/navigation.js
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/elegantwp/assets/js/navigation.js HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-2485"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/rate-my-post/public/css/rate-my-post.css?ver=3.3.6
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/rate-my-post/public/css/rate-my-post.css?ver=3.3.6
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/rate-my-post/public/css/rate-my-post.css?ver=3.3.6 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Sat, 03 Sep 2022 08:53:46 GMT
vary: Accept-Encoding
etag: W/"6313161a-28fc"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
an.yandex.ru/mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C?redir-setuniq=1
213.180.193.90200 OK 0 B URL HTTP/2 an.yandex.ru/mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C?redir-setuniq=1
IP 213.180.193.90:0
GET /mapuid/sapeis/1A7D0CB93DE32B63B6001832028F2F0C?redir-setuniq=1 HTTP/1.1
Host: an.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
timing-allow-origin: *
date: Thu, 22 Sep 2022 04:23:27 GMT
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 22 Sep 2022 04:23:27 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
last-modified: Thu, 22 Sep 2022 04:23:27 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif; charset=utf-8
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
investstable.ru/
45.130.41.35200 OK 0 B IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/html
vary: Accept-Encoding
x-powered-by: W3 Total Cache/2.2.4
last-modified: Thu, 22 Sep 2022 04:23:24 GMT
expires: Thu, 22 Sep 2022 05:23:24 GMT
pragma: public
cache-control: max-age=3600, public
etag: "66b024924268cec532efb9aa9a84c9ce"
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
glopart.ru/assets/adunit-794b7334b25d2a9ccaec.js
51.250.65.231200 OK 0 B URL HTTP/2 glopart.ru/assets/adunit-794b7334b25d2a9ccaec.js
IP 51.250.65.231:0
ASN #200350 Yandex.Cloud LLC
GET /assets/adunit-794b7334b25d2a9ccaec.js HTTP/1.1
Host: glopart.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 22 Sep 2022 04:23:25 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
etag: W/"4cb75803fae23dbd10bfdaed386fff49"
last-modified: Sun, 10 Apr 2022 15:34:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 45.130.41.35:0
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Fri, 02 Sep 2022 05:07:05 GMT
vary: Accept-Encoding
etag: W/"63118f79-25d0"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
ws.alpari.forex/gtt/bnr.php?key=8023b869&subject=ib&type=gif&date=2019-12-26&pid=1223344&name=%D0%A2%D1%80%D0%B5%D0%B9%D0%B4%D0%B8%D0%BD%D0%B3&_bnr=https://alpari.forex/partnership-banners/images/1402.gif?partner_id=1223344
172.67.180.124301 Moved Permanently 0 B URL HTTP/2 ws.alpari.forex/gtt/bnr.php?key=8023b869&subject=ib&type=gif&date=2019-12-26&pid=1223344&name=%D0%A2%D1%80%D0%B5%D0%B9%D0%B4%D0%B8%D0%BD%D0%B3&_bnr=https://alpari.forex/partnership-banners/images/1402.gif?partner_id=1223344
IP 172.67.180.124:0
GET /gtt/bnr.php?key=8023b869&subject=ib&type=gif&date=2019-12-26&pid=1223344&name=%D0%A2%D1%80%D0%B5%D0%B9%D0%B4%D0%B8%D0%BD%D0%B3&_bnr=https://alpari.forex/partnership-banners/images/1402.gif?partner_id=1223344 HTTP/1.1
Host: ws.alpari.forex
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 22 Sep 2022 04:23:24 GMT
location: https://ws.alpari.com/gtt/bnr.php?key=8023b869&subject=ib&type=gif&date=2019-12-26&pid=1223344&name=%D0%A2%D1%80%D0%B5%D0%B9%D0%B4%D0%B8%D0%BD%D0%B3&_bnr=https://alpari.forex/partnership-banners/images/1402.gif?partner_id=1223344
cache-control: max-age=3600
expires: Thu, 22 Sep 2022 05:23:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qkg3%2FXPo381YdngPJaQLSe9O0OjPqYukCHK0acLss%2Ft5vr4FWbjGYzPjgL%2B0waDrxOXfONW64K9kUk2DHnq98DUR%2BIH5d%2FUOvF2lPYD%2Bsodv%2FXt%2BtpsX16R1gRAbEoClq5s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 74e843dd3da40b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build/main.css?ver=54d2e76056851d3b806e
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build/main.css?ver=54d2e76056851d3b806e
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/advanced-responsive-video-embedder/build/main.css?ver=54d2e76056851d3b806e HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 05:07:02 GMT
vary: Accept-Encoding
etag: W/"63118f76-47a"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 05:07:20 GMT
vary: Accept-Encoding
etag: W/"63118f88-d69"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
investstable.ru/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.8.2
45.130.41.35200 OK 0 B URL HTTP/2 investstable.ru/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.8.2
IP 45.130.41.35:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.8.2 HTTP/1.1
Host: investstable.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Thu, 22 Sep 2022 04:23:24 GMT
content-type: application/x-javascript
last-modified: Fri, 02 Sep 2022 05:07:31 GMT
vary: Accept-Encoding
etag: W/"63118f93-2e7a"
expires: Thu, 29 Sep 2022 04:23:24 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2