{"report_id":"86d65ad0-be3b-4c67-ac48-d56f1f03c3e1","version":6,"status":"done","tags":[],"date":"2025-07-28T19:59:05Z","url":{"schema":"http","addr":"katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk","fqdn":"katecrochetvanity.com","domain":"katecrochetvanity.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"final":{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"title":"Taonga: the Island Farm"},"submit":{"url":{"schema":"http","addr":"katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk","fqdn":"katecrochetvanity.com","domain":"katecrochetvanity.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":0,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-01T19:59:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"lp.mobiletracking.ru","ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-06-18","domain_rank":0,"first_seen":"2015-09-23T14:03:58Z","last_seen":"2025-07-21T12:29:48.784969Z","alert_count":0,"request_count":1,"received_data":21774,"sent_data":439,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"katecrochetvanity.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2020-10-19","domain_rank":360187,"first_seen":"2020-11-18T14:24:16Z","last_seen":"2024-03-13T22:19:10Z","alert_count":0,"request_count":2,"received_data":18027,"sent_data":2505,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"rr.tracker.mobiletracking.ru","ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-06-18","domain_rank":483696,"first_seen":"2019-04-12T14:44:38Z","last_seen":"2025-07-28T19:10:35.16623Z","alert_count":0,"request_count":7,"received_data":311567,"sent_data":7440,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"s3t3d2y9.afcdn.net","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2022-06-27","domain_rank":0,"first_seen":"2025-05-07T19:37:13.89914Z","last_seen":"2025-07-25T04:04:29.199726Z","alert_count":0,"request_count":1,"received_data":1147481,"sent_data":572,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":81,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-07-23T16:33:02.04415Z","alert_count":0,"request_count":6,"received_data":13608,"sent_data":3840,"comment":"","tags":null,"fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":0,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-07-25T07:35:26.021239Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":474,"comment":"","tags":null,"fingerprints":null},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":9054,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-07-24T17:44:11.468093Z","alert_count":0,"request_count":1,"received_data":851,"sent_data":472,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk","fqdn":"katecrochetvanity.com","domain":"katecrochetvanity.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":true,"md5":"5173932ec30cbe615d92fa9b76741414","sha1":"3021e97097a0ad5b8b3dcecffc3ccfe15b8c1470","sha256":"bc695c69c5264e4e5ddb1c62d4be8dfd977a04564ff29a61419f848ad4fbe259","sha512":"e6da2c89d17cdd0e2aa1d1d624d4f025df4a3099fa6b8a10d5749ee1ae262167e634c28d3b7bb2a9bf90349d1b0dd4852c58f4e57b84fe12f43917a958391506","ssdeep":"96:Lq+38MnVeSa+Ab2z+nZ12JT/fIuVfsmwmPIHIboIgyEc8xMiPPOMy4:Xtn3a3K6r2JT/fTV0Jkc6oBc8WiP2V4","tlshash":"6a9141a53434387901790907d6efb36536324e1bba523060916c5ab82d2decbb635fdf","size":4381,"data":"","first_seen":"2025-07-28T19:59:08.349412Z","last_seen":"2025-07-28T19:59:08.349412Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"f524701ccfc0f5c2764ea6f87153ee3b","sha1":"b9ed63f6de7bffae8d4e307bfdec913c97216ae7","sha256":"27ab38dc6501499cf62dc9e400458a05dcaf6916964192d966ecf4686718fc09","sha512":"848ef6c1a8e442445d3d5e5a5a2ca89325967f9780bdf3e0cf4cf11f90db615ee7c6866957711d1f204113d27863e6ebc013e1bf7854b1a9e56f93db9e15bb27","ssdeep":"96:beAekmWofoM5TY3tY+cWGo9KnUeU1XLs1PFztz7dgRmY5/srj4nO3PL2Sfn2ZW:gegK7odel5OX3PiSfn2ZW","tlshash":"a3d162dd27bae64299d87072000d6630f56709a3010daeb03ebe11149f8b12fa7b46bb","size":6487,"data":"","first_seen":"2025-07-18T23:29:18.677486Z","last_seen":"2025-08-21T20:27:18.343962Z","times_seen":166,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f7e0cb48ff6bbf2983a212f54550b74","sha1":"799a404f0438556512c2f7c020342aff9affbba2","sha256":"d458fc925d51b200e3f68f30cd9bb8f8fc8547ce54b2ce4d5796e389f31f298e","sha512":"7859295beb82a31d73679038eb4fbc57e011e64a1c518fae70d1b78f51616535937c468bd4880293532a5b3982b6514208834889682e321aa3d21a7bb13b4fd9","ssdeep":"","tlshash":"a78000a00cb30828832202a38208a2c82c8e8832028882083c0a23838ec828020a0222","size":32,"data":"","first_seen":"2025-07-28T19:59:08.353034Z","last_seen":"2025-07-28T19:59:08.353034Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lp.mobiletracking.ru/jquery.js","fqdn":"lp.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"57bc631e1aa406b7b5948a2aac44f587","sha1":"4b46c055188d07b32c17691f55eb178dd8e0194b","sha256":"87825926c41096efe3f233e35ff25e487b9b586839d6e3474649a4a5dc6c0d9b","sha512":"b62d52cbbd3748a7d67afc4383c1459da159c1bfae7c04bb5b28064db36cc9bf4f7a2b296117fa529c57be8a826b67e14021d48ea8cdec76b6e2212bb8c2db3a","ssdeep":"384:TXB8NMPWlNZZtOrJj9Yph3Fk41KD4n56aSgifZFn1WmkQ/b8JxAk/ShiqyhZ1Rk2:TXBdPWB/3FkGn5YgifZFn1WmkQ/b8XAq","tlshash":"75a2c79b1266263769b232b19f077544f5778239a305d49037ad83603fb0c69327aefe","size":21449,"data":"","first_seen":"2025-07-18T23:29:18.659052Z","last_seen":"2025-08-07T01:18:32.266997Z","times_seen":94,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"e1feabbd6bca24de45588bc7f53cf972","sha1":"0c16d9511f1833f13b24fed38d6f8da907006b02","sha256":"55bb2e74a6f3065554a1f0a33919d939bb218353f28a3c742d1f618ddcb88e71","sha512":"a14e3601d2ce9fa387d0a94faaa9ecadb8e8dc8e6ac4ff194a4b2cd6c9b4824dab3413f777de805f9a8bab6d6fb9547196138d9ed966494ab45ed6c5d6325498","ssdeep":"","tlshash":"bf900410f474c7015c0351c4d4d5f7710010130c170055151dd43c55f347f741304144","size":42,"data":"","first_seen":"2025-06-24T11:52:20.715325Z","last_seen":"2025-08-20T04:25:16.459225Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/lander/games-taongafarms/preview-poster.jpg","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /lander/games-taongafarms/preview-poster.jpg HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-09T15:23:20.351783Z","times_seen":506533,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y9.afcdn.net/library/254774/2b2de9b22a32e002a71c0eb8684a7ac33a176e05.mp4","fqdn":"s3t3d2y9.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Jun 2025 13:12:21 GMT","end":"Sun, 28 Sep 2025 13:12:20 GMT"},"fingerprint":{"sha1":"86:FB:BA:4A:B6:BF:EC:BB:C9:E5:96:9C:6A:B2:8C:F6:67:7D:11:18","sha256":"0E:D1:2C:2E:A2:B0:0A:42:25:63:5F:7A:DA:F6:F6:CE:73:D9:D9:DF:0A:BB:A5:1C:F9:F0:9E:16:D9:B4:C5:43"}}},"request":{"raw":"GET /library/254774/2b2de9b22a32e002a71c0eb8684a7ac33a176e05.mp4 HTTP/1.1\r\nHost: s3t3d2y9.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":392,"data":"{\"dt\":4967,\"e\":[{\"dt\":4526,\"f\":{\"_brandId\":\"wix\",\"_siteBranchId\":\"87182b5c-9a5c-4ee2-b947-ee7eab325c7a\",\"_ms\":14933,\"_hostingPlatform\":\"VIEWER\",\"src\":72,\"evid\":182,\"platform\":\"viewer\",\"msid\":\"f2b8fb88-cef8-4e0b-8404-e66dd745d35b\",\"vsi\":\"93de5ec6-8777-4ed5-9972-fd8c2d1e4e60\",\"sessionId\":\"c7118923-dcd5-4178-9551-037571a037bf\",\"_isca\":0,\"_iscf\":0,\"_ispd\":0,\"_ise\":1}}],\"g\":{\"_lv\":\"2.0.985|C\"}}"}},"response":{"raw":"HTTP/2 206 Partial Content\r\ndate: Mon, 28 Jul 2025 19:58:44 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 1165726\r\nlast-modified: Thu, 17 Jul 2025 17:05:11 GMT\r\netag: \"68792d47-11c99e\"\r\nexpires: Fri, 17 Jul 2026 17:17:20 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap02-sec01-prg1-1\r\nx-77-nzt: EwwBX63NDQH3MJoOAAwBuUwKAQH3DgUAAAwBJRPCNAG3FgcAAA\r\nx-77-nzt-ray: 2a494a15f32d59d399d68768a8fe941c\r\nx-77-cache: HIT\r\nx-77-age: 956976\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\ncontent-range: bytes 0-1165725/1165726\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":1146880,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"8c46edeb1475fecb74957d27b50cce96","sha1":"4f533e4e9def50c2994105bf2b2dabfd2b54d699","sha256":"e6511c3d9af88bde3a8e8ee7db2ea39960013620410902de8bcd22b9519e9bde","sha512":"dbc48f18f7c7574fa9df739ab27da99bcfaf26f533366d1bed66f1f797addff41ba21befb45c12c31777c7788dbcdbfd2d7f3fe6206f31f0864e917b9b880bf5","ssdeep":"24576:G658zCoBLyJAp/f6YdY9z4rDb8cFeDYlFRWy:GLz5BeJApnRLrDQcYD0FT","tlshash":"1e2533dfa2467d27a22630fadd58e992ea71892b6120a7f3d2ce8d5418cf1d40371ddc","first_seen":"2025-07-27T12:29:47.540538Z","last_seen":"2026-03-08T18:46:14.968481Z","times_seen":157,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":58,"dns":39,"connect":1,"send":0,"wait":1,"receive":105,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:02 GMT","end":"Mon, 29 Sep 2025 08:36:01 GMT"},"fingerprint":{"sha1":"9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2","sha256":"F5:34:5B:3F:BA:F6:D9:4A:41:BE:89:61:26:E3:BF:CB:6E:C4:A8:5A:6F:4D:31:34:70:B7:7F:8D:9A:52:4F:DC"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:Dh2e2CJjaXddjl0oncmSmO8VrfuUhA:NW-KMTAV3Sr-q1_S; Expires=Wed, 28-Jul-2027 19:58:45 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:45 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AdBytiNCBJBCA_E8a7oTfertlvQ5thAWArm9e0ZmLIZATLHV6qogdCoz6wQAdku7P7KqcQWPEXAu\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-BcDUEPrr4lrFr-Xw6kLpqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: unsafe-none\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":372,"timings":{"blocked":167,"dns":0,"connect":18,"send":0,"wait":23,"receive":0,"ssl":160},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/favicon.ico","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-09T15:23:20.351783Z","times_seen":506533,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiNgkgUoSvkyEuGun3_2e6Fv3xBLdXNS7yMBAlNCfKJxjVdMfbwKDScc_bWplgz-ldXXA9gC\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S939677447%3A1753732725106328","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:45.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:14 GMT","end":"Mon, 29 Sep 2025 08:34:13 GMT"},"fingerprint":{"sha1":"60:9F:41:D7:83:68:5E:64:22:9D:7C:5E:2D:7B:C9:C5:07:DA:C6:D8","sha256":"15:AD:BB:67:D8:C1:39:D9:7F:BB:38:1B:80:A4:86:52:0C:B5:D9:D1:D3:CB:E8:0D:26:C9:EC:B4:D7:51:81:FB"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiNgkgUoSvkyEuGun3_2e6Fv3xBLdXNS7yMBAlNCfKJxjVdMfbwKDScc_bWplgz-ldXXA9gC\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S939677447%3A1753732725106328 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:45 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-mcUSKtgzSCoAtVUO1LHmfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.4ikenfs4_uY.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk","date":"2025-07-28T19:58:43.701Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://katecrochetvanity.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://katecrochetvanity.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Jun 2025 12:11:05 GMT","end":"Sun, 28 Sep 2025 13:11:03 GMT"},"fingerprint":{"sha1":"89:E0:23:FC:5B:0F:07:0F:7E:EC:B8:4F:B5:1D:3B:1F:6B:5C:22:0B","sha256":"66:DE:FF:43:09:A3:D6:B0:70:4E:47:82:C8:66:35:42:25:2E:23:CA:5A:1A:CF:A3:1E:23:A0:0E:D3:E3:95:95"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nOrigin: https://rr.tracker.mobiletracking.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 28 Jul 2025 19:58:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: https://rr.tracker.mobiletracking.ru\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=080214d2f92a40f4efb0bb15b8852633; expires=Tue, 28 Jul 2026 19:58:44 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9666f3fa0fd2b500-OSL\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a2925f38f56ebe6bf43fc86e73f0e3eb","sha1":"3530ea1b7efe3ba46cdbb658ac29900a638ada97","sha256":"07515bea41da4d6a9a7dfad23d412977ffe285c2fe2b59b3627e24f430995df6","sha512":"9ae81a230daa8acb6cafac0cdbfbb9660484c688054e3d3a1f02349b511f3c92dda1152ea1a111634ef6d00b2e222e290fe1d3f329b4acfe2891d24feb373825","ssdeep":"","tlshash":"49a022a202bc2ac8000cb03e3a8ecb83880202000c02830b03e0c08220cbb0e0bc3b82","first_seen":"2025-07-28T19:59:08.337455Z","last_seen":"2025-07-28T19:59:08.337455Z","times_seen":1,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":48,"dns":20,"connect":1,"send":0,"wait":37,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026sub_id_16=080214d2f92a40f4efb0bb15b8852633","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026sub_id_16=080214d2f92a40f4efb0bb15b8852633 HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: Mon, 28 Jul 2025 19:58:44 GMT\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiPkGVFB_EPc0CLxajdrmxnnb57xG25TzA8M4yhI45KYSVNzfCRQ1o1MG6B-dfDkqG7D1GdS\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S657685803%3A1753732725033530","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:45.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:02 GMT","end":"Mon, 29 Sep 2025 08:36:01 GMT"},"fingerprint":{"sha1":"9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2","sha256":"F5:34:5B:3F:BA:F6:D9:4A:41:BE:89:61:26:E3:BF:CB:6E:C4:A8:5A:6F:4D:31:34:70:B7:7F:8D:9A:52:4F:DC"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiPkGVFB_EPc0CLxajdrmxnnb57xG25TzA8M4yhI45KYSVNzfCRQ1o1MG6B-dfDkqG7D1GdS\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S657685803%3A1753732725033530 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:45 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-GIcxza1TSKImEP8yD4a1UQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.4ikenfs4_uY.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-07-28T19:58:43.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4= HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://katecrochetvanity.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nContent-Encoding: gzip\r\nExpires: Mon, 28 Jul 2025 19:58:44 GMT\r\nSet-Cookie: _subid=jlg3pmkm37rj; expires=Thu, 28 Aug 2025 19:58:44 GMT; path=/\n4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; expires=Tue, 29 Jul 2025 19:58:44 GMT; path=/\n_token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056; expires=Thu, 28 Aug 2025 19:58:44 GMT; path=/\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":10401,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"804b0857d6bac659b322540629de5cfd","sha1":"52dcae55b8500839185506a3e9641de04fbc2141","sha256":"87b856223159eed0ed88c6a09f3eacf5d91182a2d1b220d6f9d678775bd4f4a7","sha512":"bae7dcaef0db142039bf0a312260ce274e9b9c08b650cfd2867d55bc3c8e801646a7ec4d33392081badec80c26e8e54d5c37192501044842b291f6634662e771","ssdeep":"192:FEGEYSysszMbYXyJ+AiegK7odel5OX3PiSfn2ZlGu:FECegK7o45H+u","tlshash":"a822e8cd27b7d146988460750a4d6320b6674853420dee743eaf1144cf8f26e6bf63af","first_seen":"2025-07-28T19:59:08.338659Z","last_seen":"2025-07-28T19:59:08.338659Z","times_seen":1,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":122,"dns":19,"connect":46,"send":0,"wait":73,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lp.mobiletracking.ru/jquery.js","fqdn":"lp.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lp.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Jun 2025 21:29:26 GMT","end":"Wed, 10 Sep 2025 21:29:25 GMT"},"fingerprint":{"sha1":"9A:5D:E8:7F:13:96:52:17:CA:58:18:55:07:B0:AA:6B:84:32:2E:0C","sha256":"6C:9D:66:8E:53:6B:9A:AD:AB:05:63:D4:C2:59:B0:B4:15:ED:BB:76:0E:64:20:96:D9:F6:19:70:7C:0E:2A:02"}}},"request":{"raw":"GET /jquery.js HTTP/1.1\r\nHost: lp.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":533,"data":"{\"messages\":[{\"fullArtifactId\":\"com.wixpress.html-client.wix-thunderbolt\",\"componentId\":\"thunderbolt\",\"platform\":\"viewer\",\"msid\":\"f2b8fb88-cef8-4e0b-8404-e66dd745d35b\",\"sessionId\":\"93de5ec6-8777-4ed5-9972-fd8c2d1e4e60\",\"sessionTime\":1469,\"logLevel\":\"INFO\",\"message\":\"PANORAMA_COMPONENT_LOAD START\",\"transactionName\":\"PANORAMA_COMPONENT_LOAD\",\"transactionAction\":\"START\",\"isSsr\":false,\"dataCenter\":\"ireland-pub\",\"isCached\":false,\"isRollout\":true,\"isHeadless\":false,\"isDacRollout\":false,\"isSavRollout\":false,\"isCompanyNetwork\":false}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 12 Jul 2025 20:07:54 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"6872c09a-53c9\"\r\nExpires: Mon, 28 Jul 2025 20:58:44 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21449,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6476), with CRLF line terminators","md5":"57bc631e1aa406b7b5948a2aac44f587","sha1":"4b46c055188d07b32c17691f55eb178dd8e0194b","sha256":"87825926c41096efe3f233e35ff25e487b9b586839d6e3474649a4a5dc6c0d9b","sha512":"b62d52cbbd3748a7d67afc4383c1459da159c1bfae7c04bb5b28064db36cc9bf4f7a2b296117fa529c57be8a826b67e14021d48ea8cdec76b6e2212bb8c2db3a","ssdeep":"384:TXB8NMPWlNZZtOrJj9Yph3Fk41KD4n56aSgifZFn1WmkQ/b8JxAk/ShiqyhZ1Rk2:TXBdPWB/3FkGn5YgifZFn1WmkQ/b8XAq","tlshash":"75a2c79b1266263769b232b19f077544f5778239a305d49037ad83603fb0c69327aefe","first_seen":"2025-07-18T23:29:18.659052Z","last_seen":"2025-08-07T01:18:32.266997Z","times_seen":94,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":131,"dns":23,"connect":46,"send":0,"wait":109,"receive":1,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/lander/games-taongafarms/bg.jpg","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /lander/games-taongafarms/bg.jpg HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 298662\r\nLast-Modified: Thu, 17 Jul 2025 17:20:10 GMT\r\nConnection: keep-alive\r\nETag: \"687930ca-48ea6\"\r\nExpires: Thu, 07 Aug 2025 19:58:44 GMT\r\nCache-Control: max-age=864000\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298662,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3","md5":"87ef26cc7369887768c06707aff053a5","sha1":"332fe256e50ae94c10ad507d7309aef882f91641","sha256":"19315019f79a0ea4c2b475b17b8d453f8f607bdcfd73e92042ba434c99f78ffc","sha512":"bcd2bd05364324a96e902ba327315908dfe1258879f50c99e5353564fd82ddb1e74de8c24d07d77886dded3a1ac1c81292a968a9fde700a0bcdfdfef6cb18384","ssdeep":"6144:1P8xnvCeAQ009/sauwDNCoN6Jo+x83UJiTycL10xsgi:1PqCeAGRuwD8vo++3UJKGSgi","tlshash":"275423ece3549f3a9b045fee1f6e5850ae029485a4c3a85f6094cba1b1d91d03773b3e","first_seen":"2025-07-18T23:29:18.675237Z","last_seen":"2026-03-08T18:46:14.975687Z","times_seen":171,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":41,"dns":0,"connect":0,"send":0,"wait":46,"receive":202,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:02 GMT","end":"Mon, 29 Sep 2025 08:36:01 GMT"},"fingerprint":{"sha1":"9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2","sha256":"F5:34:5B:3F:BA:F6:D9:4A:41:BE:89:61:26:E3:BF:CB:6E:C4:A8:5A:6F:4D:31:34:70:B7:7F:8D:9A:52:4F:DC"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:yCrdKAlkeSnlNGRRQSpUEIJvtF7xcg:lsZ3NC0CZGPZCt6r; Expires=Wed, 28-Jul-2027 19:58:44 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:44 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AdBytiNYPVzNXmMWHbQBxj5PbizNK9eB0a_K4aPqNvY9IYdt5UjjUAEgMVdLeCr0zuiskckNjh1rWw\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-fb5kF-ow7rPBCPlYKAiasQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-opener-policy: unsafe-none\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-resource-policy: cross-origin\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":228,"timings":{"blocked":96,"dns":0,"connect":16,"send":0,"wait":21,"receive":1,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AdBytiNCBJBCA_E8a7oTfertlvQ5thAWArm9e0ZmLIZATLHV6qogdCoz6wQAdku7P7KqcQWPEXAu","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:45.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:02 GMT","end":"Mon, 29 Sep 2025 08:36:01 GMT"},"fingerprint":{"sha1":"9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2","sha256":"F5:34:5B:3F:BA:F6:D9:4A:41:BE:89:61:26:E3:BF:CB:6E:C4:A8:5A:6F:4D:31:34:70:B7:7F:8D:9A:52:4F:DC"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AdBytiNCBJBCA_E8a7oTfertlvQ5thAWArm9e0ZmLIZATLHV6qogdCoz6wQAdku7P7KqcQWPEXAu HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:91G58sb0dggYyuzPFL0POAz5e6VZ1g:NhFwbjzba1O8KuL9;Path=/;Expires=Wed, 28-Jul-2027 19:58:45 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:45 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiNgkgUoSvkyEuGun3_2e6Fv3xBLdXNS7yMBAlNCfKJxjVdMfbwKDScc_bWplgz-ldXXA9gC\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S939677447%3A1753732725106328\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-security-policy: script-src 'nonce--qFBgoZJc3mITK-27jVeaQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 416\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk","fqdn":"katecrochetvanity.com","domain":"katecrochetvanity.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-07-28T19:58:42.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.katecrochetvanity.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 27 Jul 2025 21:02:53 GMT","end":"Sat, 25 Oct 2025 21:02:52 GMT"},"fingerprint":{"sha1":"3E:2A:0F:36:FF:57:CB:43:09:80:2E:69:F9:60:CC:8B:24:3E:EE:81","sha256":"DB:3D:68:8D:BB:3C:F4:8F:8F:8C:D1:6F:0A:C4:01:9F:48:DD:38:13:A1:9A:EF:3C:7D:55:51:C4:85:12:86:45"}}},"request":{"raw":"GET /api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MTQ4NDQxNDk HTTP/1.1\r\nHost: katecrochetvanity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 28 Jul 2025 19:58:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNTU0MzM4NiwiayI6IjEwYWZhZWMzNTQwNGZmZDVlZGJhZDAxMzFiYjM4ZWU2Iiwic2lkIjoiMTQ4NDQxNDkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjEwMzczOCwicGlkIjo4MzMyMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyOCwicHQiOjQsInBrIjoicHlza2hqdzkyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.WOBpIf0tpS-zYtRJd3spa4T7IZmNXwk47VKOHHa04z0; expires=Mon, 28 Jul 2025 19:59:43 GMT; path=/\r\nHost: katecrochetvanity.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d9b62130483e0e5df2cb8a13ca4cff1f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4527,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (4526)","md5":"944859f67feeecad1c5071e93aa92a94","sha1":"1bf8fd576cd553ecf0bbff3e006cb64a6d290531","sha256":"575108c16fb892c61cd59fb5afa0ab81a314205e271e14fa33fb495574f16c9e","sha512":"8d230eaedb83c40f6a1ad0bca32913892598e7b77edd058fafcf975e3d7623e42d23f14a28495241bc9d8dfef5707671a8142bda469c19a0f97a98c28352b1a8","ssdeep":"96:z90q+38MnVeSa+Ab2z+nZ12JT/fIuVfsmwmPIHIboIgyEc8xMiPPOMyP:stn3a3K6r2JT/fTV0Jkc6oBc8WiP2VP","tlshash":"269163a13434287501790907e6efb36536324e1bba523060916c4ab82d2decba635fdb","first_seen":"2025-07-28T19:59:08.346457Z","last_seen":"2025-07-28T19:59:08.346457Z","times_seen":1,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":309,"dns":18,"connect":92,"send":0,"wait":96,"receive":1,"ssl":197},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZwc3Q9MTc1MzczMjc4MyZybXRjPXQmc2h1PWIwMjI2ZmU5ZDEwYzBhNDEzYjg2Zjc4M2EwNjJmNzhhOGM2OGUzNGZhZTdhOTM4MTg1NDJiMjk5ZDAzMmUwMmMwZTViNDM5MjdjNDBhYTU2MTc5OGIzYWNjOTJlNmQzZjE4ZTVlNDNhMTRkN2EzMjZkYWJkMTViYTEwNmQ5MDkxMThmZWYxNDM3MDQ4MzllNTNmNzQ0NTMwZmUxNmFjNzNjYjk1MzQyNWRlZGU0YWM1MzBmZWNmJnN1Ym1ldHJpYz0xNDg0NDE0OSZwaWk9JmluPSZ1dWlkPQ","fqdn":"katecrochetvanity.com","domain":"katecrochetvanity.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-07-28T19:58:43.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.katecrochetvanity.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 27 Jul 2025 21:02:53 GMT","end":"Sat, 25 Oct 2025 21:02:52 GMT"},"fingerprint":{"sha1":"3E:2A:0F:36:FF:57:CB:43:09:80:2E:69:F9:60:CC:8B:24:3E:EE:81","sha256":"DB:3D:68:8D:BB:3C:F4:8F:8F:8C:D1:6F:0A:C4:01:9F:48:DD:38:13:A1:9A:EF:3C:7D:55:51:C4:85:12:86:45"}}},"request":{"raw":"GET /api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZwc3Q9MTc1MzczMjc4MyZybXRjPXQmc2h1PWIwMjI2ZmU5ZDEwYzBhNDEzYjg2Zjc4M2EwNjJmNzhhOGM2OGUzNGZhZTdhOTM4MTg1NDJiMjk5ZDAzMmUwMmMwZTViNDM5MjdjNDBhYTU2MTc5OGIzYWNjOTJlNmQzZjE4ZTVlNDNhMTRkN2EzMjZkYWJkMTViYTEwNmQ5MDkxMThmZWYxNDM3MDQ4MzllNTNmNzQ0NTMwZmUxNmFjNzNjYjk1MzQyNWRlZGU0YWM1MzBmZWNmJnN1Ym1ldHJpYz0xNDg0NDE0OSZwaWk9JmluPSZ1dWlkPQ HTTP/1.1\r\nHost: katecrochetvanity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://katecrochetvanity.com/api/users?token=L2Y2eXo0NTlyP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MjU1NDMzODY\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNTU0MzM4NiwiayI6IjEwYWZhZWMzNTQwNGZmZDVlZGJhZDAxMzFiYjM4ZWU2Iiwic2lkIjoiMTQ4NDQxNDkiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjEwMzczOCwicGlkIjo4MzMyMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyOCwicHQiOjQsInBrIjoicHlza2hqdzkyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.WOBpIf0tpS-zYtRJd3spa4T7IZmNXwk47VKOHHa04z0; cjs=t\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.19.5\r\nDate: Mon, 28 Jul 2025 19:58:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nLocation: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nSet-Cookie: pdhtkv=true; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\nuncs=1; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\npdhtkv28=true; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\nuncs28=1; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\nu_pl25543386=1; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\niprc_c+b24db372cd50eecbb81dc147563f86c0=1271357; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\niprc_c:1271357=1; expires=Tue, 29 Jul 2025 19:58:43 GMT; path=/\r\nHost: katecrochetvanity.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6057aeb5a92fec78047857643cc5885c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10401,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026sub_id_9=iframe_false\u0026sub_id_10=1280x1024\u0026sub_id_11=+0000\u0026sub_id_12=llvmpipe\u0026sub_id_13=Win32\u0026sub_id_14=48\u0026sub_id_15=undefined\u0026extra_param_9=0","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026sub_id_9=iframe_false\u0026sub_id_10=1280x1024\u0026sub_id_11=+0000\u0026sub_id_12=llvmpipe\u0026sub_id_13=Win32\u0026sub_id_14=48\u0026sub_id_15=undefined\u0026extra_param_9=0 HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: Mon, 28 Jul 2025 19:58:44 GMT\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rr.tracker.mobiletracking.ru/bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026extra_param_5={%22languages%22:[%22en-US%22,%22en%22],%22cookieEnabled%22:true,%22screenWidth%22:1280,%22screenHeight%22:1024,%22colorDepth%22:24,%22pixelRatio%22:1,%22innerWidth%22:1280,%22innerHeight%22:1024,%22cookieCount%22:3,%22localStorageAvailable%22:true,%22sessionStorageAvailable%22:true,%22sessionStorageKeys%22:[],%22sessionStorageLength%22:0,%22pluginsLength%22:5,%22mimeTypesLength%22:2,%22plugins%22:[%22PDF%20Viewer%22,%22Chrome%20PDF%20Viewer%22,%22Chromium%20PDF%20Viewer%22,%22Microsoft%20Edge%20PDF%20Viewer%22,%22WebKit%20built-in%20PDF%22],%22mimeTypes%22:[%22application/pdf%22,%22text/pdf%22],%22timeZone%22:%22UTC%22}","fqdn":"rr.tracker.mobiletracking.ru","domain":"mobiletracking.ru","tld":"ru"},"ip":{"addr":"94.130.70.44","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:44.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rr.tracker.mobiletracking.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 08:35:13 GMT","end":"Fri, 24 Oct 2025 08:35:12 GMT"},"fingerprint":{"sha1":"2B:2A:35:C7:92:C0:75:49:E7:4C:C2:45:8D:3E:EC:31:29:3D:AB:02","sha256":"E3:FF:57:20:D8:50:1C:0F:D5:AE:6F:06:96:96:47:B9:50:BC:03:39:92:28:67:D0:0A:CC:2C:C6:41:35:45:05"}}},"request":{"raw":"GET /bg4jscsN?sub_id=jlg3pmkm37rj\u0026_update_tokens=1\u0026extra_param_5={%22languages%22:[%22en-US%22,%22en%22],%22cookieEnabled%22:true,%22screenWidth%22:1280,%22screenHeight%22:1024,%22colorDepth%22:24,%22pixelRatio%22:1,%22innerWidth%22:1280,%22innerHeight%22:1024,%22cookieCount%22:3,%22localStorageAvailable%22:true,%22sessionStorageAvailable%22:true,%22sessionStorageKeys%22:[],%22sessionStorageLength%22:0,%22pluginsLength%22:5,%22mimeTypesLength%22:2,%22plugins%22:[%22PDF%20Viewer%22,%22Chrome%20PDF%20Viewer%22,%22Chromium%20PDF%20Viewer%22,%22Microsoft%20Edge%20PDF%20Viewer%22,%22WebKit%20built-in%20PDF%22],%22mimeTypes%22:[%22application/pdf%22,%22text/pdf%22],%22timeZone%22:%22UTC%22} HTTP/1.1\r\nHost: rr.tracker.mobiletracking.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=\r\nCookie: _subid=jlg3pmkm37rj; 4604d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjc2MjVcIjoxNzUzNzMyNzI0fSxcImNhbXBhaWduc1wiOntcIjQ0MjFcIjoxNzUzNzMyNzI0fSxcInRpbWVcIjoxNzUzNzMyNzI0fSJ9.ZbPzHSfUTMVuHoSlfj0IdlYvoHG2RxpamUw1z7EUrv4; _token=uuid_jlg3pmkm37rj_jlg3pmkm37rj6887d67428a169.85245056\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 28 Jul 2025 19:58:44 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: Mon, 28 Jul 2025 19:58:44 GMT\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AdBytiNYPVzNXmMWHbQBxj5PbizNK9eB0a_K4aPqNvY9IYdt5UjjUAEgMVdLeCr0zuiskckNjh1rWw","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rr.tracker.mobiletracking.ru/bg4jscsN?cost=0.000650\u0026external_id=55b060b66c83e7bd63371c6ac347e049\u0026creative_id=25543386\u0026ad_campaign_id=1271357\u0026sub_id_1=83320\u0026sub_id_2=103738\u0026sub_id_3=Firefox\u0026sub_id_4=","date":"2025-07-28T19:58:45.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:36:02 GMT","end":"Mon, 29 Sep 2025 08:36:01 GMT"},"fingerprint":{"sha1":"9B:4C:3E:7D:75:3A:C6:33:33:2F:71:BC:DD:98:50:A8:D7:93:6D:D2","sha256":"F5:34:5B:3F:BA:F6:D9:4A:41:BE:89:61:26:E3:BF:CB:6E:C4:A8:5A:6F:4D:31:34:70:B7:7F:8D:9A:52:4F:DC"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AdBytiNYPVzNXmMWHbQBxj5PbizNK9eB0a_K4aPqNvY9IYdt5UjjUAEgMVdLeCr0zuiskckNjh1rWw HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rr.tracker.mobiletracking.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:QkiTq8O8nBqLnH_McnX5kiqHawJ0lA:VEjRFFZezmzCjJa6;Path=/;Expires=Wed, 28-Jul-2027 19:58:45 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Mon, 28 Jul 2025 19:58:45 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AdBytiPkGVFB_EPc0CLxajdrmxnnb57xG25TzA8M4yhI45KYSVNzfCRQ1o1MG6B-dfDkqG7D1GdS\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S657685803%3A1753732725033530\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\ncontent-security-policy: script-src 'nonce-iaruUrax1OQsBjMnl3urlQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 414\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}